Example-Pkg-Your-Username-Here

Version: 22.4.8
Generated on: 2022-04-23 22:44:26+02:00

Python 3.9, Python-dateutil 2.8: Success

All tests passed with Python 3.9, Python-dateutil 2.8.

Python 3.9, Python-dateutil 2.7: Success

All tests passed with Python 3.9, Python-dateutil 2.7.

Python 3.10, Python-dateutil 2.8: Success

All tests passed with Python 3.10, Python-dateutil 2.8.

Python 3.10, Python-dateutil 2.7: Success

All tests passed with Python 3.10, Python-dateutil 2.7.

Module Statements Missing Excluded Coverage
src\pythontemplate\__init__.py 0 0 0 100.0 %
src\pythontemplate\bad_example.py 6 6 0 0.0 %
src\pythontemplate\example_module.py 2 0 0 100.0 %
Missing description: pythontemplate.bad_example

Object: pythontemplate.bad_example
File: src\pythontemplate\bad_example.py
Line: 1
The module pythontemplate.bad_example has no description.

Undocumented return value: pythontemplate.bad_example.getHash

Object: pythontemplate.bad_example.getHash
File: src\pythontemplate\bad_example.py
Line: 7
The return value of function pythontemplate.bad_example.getHash is not documented. Note that this message may also have been caused by incorrect indentation.

Undocumented parameter: password

Object: password
File: src\pythontemplate\bad_example.py
Line: 7
Parameter password of function pythontemplate.bad_example.getHash is not documented.

Documented but unused parameter: pw

Object: pw
File: src\pythontemplate\bad_example.py
Line: 7
Parameter pw of function pythontemplate.bad_example.getHash has been documented although it is not part of the function's signature. Note that this may also be a false positive caused by incorrect indentation. This means parameter documentation exceeding a single line needs to be indented by a single tab.

Active Environment
django >=3.0a1,<3.2.11

ID: 44426
Installed: 3.2
Django 2.2.26, 3.2.11 and 4.0.1 include a fix for CVE-2021-45452: Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. https://www.djangoproject.com/weblog/2022/jan/04/security-releases/

django >=3.0a1,<3.2.11

ID: 44423
Installed: 3.2
Django 2.2.26, 3.2.11 and 4.0.1 include a fix for CVE-2021-45115: An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack. https://www.djangoproject.com/weblog/2022/jan/04/security-releases/

django >=3.0a1,<3.2.11

ID: 44427
Installed: 3.2
Django 2.2.26, 3.2.11 and 4.0.1 include a fix for CVE-2021-45116: An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. https://www.djangoproject.com/weblog/2022/jan/04/security-releases/

django >=3.0a1,<3.2.12

ID: 44741
Installed: 3.2
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.

django >=3.0a1,<3.2.12

ID: 44742
Installed: 3.2
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.

django >=3.2,<3.2.5

ID: 40899
Installed: 3.2
Django versions 3.1.13 and 3.2.5 include a fix for CVE-2021-35042: Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. https://www.djangoproject.com/weblog/2021/jul/01/security-releases/ https://www.openwall.com/lists/oss-security/2021/07/02/2 https://docs.djangoproject.com/en/3.2/releases/security/ https://groups.google.com/forum/#%21forum/django-announce

django >=3.2.0a1,<3.2.4

ID: 40638
Installed: 3.2
Django 2.2.24, 3.1.12, and 3.2.4 includes a fix for CVE-2021-33571: In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+). https://www.djangoproject.com/weblog/2021/jun/02/security-releases/

django >=3.2a1,<3.2.1

ID: 40404
Installed: 3.2
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

django >=3.2a1,<3.2.10

ID: 43041
Installed: 3.2
Django versions 2.2.25, 3.1.14 and 3.2.10 include a fix for CVE-2021-44420: In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. https://www.djangoproject.com/weblog/2021/dec/07/security-releases/

django >=3.2a1,<3.2.2

ID: 40414
Installed: 3.2
Django versions 3.2.2, 3.1.10 and 2.2.22 include a fix for CVE-2021-32052: In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers. https://www.djangoproject.com/weblog/2021/may/06/security-releases

django >=3.2a1,<3.2.4

ID: 40637
Installed: 3.2
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories. https://www.djangoproject.com/weblog/2021/jun/02/security-releases

setup.cfg
No Issues.
blacklist: Consider possible security implications associated with the subprocess module.

Test ID: B404
Severity: LOW
Confidence: HIGH
File: src\pythontemplate\bad_example.py
Line(s): 2, 3
More Information: https://bandit.readthedocs.io/en/1.7.4/blacklists/blacklist_imports.html#b404-import-subprocess

blacklist: Use of insecure MD2, MD4, MD5, or SHA1 hash function.

Test ID: B303
Severity: MEDIUM
Confidence: HIGH
File: src\pythontemplate\bad_example.py
Line(s): 15
More Information: https://bandit.readthedocs.io/en/1.7.4/blacklists/blacklist_calls.html#b303-md5

src\pythontemplate\bad_example.py
'subprocess' imported but unused

Code: F401
Line: 2
Column: 1
File: src\pythontemplate\bad_example.py

'django.db.models.Model' imported but unused

Code: F401
Line: 4
Column: 1
File: src\pythontemplate\bad_example.py

src\pythontemplate\example_module.py
No Issues.
src\pythontemplate\__init__.py
No Issues.
src\pythontemplate\bad_example.py
arg-type: Argument 1 to "getHash" has incompatible type "int"; expected "str"

Line: 18
Type: Error
Code: arg-type
File: src\pythontemplate\bad_example.py