Secrover

dockerfile.security.missing-user-entrypoint.missing-user-entrypoint — By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
File: Dockerfile:64, Severity: Moderate

python.lang.security.audit.insecure-transport.requests.request-with-http.request-with-http — Detected a request using 'http://'. This request will be unencrypted, and attackers could listen into traffic on the network and be able to obtain sensitive information. Use 'https://' instead.
File: secrover/audits/domains.py:15, Severity: Moderate

python.flask.security.xss.audit.direct-use-of-jinja2.direct-use-of-jinja2 — Detected direct use of jinja2. If not done properly, this may bypass HTML escaping which opens up the application to cross-site scripting (XSS) vulnerabilities. Prefer using the Flask method 'render_template()' and templates with a '.html' extension in order to prevent XSS.
File: secrover/report.py:14, Severity: Moderate

python.flask.security.xss.audit.direct-use-of-jinja2.direct-use-of-jinja2 — Detected direct use of jinja2. If not done properly, this may bypass HTML escaping which opens up the application to cross-site scripting (XSS) vulnerabilities. Prefer using the Flask method 'render_template()' and templates with a '.html' extension in order to prevent XSS.
File: secrover/report.py:25, Severity: Moderate

📝 Code Report

secrover.org