SAST Report - eizen-abb-edge

HIGH Bandit Starting a process with a shell, possible injection detected, security issue.

/home/eizen-7/jenkins/workspace/new-scan/./src/utils/resource_monitor.py:628

627 # Clear screen (works on most terminals) 628 os.system('clear' if os.name == 'posix' else 'cls') 629 self.print_current()

MEDIUM Bandit Possible binding to all interfaces.

/home/eizen-7/jenkins/workspace/new-scan/./src/api/edge_api.py:230

229 session_manager: SessionManager, 230 host: str = '0.0.0.0', 231 port: int = 8080, 232 device_id: str = "unknown" 233 ): 234 """ 235 Initialize API server.

MEDIUM Bandit Possible binding to all interfaces.

/home/eizen-7/jenkins/workspace/new-scan/./src/config/constants.py:37

36 # API defaults 37 DEFAULT_API_HOST: str = "0.0.0.0" 38 DEFAULT_API_PORT: int = 8080

MEDIUM Bandit Possible binding to all interfaces.

/home/eizen-7/jenkins/workspace/new-scan/./src/core/env_config_loader.py:105

104 "api_configuration": { 105 "host": self._get_env("API_HOST", "0.0.0.0"), 106 "port": self._get_env_int("API_PORT", 8097),

MEDIUM Bandit Chmod setting a permissive mask 0o755 on file (output_dir).

/home/eizen-7/jenkins/workspace/new-scan/./src/core/processor.py:275

274 try: 275 os.chmod(output_dir, 0o755) 276 except OSError:

MEDIUM Bandit Possible binding to all interfaces.

/home/eizen-7/jenkins/workspace/new-scan/./src/main.py:200

199 # API configuration 200 self.api_host: str = "0.0.0.0" 201 self.api_port: int = 8080

MEDIUM Bandit Possible binding to all interfaces.

/home/eizen-7/jenkins/workspace/new-scan/./src/main.py:310

309 api_config = device_details.get('api_configuration', {}) 310 self.api_host = api_config.get('host', '0.0.0.0') 311 self.api_port = int(api_config.get('port', 8097))

MEDIUM Bandit Call to requests without timeout

/home/eizen-7/jenkins/workspace/new-scan/./src/main.py:1082

1081 1082 response = requests.get(model_path, headers=headers, stream=True) 1083 response.raise_for_status()

MEDIUM Bandit Probable insecure usage of temp file/directory.

/home/eizen-7/jenkins/workspace/new-scan/./src/services/dms_frame_saver.py:64

63 self.local_cache_path = local_cache_path or os.environ.get( 64 "DMS_LOCAL_CACHE", "/tmp/dms_frame_cache" 65 ) 66 Path(self.local_cache_path).mkdir(parents=True, exist_ok=True) 67

MEDIUM Bandit Use of possibly insecure function - consider using safer ast.literal_eval.

/home/eizen-7/jenkins/workspace/new-scan/./src/sop/node_executor.py:385

384 # Simple evaluation for numeric comparisons 385 cond_result = eval(condition, {"__builtins__": {}}, eval_context) 386 if cond_result:

MEDIUM Bandit Probable insecure usage of temp file/directory.

/home/eizen-7/jenkins/workspace/new-scan/./src/utils/machine_id_reader.py:336

335 ) 336 elif os.path.exists('/tmp/hostid/uuid') or os.path.exists('/tmp/hostid/serial'): 337 # Local development environment

MEDIUM Bandit Probable insecure usage of temp file/directory.

/home/eizen-7/jenkins/workspace/new-scan/./src/utils/machine_id_reader.py:336

335 ) 336 elif os.path.exists('/tmp/hostid/uuid') or os.path.exists('/tmp/hostid/serial'): 337 # Local development environment

MEDIUM Bandit Probable insecure usage of temp file/directory.

/home/eizen-7/jenkins/workspace/new-scan/./src/utils/machine_id_reader.py:339

338 _default_reader = MachineIdReader( 339 uuid_path='/tmp/hostid/uuid', 340 serial_path='/tmp/hostid/serial',

MEDIUM Bandit Probable insecure usage of temp file/directory.

/home/eizen-7/jenkins/workspace/new-scan/./src/utils/machine_id_reader.py:340

339 uuid_path='/tmp/hostid/uuid', 340 serial_path='/tmp/hostid/serial', 341 machine_id_path='/etc/machine-id',

MEDIUM Bandit Possible binding to all interfaces.

/home/eizen-7/jenkins/workspace/new-scan/./src/utils/validation.py:250

249 # Block localhost variations 250 if hostname in ('localhost', '127.0.0.1', '::1', '0.0.0.0'): 251 if not allow_private_ips:

LOW Semgrep When `--extra-index-url` is used in a `pip install` command, this is usually meant to install a pac

/home/eizen-7/jenkins/workspace/new-scan/Dockerfile:18

requires login

Security Scan Report