The application does not enforce HTTPS. This can lead to sensitive data being transmitted in plain text, which is vulnerable to interception and decryption by attackers.
Impact:
An attacker could intercept the traffic between the client and server and read or modify the data, potentially leading to unauthorized access or other security breaches.
Mitigation:
Enforce HTTPS using middleware. For example: `app.add_middleware(HTTPSEnforcementMiddleware)`
Line:
109
OWASP Category:
A02:2021-Cryptographic Failures
NIST 800-53:
AC-2, AC-3
CVSS Score:
7.4
Related CVE:
Pattern-based finding
Priority:
Immediate
The code does not properly validate the model path provided by the user. An attacker can provide a malicious directory path that bypasses the validation check, potentially leading to unauthorized access or data leakage.
Impact:
An attacker could exploit this vulnerability to gain unauthorized access to sensitive information stored in the system or even execute arbitrary code on the server.
Mitigation:
Ensure proper validation of user-provided inputs. Use a whitelist approach to validate that the provided model path is within an acceptable directory structure, and reject any paths that do not meet this criterion.
Line:
24-30
OWASP Category:
A01:2021 - Broken Access Control
NIST 800-53:
AC-3 - Access Enforcement
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Immediate
The code allows for the use of an arbitrary model version string which does not adhere to a strict pattern. This can be exploited by an attacker to bypass access controls and gain unauthorized access.
Impact:
An attacker could exploit this vulnerability to gain unauthorized access to restricted parts of the system, potentially leading to data leakage or further compromise.
Mitigation:
Implement stricter validation for model version strings using a regular expression that enforces a specific pattern. Validate user input against this pattern before proceeding with any operations involving file paths or access controls.
Line:
61-63
OWASP Category:
A01:2021 - Broken Access Control
NIST 800-53:
AC-3 - Access Enforcement
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Immediate
The application exposes sensitive operations without requiring authentication. An attacker can directly access these endpoints, potentially leading to unauthorized data exposure or system manipulation.
Impact:
An attacker can perform actions such as downloading sensitive files or manipulating internal state of the application without any user consent or knowledge.
Mitigation:
Ensure all sensitive operations are protected by proper authentication mechanisms. Validate user permissions before allowing access to these endpoints.
Line:
45-52
OWASP Category:
A07:2021-Authentication Failures
NIST 800-53:
AC-6
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Short-term
The application transmits sensitive information in cleartext, which can be intercepted and read by an attacker on the network.
Impact:
Sensitive data such as credentials or other confidential information could be exposed to unauthorized parties, leading to severe privacy violations or data breaches.
Mitigation:
Use HTTPS instead of HTTP for all communications. Ensure SSL/TLS is properly configured with strong ciphers and keys.
Line:
45-52
OWASP Category:
A02:2021-Cryptographic Failures
NIST 800-53:
AC-6
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Short-term
The application uses an environment variable to set the base URL for the YOLO API, but it does not validate or sanitize this input. An attacker can manipulate this value to point to a different domain, potentially leading to unauthorized access or data leakage.
Impact:
An attacker could redirect API requests to a malicious server, leading to unauthorized access to sensitive information or system compromise.
Mitigation:
Validate and sanitize the environment variable input for YOLO_API_BASE_URL before using it. Consider implementing stricter authentication mechanisms if external users can influence this setting.
Line:
10-12
OWASP Category:
A05:2021-Security Misconfiguration
NIST 800-53:
AC-6, CM-6
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Immediate
The application uses a hardcoded API key in the request headers. This makes it susceptible to theft via simple code inspection and could be used without authorization.
Impact:
An attacker with access to the deployed application can easily use this API key for unauthorized requests, potentially leading to data leakage or system compromise.
Mitigation:
Remove hardcoding of API keys from source code. Use a secure configuration management approach where API keys are stored securely and dynamically loaded at runtime.
Line:
68
OWASP Category:
A02:2021-Cryptographic Failures
NIST 800-53:
AC-2, IA-5
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Immediate
The application makes external HTTP requests without verifying the SSL certificate. This exposes it to man-in-the-middle attacks and data leakage.
Impact:
An attacker can intercept communications between the application and the external server, leading to unauthorized access or data theft.
Mitigation:
Enable SSL verification for all outgoing HTTP requests. Consider using a more secure protocol like HTTPS instead of HTTP if possible.
Line:
61
OWASP Category:
A08:2021-Software and Data Integrity Failures
NIST 800-53:
SC-8
CVSS Score:
9.8
Related CVE:
Priority:
Immediate
The script allows downloading models to a directory structure that is not secure. The model weights are downloaded to a path which does not require authentication, allowing an attacker to download arbitrary files from the server by manipulating the request parameters.
Impact:
An attacker can download any file on the server by crafting a request to the endpoint, potentially leading to unauthorized access and exposure of sensitive data or system compromise.
Mitigation:
Implement proper authorization checks before allowing model weights to be downloaded. Use authenticated endpoints for downloading models.
Line:
45-52
OWASP Category:
A01:2021 - Broken Access Control
NIST 800-53:
AC-2, AC-3
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Immediate
The code allows for a path traversal vulnerability when reading files. An attacker can manipulate the file path to read arbitrary files from the server, potentially exposing sensitive information or configuration files.
Impact:
An attacker could exploit this vulnerability to read any file on the system, leading to data leakage and potential unauthorized access to critical infrastructure.
Mitigation:
Use a whitelist approach for file paths by validating user input against expected patterns. For example, restrict file names to known safe values or use regular expressions to ensure only allowed characters are present in the path.
Line:
Specific line number or range (e.g., 45-52)
OWASP Category:
A01:2021 - Broken Access Control
NIST 800-53:
SC-13 - Cryptographic Protection
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Short-term
The application performs sensitive operations without requiring authentication, which can be exploited by an attacker to gain unauthorized access.
Impact:
An attacker could perform actions such as data deletion or modification without the user's consent, leading to significant financial and reputational damage.
Mitigation:
Implement proper authentication mechanisms for all sensitive operations. Use secure methods like OAuth, JWT, or other token-based authentication protocols to ensure only authorized users can access these features.
Line:
Specific line number or range (e.g., 45-52)
OWASP Category:
A07:2021 - Authentication Failures
NIST 800-53:
AC-2 - Account Management
CVSS Score:
9.8
Related CVE:
Priority:
Immediate
The function `validate_model_category` does not properly validate the model category against a whitelist of allowed categories. An attacker can provide any string as the `model_ctgry`, and if it matches the pattern for alphanumeric, underscore, or hyphen characters, the function will pass without checking its membership in `ALLOWED_MODEL_CATEGORIES`. This allows an attacker to bypass intended access controls by providing a category that grants them unauthorized privileges.
Impact:
An attacker can gain unauthorized access to the system by specifying any model category allowed by the pattern check, potentially leading to data breaches or system takeover if they are granted additional permissions based on this unchecked input.
Mitigation:
Modify `validate_model_category` to include a strict check against `ALLOWED_MODEL_CATEGORIES`. Ensure that only predefined categories can be assigned to model_ctgry. Example: python
def validate_model_category(model_ctgry: str) -> None:
if model_ctgry not in ALLOWED_MODEL_CATEGORIES:
raise HTTPException(status_code=400, detail=f"Invalid model category. Allowed: {ALLOWED_MODEL_CATEGORIES}")
Line:
18
OWASP Category:
A01:2021 - Broken Access Control
NIST 800-53:
AC-2, AC-6
CVSS Score:
7.5
Related CVE:
Priority:
Immediate
The function `validate_model_id` does not properly validate the model ID against a specific pattern and length. An attacker can input any string, including special characters or excessively long strings, which will pass through without restriction. This allows bypassing intended access controls by providing IDs that grant unauthorized privileges.
Impact:
An attacker can gain unauthorized access to the system by specifying arbitrary model IDs, potentially leading to data breaches or system takeover if they are granted additional permissions based on this unchecked input.
Mitigation:
Modify `validate_model_id` to include strict pattern and length checks. Ensure that only predefined patterns and lengths for model IDs can be assigned. Example: python
def validate_model_id(model_id: str) -> None:
if not model_id or not SAFE_MODEL_ID_PATTERN.match(model_id):
raise HTTPException(status_code=400, detail="Invalid model_id. Only alphanumeric characters, underscores, and hyphens are allowed.")
Line:
21-23
OWASP Category:
A01:2021 - Broken Access Control
NIST 800-53:
AC-2, AC-6
CVSS Score:
7.5
Related CVE:
Priority:
Immediate
The configuration for response types does not enforce strict validation, allowing any string to be assigned as a response type. This includes potentially dangerous inputs that could lead to insecure data handling or exposure.
Impact:
An attacker can manipulate the response type to include malicious payloads, leading to unauthorized data access and potential system compromise if such responses are processed without proper security measures.
Mitigation:
Implement strict validation for response types to ensure they only contain allowed values. Use whitelists instead of blacklists to prevent unrestricted assignment. Example: python
VALID_IMAGE_RESPONSE_TYPES = IMAGE_RESPONSE_TYPES + [None]
VALID_VIDEO_RESPONSE_TYPES = VIDEO_RESPONSE_TYPES + [None]
Line:
14-15
OWASP Category:
A05:2021 - Security Misconfiguration
NIST 800-53:
CM-6
CVSS Score:
7.5
Related CVE:
Priority:
Immediate
The application does not properly validate the API key, allowing any user to authenticate with a valid but unauthorized API key. This can lead to unauthorized access and potential data breaches.
Impact:
An attacker could gain unauthorized access to the system, potentially accessing sensitive information or performing actions that they should not be able to do based on their privileges.
Mitigation:
Implement proper validation of the API key using a secure method such as HMAC with a secret key. Ensure that the comparison is done in constant time to prevent timing attacks. Additionally, consider implementing rate limiting and more stringent access controls for API keys.
Line:
26-31
OWASP Category:
A09:2021 - Security Logging Failures
NIST 800-53:
AC-2, AC-3
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Immediate
The function `validate_download_url` allows for unrestricted URL schemes, which can be exploited to perform Server-Side Request Forgery (SSRF) attacks. An attacker can specify a scheme other than 'https' in the URL, causing the server to make an HTTP request to an arbitrary domain or IP address that it resolves via DNS lookup.
Impact:
An attacker can exploit this vulnerability to access internal services and retrieve sensitive data from the server hosting the application. They could also use SSRF to perform various attacks such as port scanning, private network discovery, and more.
Mitigation:
Enforce HTTPS scheme validation by setting `require_https=True` in the function call for URL parsing. Additionally, validate the hostname resolution before making any external requests to ensure that only allowed domains are accessed.
Line:
28
OWASP Category:
A01:2021 - Broken Access Control
NIST 800-53:
SC-13 - Cryptographic Protection
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Short-term
The code does not properly sanitize or validate user-controlled input for keys in the OLD_TO_NEW_KEY_MAPPING and TEST_REQUEST_KEY_MAPPING dictionaries. An attacker can manipulate these keys to inject malicious values that bypass intended validation checks, potentially leading to unauthorized access or data leakage.
Impact:
An attacker could exploit this by crafting a request with invalid key names, which would bypass the input validation mechanisms in place and lead to potential unauthorized access to sensitive information or system functionalities not explicitly meant for them.
Mitigation:
Implement strict validation and sanitization of keys received from user inputs. Use whitelisting instead of blacklisting to ensure only expected keys are accepted. Consider implementing a more robust mechanism to handle legacy key names, such as maintaining a mapping that is exclusively used during deserialization and not directly exposed to external input.
Line:
21, 24
OWASP Category:
A01:2021 - Broken Access Control
NIST 800-53:
AC-6 - Least Privilege, IA-2 - Identification and Authentication
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Immediate
The endpoint '/test-model-weights-update' allows an attacker to upload a zip file containing malicious content, exploiting Server-Side Request Forgery (SSRF). By crafting a URL in the 'weights_url' field, an attacker can make the server request internal resources or services. If successful, this could lead to unauthorized data exposure, escalation of privileges, or other malicious activities.
Impact:
An attacker could exploit SSRF to access internal networks, retrieve sensitive information from internal systems, manipulate internal services, or gain unauthorized access to the system.
Mitigation:
Implement strict validation and sanitization of the 'weights_url' field to ensure it does not contain malicious content. Use a whitelist approach to restrict the domains that can be accessed by the server. Consider using an allowlist for acceptable protocols (e.g., HTTP, HTTPS) and block all other protocols.
Line:
45-60
OWASP Category:
A05:2021-Security Misconfiguration
NIST 800-53:
SC-13: Cryptographic Protection
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Immediate
The function `_find_models_in_category` iterates over the contents of a directory without proper validation, allowing for potential directory traversal attacks. An attacker can manipulate the category name to access directories outside the intended path, potentially leading to unauthorized data exposure or system compromise.
Impact:
An attacker could exploit this vulnerability to read arbitrary files from the server, including sensitive configuration files or source code, leading to a complete system compromise if such files contain critical credentials or secrets.
Mitigation:
Enforce strict validation of directory names and paths. Use `os.path.isdir` with path normalization checks before accessing directories. Consider using an allowlist approach for allowed categories and model subdirectories.
Line:
25-39
OWASP Category:
A03:2021 - Injection
NIST 800-53:
SI-16 - Memory Protection
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Immediate
The endpoint '/yolo-models/{model_ctgry}/{model_id}' does not require authentication, allowing unauthenticated users to run inference on YOLO models. This can lead to unauthorized access and potential data leakage or system compromise.
Impact:
An attacker could exploit this vulnerability to perform unauthorized operations such as model inference without authorization, potentially leading to the exposure of sensitive information or even complete system compromise.
Mitigation:
Implement proper authentication mechanisms such as API key validation using 'Depends(verify_api_key)' for all endpoints that handle sensitive data. Ensure that only authenticated users can access these endpoints.
Line:
38
OWASP Category:
A07:2021 - Authentication Failures
NIST 800-53:
AC-2, AC-3
CVSS Score:
7.4
Related CVE:
Pattern-based finding
Priority:
Immediate
The middleware does not enforce authentication for paths that are not explicitly documented as public. If an attacker can manipulate the request path to access sensitive endpoints, they could bypass intended access controls and potentially gain unauthorized access to protected resources.
Impact:
An attacker with sufficient knowledge of the application's structure might exploit this flaw to access restricted areas of the system, leading to data leakage or unauthorized actions such as account takeovers. The impact is significant if sensitive information is stored in these endpoints.
Mitigation:
Implement authentication mechanisms for all paths that are not public. Use middleware or routing rules to enforce authentication checks before allowing access to protected resources.
Line:
21-30
OWASP Category:
A01:2021 - Broken Access Control
NIST 800-53:
AC-6, AC-2
CVSS Score:
7.5
Related CVE:
Priority:
Immediate
The application uses a configuration flag (ERROR_SANITIZATION_ENABLED) to decide whether to sanitize error messages. However, the generic error message GENERIC_ERROR_MESSAGE is disclosed in all cases, potentially revealing sensitive information.
Impact:
An attacker can exploit this by observing the response format and content when errors occur. This might lead to further attacks or discovery of sensitive data if detailed error messages are returned.
Mitigation:
Ensure that only sanitized error messages are disclosed based on the configuration setting. Implement conditional checks before returning generic error messages.
Line:
20, 41, 58
OWASP Category:
A05:2021 - Security Misconfiguration
NIST 800-53:
AC-6, AU-3
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Immediate
The application does not properly check the client IP address against a list of blocked IP ranges. An attacker can bypass this check by manipulating the 'client_ip' value in the request, allowing them to access restricted resources or APIs.
Impact:
An attacker could gain unauthorized access to protected areas of the system, potentially leading to data breaches or complete system compromise if they are able to manipulate the IP address used in requests.
Mitigation:
Implement proper input validation and sanitization for 'client_ip' to ensure it matches expected IP formats. Use trusted sources or whitelisting mechanisms to validate IPs against a list of allowed ranges only, not allowing any user-controlled input directly into this decision point.
Line:
24
OWASP Category:
A01:2021 - Broken Access Control
NIST 800-53:
AC-2, AC-3
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Short-term
The code allows for downloading images from a public URL without proper validation or authorization. An attacker can supply a malicious link that, when accessed by the application, triggers an unauthorized download of arbitrary files to the server's filesystem.
Impact:
An attacker could exploit this vulnerability to download and execute arbitrary files on the system, potentially leading to complete system compromise if the executed file is crafted to run privileged commands or contains sensitive data.
Mitigation:
Implement strict validation and authorization checks before downloading any content from untrusted sources. Use whitelisting for allowed domains and paths to prevent access to malicious resources. Consider using a secure method like HTTPS with certificate verification to ensure that the downloaded file is indeed what was intended.
Line:
45
OWASP Category:
A06:2021-Vulnerable Components
NIST 800-53:
AC-2, AC-6, CM-6
CVSS Score:
9.8
Related CVE:
Priority:
Immediate
The application runs sensitive operations without requiring authentication, which can be exploited by an attacker to perform unauthorized actions such as modifying critical configurations or accessing protected data.
Impact:
An attacker could exploit this vulnerability to gain unauthorized access to sensitive information and potentially manipulate the system's behavior in a way that could lead to significant disruption or data theft.
Mitigation:
Ensure all operations that modify configuration settings, access sensitive data, or perform critical functions are protected by appropriate authentication mechanisms. Implement role-based access control (RBAC) to restrict access based on user roles and permissions.
Line:
85-90
OWASP Category:
A07:2021-Authentication Failures
NIST 800-53:
AC-2, AC-6, CM-6
CVSS Score:
7.5
Related CVE:
Priority:
Immediate
The code does not enforce authentication for sensitive operations such as accessing protected endpoints or performing critical actions. An attacker can exploit this by sending a request to these endpoints without proper credentials, leading to unauthorized access and potential data breach.
Impact:
An attacker could gain unauthorized access to the system, potentially compromising sensitive information stored in the database or files accessible only with administrative privileges.
Mitigation:
Enforce authentication for all requests that require privileged access by adding a middleware layer to validate user credentials before allowing access to protected resources. Use HTTP headers like 'Authorization' for token-based authentication and implement role-based access control (RBAC) mechanisms.
Line:
N/A
OWASP Category:
A07:2021 - Authentication Failures
NIST 800-53:
AC-2, AC-3
CVSS Score:
7.5
Related CVE:
N/A
Priority:
Short-term
The application uses a permissive CORS policy that allows all origins, methods, and headers. This can lead to unauthorized cross-site requests which might be exploited by attackers to gain access to sensitive data or perform actions on behalf of the user.
Impact:
An attacker could bypass same-origin restrictions and make API calls from a different origin, potentially leading to unauthorized data exposure or other malicious activities.
Mitigation:
Configure CORS properly with specific allowed origins. For example: `app.add_middleware(CORSMiddleware, allow_origins=['https://example.com'], allow_methods=['GET', 'POST'], allow_headers=['*'])`
Line:
61-69
OWASP Category:
A05:2021-Security Misconfiguration
NIST 800-53:
AC-2, AC-3
CVSS Score:
7.4
Related CVE:
Pattern-based finding
Priority:
Short-term
The application allows configuration of domains from which files can be downloaded. An attacker can configure the domain to a malicious server, allowing them to serve malicious content that could be exploited by users visiting the site.
Impact:
An attacker can serve malicious content to users, potentially leading to phishing attacks or other forms of social engineering where users are tricked into downloading malware or providing sensitive information.
Mitigation:
Implement a strict allowlist for domains from which files can be downloaded. Validate and sanitize the domain configuration input to ensure it only includes trusted domains.
Line:
45-52
OWASP Category:
A06:2021-Vulnerable Components
NIST 800-53:
AC-6
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Short-term
The code uses a cleartext transmission method for video codec configuration, which is insecure. An attacker can intercept the network traffic and retrieve sensitive information such as video compression settings.
Impact:
Sensitive data including video configurations could be exposed to unauthorized parties, compromising the confidentiality of the transmitted information.
Mitigation:
Implement secure communication protocols that encrypt all data in transit. Use HTTPS instead of HTTP for all network communications, and consider implementing Transport Layer Security (TLS) with strong ciphersuites.
Line:
N/A
OWASP Category:
A05:2021 - Security Misconfiguration
NIST 800-53:
CM-6
CVSS Score:
5.9
Related CVE:
Priority:
Short-term
The code does not properly handle exceptions when processing a request. If an exception occurs during the execution of `run_detection` or `run_classification`, it will raise an HTTPException with a generic error message and status code 500, potentially revealing sensitive information about the server's internal structure.
Impact:
An attacker could exploit this by crafting a specific request that triggers exceptions in the processing functions. This might lead to unauthorized disclosure of system information or denial of service if the exception handling does not properly manage resource usage.
Mitigation:
Implement proper error handling with logging and possibly different HTTP status codes based on the type of error encountered. Ensure that sensitive details are not exposed through error messages, especially in production environments.
Line:
45-52
OWASP Category:
A01:2021 - Broken Access Control
NIST 800-53:
AU-2, AU-3
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Immediate
The middleware does not enforce secure configuration for HTTP headers, allowing the application to be accessed over both HTTP and HTTPS. This misconfiguration can lead to sensitive data being transmitted in plain text if intercepted by an attacker.
Impact:
An attacker could intercept and read sensitive information exchanged between the client and server, potentially leading to further exploitation of other vulnerabilities or direct access to user credentials.
Mitigation:
Ensure that all HTTP headers are properly configured to enforce HTTPS only. This can be achieved by adding a strict header policy in the middleware configuration that forces HTTPS for all requests.
Line:
28
OWASP Category:
A05:2021-Security Misconfiguration
NIST 800-53:
SC-8
CVSS Score:
4.3
Related CVE:
Pattern-based finding
Priority:
Short-term
The code does not properly handle HTTP exceptions, which can lead to exposure of sensitive information. Specifically, it returns a generic error message when an HTTP exception occurs, potentially revealing details about the server's internal structure and possibly including debugging information.
Impact:
An attacker could exploit this by crafting specific HTTP requests that trigger different types of errors. This might allow them to gather information about the application's response to various failure scenarios, aiding in further attacks or discovery of sensitive data.
Mitigation:
Implement proper error handling where exceptions are logged and user-friendly messages are returned for certain status codes. Ensure that only generic error messages are disclosed when ERROR_SANITIZATION_ENABLED is true.
Line:
21-30
OWASP Category:
A01:2021 - Broken Access Control
NIST 800-53:
AC-6, AU-3
CVSS Score:
7.5
Related CVE:
Pattern-based finding
Priority:
Immediate
The code does not properly handle errors, which can lead to verbose error messages being exposed in logs. An attacker could exploit this by crafting specific inputs that trigger these errors and gain insights into the system's internal workings.
Impact:
Information about the system architecture or data structures might be disclosed through detailed error messages logged during processing of malformed input.
Mitigation:
Implement proper exception handling to avoid revealing sensitive information in logs. Use generic error messages that do not disclose unnecessary details, and consider logging errors at a minimum level necessary for debugging purposes only.
Line:
N/A
OWASP Category:
A05:2021 - Security Misconfiguration
NIST 800-53:
SI-2
CVSS Score:
4.3
Related CVE:
N/A
Priority:
Short-term