Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 11 vulnerabilities found:
- Vulnerability 1:
- File: auth.py
- > User input at line 86, source "form[":
- email = request.form['email']
- Reassigned in:
- File: auth.py
- > Line 14: save_2_email = email
- File: auth.py
- > Line 14: email = save_2_email
- File: auth.py
- > reaches line 116, sink "execute(":
- ~call_12 = ret_cursor.execute(query, (username, email))
- Vulnerability 2:
- File: auth.py
- > User input at line 87, source "form[":
- username = request.form['username']
- Reassigned in:
- File: auth.py
- > Line 14: save_2_username = username
- File: auth.py
- > Line 14: username = save_2_username
- File: auth.py
- > reaches line 116, sink "execute(":
- ~call_12 = ret_cursor.execute(query, (username, email))
- Vulnerability 3:
- File: auth.py
- > User input at line 86, source "form[":
- email = request.form['email']
- Reassigned in:
- File: auth.py
- > Line 14: save_2_email = email
- File: auth.py
- > Line 14: email = save_2_email
- File: auth.py
- > reaches line 133, sink "execute(":
- ~call_17 = ret_cursor.execute(insert, (username, email, password_hash))
- Vulnerability 4:
- File: auth.py
- > User input at line 87, source "form[":
- username = request.form['username']
- Reassigned in:
- File: auth.py
- > Line 14: save_2_username = username
- File: auth.py
- > Line 14: username = save_2_username
- File: auth.py
- > reaches line 133, sink "execute(":
- ~call_17 = ret_cursor.execute(insert, (username, email, password_hash))
- Vulnerability 5:
- File: auth.py
- > User input at line 88, source "form[":
- password = request.form['secretPassword']
- Reassigned in:
- File: auth.py
- > Line 14: save_2_password = password
- File: auth.py
- > Line 14: password = save_2_password
- File: auth.py
- > Line 126: ~call_14 = ret_generate_password_hash(password, method='pbkdf2:sha256', salt_length=10)
- File: auth.py
- > Line 126: password_hash = ~call_14
- File: auth.py
- > reaches line 133, sink "execute(":
- ~call_17 = ret_cursor.execute(insert, (username, email, password_hash))
- This vulnerability is unknown due to: Label: ~call_14 = ret_generate_password_hash(password, method='pbkdf2:sha256', salt_length=10)
- Vulnerability 6:
- File: auth.py
- > User input at line 87, source "form[":
- username = request.form['username']
- Reassigned in:
- File: auth.py
- > Line 14: save_2_username = username
- File: auth.py
- > Line 14: username = save_2_username
- File: auth.py
- > Line 119: ~call_13 = ret_'User {0} is already registered.'.format(username)
- File: auth.py
- > Line 119: error = ~call_13
- File: auth.py
- > reaches line 144, sink "flash(":
- ~call_24 = ret_flash(error)
- This vulnerability is unknown due to: Label: ~call_13 = ret_'User {0} is already registered.'.format(username)
- Vulnerability 7:
- File: auth.py
- > User input at line 176, source "form[":
- username = request.form['username']
- Reassigned in:
- File: auth.py
- > Line 14: save_4_username = username
- File: auth.py
- > Line 14: username = save_4_username
- File: auth.py
- > Line 274: save_14_username = username
- File: auth.py
- > Line 274: username = save_14_username
- File: auth.py
- > reaches line 184, sink "execute(":
- ~call_16 = ret_cnx.execute('SELECT email, password FROM user WHERE email = %s', (username))
- Vulnerability 8:
- File: auth.py
- > User input at line 176, source "form[":
- username = request.form['username']
- Reassigned in:
- File: auth.py
- > Line 14: save_4_username = username
- File: auth.py
- > Line 14: username = save_4_username
- File: auth.py
- > Line 274: save_14_username = username
- File: auth.py
- > Line 274: username = save_14_username
- File: auth.py
- > reaches line 187, sink "execute(":
- ~call_17 = ret_cnx.execute('SELECT username, password FROM user WHERE username = %s', (username))
- Vulnerability 9:
- File: auth.py
- > User input at line 176, source "form[":
- username = request.form['username']
- Reassigned in:
- File: auth.py
- > Line 14: save_4_username = username
- File: auth.py
- > Line 14: username = save_4_username
- File: auth.py
- > Line 274: save_14_username = username
- File: auth.py
- > Line 274: username = save_14_username
- File: auth.py
- > reaches line 205, sink "execute(":
- ~call_20 = ret_cnx.execute('UPDATE user SET token = %s WHERE email = %s', (uniqueToken, username))
- Vulnerability 10:
- File: auth.py
- > User input at line 176, source "form[":
- username = request.form['username']
- Reassigned in:
- File: auth.py
- > Line 14: save_4_username = username
- File: auth.py
- > Line 14: username = save_4_username
- File: auth.py
- > Line 274: save_14_username = username
- File: auth.py
- > Line 274: username = save_14_username
- File: auth.py
- > reaches line 208, sink "execute(":
- ~call_21 = ret_cnx.execute('UPDATE user SET token = %s WHERE username = %s', (uniqueToken, username))
- Vulnerability 11:
- File: auth.py
- > User input at line 237, source "Framework function URL parameter":
- userid
- File: auth.py
- > reaches line 245, sink "execute(":
- ~call_11 = ret_cnx.execute('DELETE FROM user WHERE id = %s', (userid))
Add Comment
Please, Sign In to add comment