Identified Risks
This table shows all the identified risks for this repository.
Filename | Message | Scanner |
|---|---|---|
/builds/open-code/badgebackend/badge-api/pkg/api/server.go | Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and render data using 'template.Execute()'. | sast |
/builds/open-code/badgebackend/badge-api/pkg/config/svg_cache.go | Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead. | sast |
Dockerfile | Ensure that HEALTHCHECK instructions have been added to container images | iac |
| Das Projekt wird 1 mal nachgenutzt. | badge-api | |
/builds/open-code/badgebackend/badge-api/pkg/api/handler/repository_handler.go | Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and render data using 'template.Execute()'. | sast |
/builds/open-code/badgebackend/badge-api/pkg/api/handler/repository_handler.go | Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and render data using 'template.Execute()'. | sast |
/builds/open-code/badgebackend/badge-api/pkg/api/handler/repository_handler.go | Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and render data using 'template.Execute()'. | sast |
/builds/open-code/badgebackend/badge-api/pkg/api/handler/repository_handler.go | Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and render data using 'template.Execute()'. | sast |
/builds/open-code/badgebackend/badge-api/pkg/api/server.go | Found an HTTP server without TLS. Use 'http.ListenAndServeTLS' instead. See https://golang.org/pkg/net/http/#ListenAndServeTLS for more information. | sast |
/builds/open-code/badgebackend/badge-api/pkg/badges/observe/observer.go | Variable `res` is likely modified and later used on error. In some cases this could result in panics due to a nil dereference | sast |
Showing 1 of 1 pages (10 items)