OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
from .jwt_bearer import JWTBearerGrant
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
Backslash-based directory traversal patterns targeting Windows file systems.
f' type {hint_name} = ... {hint_ref_name} ...\n'Normalize path separators and apply traversal checks for both forward and backslashes.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_token_request(self):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
flags = eval(self.flags, G_FLAGS)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
Dynamic imports with variable URLs can load malicious code at runtime.
require (much) extra storage.
Use static imports only. Do not dynamically import modules from variable paths.
Using sudo in scripts escalates privileges and may allow unintended system-wide modifications.
sudo apt-get install xsel
Remove sudo usage. Run processes with the minimum required privileges.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# Hint logic type-checking this sign if any *OR* "None" otherwise.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
<!-- Header -->
Remove HTML comments from description strings. Use source code comments instead.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
_execute_safe(cur, "select * from hypopg_reset()")
Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@_composed_child.tool(name="ping")
Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.
result = call_tool("tools/call", {"name": name, "arguments": params})Tool responses should never contain tool invocation patterns. Validate and sanitize all output to ensure it does not include cross-tool call instructions.
An HTTP server is created without configuring Strict-Transport-Security (HSTS) headers. Without HSTS, browsers may allow downgrade attacks from HTTPS to HTTP.
sock.listen(backlog)
Add Strict-Transport-Security headers to your server responses. Use a middleware such as helmet to set HSTS automatically.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
#"BeartypeDecorHintPep484DeprecationWarning". Oh well. Let's preserve backward
Remove hardcoded secrets from source code. Use environment variables or a secrets manager.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
sys.stdout.write(prompt or "")
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
# REQUIRED. Issuer. This MUST contain the client_id of the OAuth Client.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
from .bearer import BearerAuth
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
# REQUIRED. Subject. This MUST contain the client_id of the OAuth Client.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Authentication method for OAuth 2.0 Client. This authentication
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
token_endpoint = "https://example.com/oauth/token"
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
from .oauth import OAuth
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Authentication method for OAuth 2.0 Client. This authentication
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
from .oauth import OAuth
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
token_endpoint = "https://example.com/oauth/token"
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
# "client_id" of the OAuth client
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
__all__ = ["BearerAuth", "OAuth"]
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
OAuth 2.0 Dynamic Client Registration Protocol.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
title: str = "FastMCP OAuth",
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
str | Literal["oauth"] | httpx.Auth | None,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""The client registration endpoint is an OAuth 2.0 endpoint designed to
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Generate ```registration_client_uri`` and ``registration_access_token``
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
OAuth 2.0 Dynamic Client Registration Management Protocol.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
self.revoke_access_token(request, token)
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
# 'registration_access_token', 'registration_client_uri',
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"registration_access_token",
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Generate ```registration_client_uri`` and ``registration_access_token``
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
access_token = request.headers['Authorization'].split(' ')[1]Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
'registration_access_token': access_token,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
'registration_access_token': access_token,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
:param client: the instance of OAuth client
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def revoke_access_token(self, token, request):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def revoke_access_token(self, token, request):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
:param client: the instance of OAuth client
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
:param client: the instance of OAuth client
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Proof Key for Code Exchange by OAuth Public Clients.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
OAuth 2.0 Token Introspection.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
OAuth 2.0 Authorization Server Metadata.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def get_well_known_url(issuer, external=False, suffix="oauth-authorization-server"):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
OAuth 2.0 Device Authorization Grant.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
OAuth 2.0 Token Exchange.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
if request.form.get("token_type_hint") not in ("access_token", None):Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Clients using the OAuth Implicit Grant Type MUST only register URLs using the
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
# Optional OAuth/JWT settings
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"value": "Bearer testkey"
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
The ultimate Python library in building OAuth 1.0, OAuth 2.0 and OpenID
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
The ultimate Python library in building OAuth 1.0, OAuth 2.0 and OpenID
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
from .registry import BaseOAuth
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"BaseOAuth",
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
async def fetch_access_token(self, request_token=None, **kwargs):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
:param request_token: A previous request token for OAuth 1.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
token = await client.fetch_access_token(self.access_token_url, **params)
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
async def _on_update_token(self, token, refresh_token=None, access_token=None):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
access_token=access_token,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
access_token=access_token,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
async def fetch_access_token(self, redirect_uri=None, **kwargs):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def update_token(self, token, refresh_token=None, access_token=None):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def load_config(oauth, name, params):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
__all__ = ["BaseOAuth"]
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
class BaseOAuth:
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Registry for oauth clients.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
oauth = OAuth()
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
oauth = OAuth()
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Create or get the given named OAuth client. For instance, the
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
OAuth registry has ``.register`` a twitter client, developers may
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
client = oauth.create_client("twitter")Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
:return: OAuth remote app
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
oauth.register('twitter', client_id='', ...)Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
oauth.twitter.get('timeline')Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
from ..base_client import BaseOAuth
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
class OAuth(BaseOAuth):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
class OAuth(BaseOAuth):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"OAuth",
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def authorize_access_token(self, request, **kwargs):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
return self.fetch_access_token(**params)
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def authorize_access_token(self, request, **kwargs):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
token = self.fetch_access_token(**params, **kwargs)
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def update_token(self, token, refresh_token=None, access_token=None):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
access_token=access_token,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
access_token=access_token,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def load_config(oauth, name, params):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""The revocation endpoint for OAuth authorization servers allows clients
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
if token_type_hint == "access_token":
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
rv = _query_access_token(token_model, token)
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
rv = _query_access_token(token_model, token)
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def _query_access_token(token_model, token):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
return token_model.objects.get(access_token=token)
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
from ..base_client import BaseOAuth
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
class OAuth(BaseOAuth):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
class OAuth(BaseOAuth):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
raise RuntimeError("OAuth is not init with Flask app.")Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"OAuth",
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def authorize_access_token(self, **kwargs):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
token = self.fetch_access_token(**params)
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def authorize_access_token(self, **kwargs):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
token = self.fetch_access_token(**params, **kwargs)
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def update_token(self, token, refresh_token=None, access_token=None):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
access_token=access_token,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
access_token=access_token,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def load_config(oauth, name, params):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
v = oauth.app.config.get(conf_key, None)
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Signs the httpx request using OAuth 1 (RFC5849)."""
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
async def fetch_access_token(self, url, verifier=None, **kwargs):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
This is the final step in the OAuth 1 workflow. An access token is
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Signs the request using OAuth 1 (RFC5849)."""
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
header, since nonce may not be reused as per OAuth spec.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
if token_type_hint == "access_token":
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
return q.filter_by(access_token=token).first()
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
item = q.filter_by(access_token=token).first()
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
if hint != "access_token":
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Create an bearer token validator class with SQLAlchemy session
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
return q.filter_by(access_token=token_string).first()
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
from ..base_client import BaseOAuth
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
class OAuth(BaseOAuth):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
class OAuth(BaseOAuth):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"OAuth",
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def update_token(self, token, refresh_token=None, access_token=None):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def load_config(oauth, name, params):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
if not oauth.config:
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
v = oauth.config.get(conf_key, default=None)
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
This is the second step in the OAuth 1 workflow. The user should be
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
This is the first step in the OAuth 1 workflow. A request token is
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def fetch_access_token(self, url, verifier=None, **kwargs):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
This is the final step in the OAuth 1 workflow. An access token is
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
back from the OAuth provider to you, the client.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
This module represents a direct implementation of The OAuth 1.0 Protocol.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Authorization: OAuth realm="Photos",
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Authorization: OAuth realm="Photos",
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Get an OAuth signature to be used in signing a request.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Sign the HTTP request, add OAuth parameters and signature.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
# https://datatracker.ietf.org/doc/html/draft-eaton-oauth-bodyhash-00.html
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Add OAuth parameters to the request.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Authlib based on OAuth 1.0a `Section 10`_ with some changes.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
.. _`Section 10`: https://oauth.net/core/1.0a/#rfc.section.10
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
description = "OAuth 2 MUST utilize https."
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
This module contains methods related to `section 3.5`_ of the OAuth 1.0a spec.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"OAuth" (case insensitive).
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Authorization: OAuth realm="Photos",
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
# the auth-scheme name set to "OAuth" (case insensitive).
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
headers["Authorization"] = f"OAuth {header_parameters}"Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Append OAuth params to an existing set of parameters.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
# append OAuth params to the existing body
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
# append OAuth params to the existing set of query components
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
def _filter_oauth(params):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Parse an OAuth authorization header into a list of 2-tuples."""
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
auth_scheme = "oauth "
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
(SIGNATURE_TYPE_QUERY, list(_filter_oauth(query_params))),
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
(SIGNATURE_TYPE_BODY, list(_filter_oauth(body_params))),
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
(SIGNATURE_TYPE_HEADER, list(_filter_oauth(auth_params))),
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Attaches OAuth Client Information to HTTP requests.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
:param token: A dict or OAuth2Token instance of an OAuth 2.0 token
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
DEFAULT_TOKEN_TYPE = "bearer"
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
SIGN_METHODS = {"bearer": add_bearer_token}Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
self.token["access_token"], uri, headers, body, self.token_placement
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
token. OAuth defines four grant types:
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
SUPPORTED_TOKEN_TYPES = ("access_token", "refresh_token")Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Add a Bearer Token to the request URI.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
http://www.example.com/path?access_token=h480djs93hd8
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
return add_params_to_uri(uri, [("access_token", token)])Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Add a Bearer Token to the request URI.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Recommended method of passing bearer tokens.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Authorization: Bearer h480djs93hd8
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
headers["Authorization"] = f"Bearer {token}"Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Add a Bearer Token to the request body.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
access_token=h480djs93hd8
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
return add_params_to_qs(body, [("access_token", token)])Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
OAuth 2.0 Token Revocation.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
JSON Web Token (JWT) Profile for OAuth 2.0 Client
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
from .auth import OAuth, BearerAuth
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"OAuth",
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
request.headers["Authorization"] = f"Bearer {self.token.get_secret_value()}"Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
auth: httpx.Auth | Literal["oauth"] | str | None = None,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
OAuth callback server for handling authorization code flows.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
This module provides a reusable callback server that can handle OAuth redirects
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Create a styled HTML response for OAuth callbacks."""
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Container for OAuth callback results, used with anyio.Event for async coordination."""
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Create an OAuth callback server.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
callback_path: The path to listen for OAuth redirects on
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Handle OAuth callback requests with proper HTML responses."""
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
# Check for missing state parameter (indicates OAuth flow issue)
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"The OAuth server did not return the expected state parameter."
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
print("🎭 OAuth Callback Test Server")Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
description='Either a string representing a Bearer token, the literal "oauth" to use OAuth authentication, or an httpx.Auth instance for custom authentication.',
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
description='Either a string representing a Bearer token, the literal "oauth" to use OAuth authentication, or an httpx.Auth instance for custom authentication.',
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
description='Either a string representing a Bearer token, the literal "oauth" to use OAuth authentication, or an httpx.Auth instance for custom authentication.',
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
AccessToken,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"AccessToken",
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
discovery_endpoint: URL of the OAuth metadata discovery endpoint
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
<p>Your MCP client opened this page to complete OAuth authorization,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
OAuth 2.0 requires clients to register before authorization.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
In browser-delegated OAuth flows, your application cannot
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
This maintains OAuth 2.1 compliance (returns 400 for invalid client_id)
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
provider: OAuth authorization server provider
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
discovery_endpoint = f"{self._base_url}/.well-known/oauth-authorization-server"Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
f'<{registration_endpoint}>; rel="http://oauth.net/core/2.1/#registration"'Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Utilities for validating client redirect URIs in OAuth flows."""
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
# PydanticAdapter for type-safe storage (following OAuth proxy pattern)
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
which can be useful for OAuth callbacks, health checks, or admin APIs.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
from fastmcp.client.auth.oauth import OAuth
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
from fastmcp.client.auth.oauth import OAuth
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
class HeadlessOAuth(OAuth):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
class HeadlessOAuth(OAuth):
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
OAuth provider that bypasses browser interaction for testing.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
This simulates the complete OAuth flow programmatically by making HTTP requests
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Initialize HeadlessOAuth with stored response tracking."""
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
f"OAuth authorization failed: {error} - {error_desc}"Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
This module provides reusable HTML/CSS components for OAuth callbacks,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
# Redirect section styles (for OAuth redirect URI box)
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Base exception for OAuth flow errors."""
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
MCP OAuth server authorization components.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
from mcp.server.auth.provider import AccessToken, OAuthAuthorizationServerProvider, RefreshToken
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
token_type_hint: Literal["access_token", "refresh_token"] | None = None
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Handler for the OAuth 2.0 Token Revocation endpoint.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
self.provider.load_access_token,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
token: None | AccessToken | RefreshToken = None
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
For sensitive data like credentials or OAuth flows, use elicit_url() instead.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
- OAuth authorization flows with third-party services
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
like OAuth flows, credential collection, or payment processing.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
like OAuth flows, credential collection, or payment processing.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
headers = {"Authorization": "Bearer token"}Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"""Utilities for OAuth 2.0 Resource Indicators (RFC 8707) and PKCE (RFC 7636)."""
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
url="https://example.com/oauth/authorize",
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
like OAuth flows, credential collection, or payment processing.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Allows configuration of the supported OAuth Flows.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Configuration for the OAuth Implicit flow
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Configuration for the OAuth Resource Owner Password flow
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Configuration for the OAuth Client Credentials flow.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Configuration for the OAuth Authorization Code flow.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Allows configuration of the supported OAuth Flows.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Configuration for the OAuth Implicit flow
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Configuration for the OAuth Resource Owner Password flow
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Configuration for the OAuth Client Credentials flow.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Configuration for the OAuth Authorization Code flow.
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
'OAuth': ('oauth_get_sbs', 'oauth_urlencode'),Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"NOAUTH": AuthenticationError,
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
Null bytes in file paths can truncate path validation and access unintended files.
while n < maxlen and p[n] != b'\x00':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
while n < maxlen and p[n] != b'\x00':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
unquoted = "[^\"'=<>`\\x00-\\x20]+"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
return "b'%s%s%s\\x00%s'" % (format_four_bytes(self.type_index),
Strip null bytes from all file path inputs before processing.
Backslash-based directory traversal patterns targeting Windows file systems.
f' # Instead of decorating methods by @beartype like this...\n'
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
f' # Instead of an unquoted forward reference...\n'
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
f' type {hint_name} = ... {hint_ref_name} ...\n'Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
f' type {hint_name} = ... "{hint_ref_name}" ...\n'Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
print("\nExecuting db_pg96_database_security_performance_metrics(profile='oltp')...\n")Normalize path separators and apply traversal checks for both forward and backslashes.
Null bytes in file paths can truncate path validation and access unintended files.
self._send.send(b"\x00")
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if not path_str.startswith("\0"):Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# correct = %00, %A0, %0A, %FF
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
return b"\x00\x00\x00\x00"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
return b"\x00\x00\x00\x00"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
return b"\x00\x00\x00\x00"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
return b"\x00\x00\x00\x00"
Strip null bytes from all file path inputs before processing.
Backslash-based directory traversal patterns targeting Windows file systems.
f'like this...\n'
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
f'\tdef {func_name}(*args: P.args, **kwargs: P.kwargs): ...\n'Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
f' # Instead of this...\n'
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
f' # Instead of this...\n'
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
f' # Instead of this...\n'
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
f'defined in a callable like this...\n'
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
f' type {hint_name} = ...\n'Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
f' type {hint_name} = ...\n'Normalize path separators and apply traversal checks for both forward and backslashes.
Null bytes in file paths can truncate path validation and access unintended files.
ANSI_RESET = '\033[0m'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
COLOR_BLUE = '\033[34m'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
COLOR_CYAN = '\033[36m'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
COLOR_GREEN = '\033[32m'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
COLOR_MAGENTA = '\033[35m'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
COLOR_RED = '\033[31m'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
COLOR_YELLOW = '\033[33m'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
STYLE_BOLD = '\033[1m'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
_ANSI_REGEX = re_compile(r'\033\[[0-9;?]*[A-Za-z]')
Strip null bytes from all file path inputs before processing.
Backslash-based directory traversal patterns targeting Windows file systems.
f' # Instead of this at the top of "{frame_filename}"...\n'Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
f' # Instead of this at the top of "{frame_module_name}"...\n'Normalize path separators and apply traversal checks for both forward and backslashes.
Null bytes in file paths can truncate path validation and access unintended files.
ctypeobj.value + b'\x00')
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
key = '\x00'.join(['%d.%d' % sys.version_info[:2],
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
_ansi_re = re.compile(r"\033\[[;?0-9]*[a-zA-Z]")
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
BEFORE_BAR = "\r\033[?25l"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
AFTER_BAR = "\033[?25h\n"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# return \x00 when called a second time after pressing a regular key.
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# Either of these functions will return \x00 or \xe0 to indicate
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if rv in ("\x00", "\xe0"):Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# \x00 and \xe0 are control characters that indicate special key,
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
_ansi_reset_all = "\033[0m"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# ANSI escape \033[2J clears the screen, \033[1;1H moves the cursor
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# ANSI escape \033[2J clears the screen, \033[1;1H moves the cursor
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
echo("\033[2J\033[1;1H", nl=False)Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
echo("\033[2J\033[1;1H", nl=False)Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
bits.append(f"\033[{_interpret_color(fg)}m")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
bits.append(f"\033[{_interpret_color(bg, 10)}m")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
bits.append(f"\033[{1 if bold else 22}m")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
bits.append(f"\033[{2 if dim else 22}m")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
bits.append(f"\033[{4 if underline else 24}m")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
bits.append(f"\033[{53 if overline else 55}m")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
bits.append(f"\033[{3 if italic else 23}m")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
bits.append(f"\033[{5 if blink else 25}m")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
bits.append(f"\033[{7 if reverse else 27}m")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
bits.append(f"\033[{9 if strikethrough else 29}m")Strip null bytes from all file path inputs before processing.
Using path.join or path.resolve with variables from user input without validation can lead to directory traversal.
return os.path.join(os.path.expanduser(f"~/.{_posixify(app_name)}"))Sanitize user input before passing to path.join/resolve. Use path.normalize() and check for '..' sequences.
Null bytes in file paths can truncate path validation and access unintended files.
key_to_wrap = key_to_wrap + b"\x00" * pad
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
CSI = '\033['
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
OSC = '\033]'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
ANSI_CSI_RE = re.compile('\001?\033\\[((?:\\d|;)*)([a-zA-Z])\002?') # Control Sequence IntroducerStrip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
ANSI_CSI_RE = re.compile('\001?\033\\[((?:\\d|;)*)([a-zA-Z])\002?') # Control Sequence IntroducerStrip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
ANSI_CSI_RE = re.compile('\001?\033\\[((?:\\d|;)*)([a-zA-Z])\002?') # Control Sequence IntroducerStrip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
ANSI_OSC_RE = re.compile('\001?\033\\]([^\a]*)(\a)\002?') # Operating System CommandStrip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
ANSI_OSC_RE = re.compile('\001?\033\\]([^\a]*)(\a)\002?') # Operating System CommandStrip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
ANSI_OSC_RE = re.compile('\001?\033\\]([^\a]*)(\a)\002?') # Operating System CommandStrip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
algorithm, CBC(b"\x00" * algorithm.block_size)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
salt = b"\x00" * algorithm.block_size
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
return b"".join([self._label, b"\x00", self._context, l_val])
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
or (b != 0 and not bytes_eq(data[-b:], b"\x00" * b))
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
_SK_MAGIC = b"openssh-key-v1\0"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
val = val.replace("\0", "\\00")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
val = val.replace("\0", "\\00")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
text = re.sub(r"[\x00-\x1f\x7f]", "", text)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
text = re.sub(r"[\x00-\x1f\x7f]", "", text)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
while nextchar == '\x00':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
tti.abbr = abbr[abbrind:abbr.find('\x00', abbrind)]Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
value = value.rstrip('\x00') # Remove trailing nullsStrip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
exp_header = b"\0" + struct.pack("!H", _exp_len)Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
addr = dns.ipv4.inet_ntoa(prefix + b"\x00" * pad)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
addr = dns.ipv6.inet_ntoa(prefix + b"\x00" * pad)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
self.pool = bytearray(b"\0" * self.hash_len)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
_mapped_prefix = b"\x00" * 10 + b"\xff\xff"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
b"\x00" * dns.tsig.mac_sizes[self.keyring.algorithm],
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
_MINIMAL_OCTET = b"\x00"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# Try prefixing \000 as new label
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
address += b"\x00" * (4 - l)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
address += b"\x00" * (16 - l)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
bitmap = bytearray(b"\0" * 32)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
bitmap = bytearray(b"\0" * 32)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
output.write(b"\00" * length_length)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
self.output.write(b"\x00" * 12)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
pad = b"\x00" * (pad - remainder)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
return text.replace('\x00', '\\')Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
for sep in ['\x00 ', '\x00\n', '\x00']:
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
for sep in ['\x00 ', '\x00\n', '\x00']:
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
for sep in ['\x00 ', '\x00\n', '\x00']:
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
s = s.replace('\\', '\x00') # escape with NULL charStrip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
s = s.replace('\x00\x00', '\\') # unescape backslashesStrip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
s = s.replace('\x00\x00', '\\') # unescape backslashesStrip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
s = s.replace('\x00 ', '\x00\x00') # escaped spaces -> NULL NULLStrip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
s = s.replace('\x00 ', '\x00\x00') # escaped spaces -> NULL NULLStrip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
s = s.replace('\x00 ', '\x00\x00') # escaped spaces -> NULL NULLStrip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
return [name.replace('\x00\x00', ' ').replace('\x00', '')Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
return [name.replace('\x00\x00', ' ').replace('\x00', '')Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
return [name.replace('\x00\x00', ' ').replace('\x00', '')Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
to nulls (``\x00``).
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
start_string_prefix = '(^|(?<!\x00))'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
end_string_suffix = ('($|(?=\\s|[\x00%s%s%s]))' %Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
(([^<>]|\x00[<>])+) # anything but unescaped angle brackets
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
non_whitespace_escape_before = r'(?<![\s\x00])'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
non_unescaped_whitespace_escape_before = r'(?<!(?<!\x00)[\s\x00])'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
non_unescaped_whitespace_escape_before = r'(?<!(?<!\x00)[\s\x00])'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# final \x00 allows backslash escapes in URIs:
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
uric = r"""[-_.!~*'()[\];/:@&=+$,%a-zA-Z0-9\x00]"""
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
emailc = r"""[-_!~*'{|}/#?^`&=+$%a-zA-Z0-9\x00]"""Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
(?<!\x00)@ # at
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
(?<!(?<!\x00):) # no unescaped colon at end
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
double_width_pad_char = '\x00'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
pattern = '(?<!\x00)%s' % authorsep
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
txt = re.sub('(?<=\x00)([-\\\'".`])', r'\\\1', str(node))Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
'\x00' + text[bs_index + 1:bs_index + 2]))
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
strings = text.split('\x00 ')Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
strings = [string.split('\x00\n') for string in strings]Strip null bytes from all file path inputs before processing.
Backslash-based directory traversal patterns targeting Windows file systems.
# formula of the form \[...\]
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
"Parse a \\(...\\) formula."
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
"Parse a \\[...\\] formula."
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
"A \\begin{}...\\end equation environment with rows and cells."Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
"A \\begin{}...\\end command and what it entails (array, cases, aligned)"Normalize path separators and apply traversal checks for both forward and backslashes.
Null bytes in file paths can truncate path validation and access unintended files.
ind = s.find(b"\0")
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
val = key.value if key.value is not None else b"\x00"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
val += b"\x00" * needed
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
out += b"\x00" * (offset - len(out))
Strip null bytes from all file path inputs before processing.
Using Python's open() with variable paths without validation enables path traversal.
webbrowser.open(f"http://localhost:{port}/callback?code=test123&state=xyz")Validate and sanitize file paths using os.path.realpath() and check against allowed directories.
Null bytes in file paths can truncate path validation and access unintended files.
vchar_or_obs_text = r"[^\x00\s]"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
b"\x00": "NO AUTHENTICATION REQUIRED",
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
b"\x00": "Succeeded",
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
b"\x00": "NO AUTHENTICATION REQUIRED",
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
b"\x00": "Succeeded",
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if "\0" in value:
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
int_bytes = b"\x00"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
REGEX_NON_ASCII = re.compile(r"[^\0-\x7E]")
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
NULL_RE = re.compile(r"\0")
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
AUTOLINK_RE = re.compile(r"^([a-zA-Z][a-zA-Z0-9+.\-]{1,31}):([^<>\x00-\x20]*)$")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
_unit_regex = re_compile(r"[\x00-\x7F]{0,63}")Strip null bytes from all file path inputs before processing.
Using path.join or path.resolve with variables from user input without validation can lead to directory traversal.
return os.path.join(os.path.expanduser(path), "applications") # noqa: PTH111, PTH118
Sanitize user input before passing to path.join/resolve. Use path.normalize() and check for '..' sequences.
Using path.join or path.resolve with variables from user input without validation can lead to directory traversal.
return os.path.join(os.path.expanduser("~/.local/share"), "applications") # noqa: PTH111, PTH118Sanitize user input before passing to path.join/resolve. Use path.normalize() and check for '..' sequences.
Backslash-based directory traversal patterns targeting Windows file systems.
# directives with Windows paths as filenames (..\..\dir\file)
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
# directives with Windows paths as filenames (..\..\dir\file)
Normalize path separators and apply traversal checks for both forward and backslashes.
Null bytes in file paths can truncate path validation and access unintended files.
return text.replace('\\', '\x00'). \Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
replace('\x00', rf'\{commandprefix}Zbs{{}}'). \Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
(b'\xff\xfe\0\0', 'utf-32'),
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
(b'\xff\xfe\0\0', 'utf-32'),
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
(b'\0\0\xfe\xff', 'utf-32be'),
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
(b'\0\0\xfe\xff', 'utf-32be'),
Strip null bytes from all file path inputs before processing.
Direct access to sensitive files like /etc/passwd, /etc/shadow, or SSH keys indicates potential data exfiltration.
* ``/etc/passwd``
Remove direct references to sensitive system files. Use a restricted file access layer.
Direct access to sensitive files like /etc/passwd, /etc/shadow, or SSH keys indicates potential data exfiltration.
* ``/etc/shadow``
Remove direct references to sensitive system files. Use a restricted file access layer.
Null bytes in file paths can truncate path validation and access unintended files.
# * to embed colon as data, we must use \072
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
(r'\\072', Literal),
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
XPP_CHARS = XPP_CHARS.replace('\x00', '\x01')Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
rf'[\x00-\x08\x0b\x0c\x0e-\x1f]*{_break}', Number.Float),Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
end_string_suffix = (rf'((?=$)|(?=[-/:.,; \n\x00{re.escape(unicode_delimiters)}{re.escape(closers)}]))')Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
link_address = r'(?:[0-9.]+|\[[0-9a-f:.]+\]|[^\x00-\x20"<>\[\]\x7F\xA0\u1680\u2000-\u200A\u202F\u205F\u3000\uFFFD])'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
link_char_class = r'[^\x00-\x20"<>\[\]\x7F\xA0\u1680\u2000-\u200A\u202F\u205F\u3000\uFFFD]'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# Use [ \t\n\r\0\x0B] instead of \s to follow PHP trim() behavior
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
(r'^([ \t\n\r\0\x0B]*?)(\|\})',
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
(r'^([ \t\n\r\0\x0B]*?)(\|-+)(.*)$', bygroups(Whitespace, Punctuation,
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
^([ \t\n\r\0\x0B]*?)(\|\+)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
( ^(?:[ \t\n\r\0\x0B]*?)\| | \|\| )
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
( ^(?:[ \t\n\r\0\x0B]*?)! )
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# where \^@ == \000
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
_ident_inner = r'(?:[\\_a-z]|[^\x00-\x7f])(?:[\\\w]|[^\x00-\x7f])*'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
_ident_inner = r'(?:[\\_a-z]|[^\x00-\x7f])(?:[\\\w]|[^\x00-\x7f])*'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
_ident_nons = r'(?:[_a-z]|[^\x00-\x7f])(?:\w|[^\x00-\x7f])*'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
_ident_nons = r'(?:[_a-z]|[^\x00-\x7f])(?:\w|[^\x00-\x7f])*'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
IRIREF = r'<(?:[^<>"{}|^`\\\x00-\x20])*>'Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
'IRIREF': r'(<[^<>"{}|^`\\\x00-\x20]*>)'Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
IRIREF = r'<(?:[^\x00-\x20<>"{}|^`\\]|' + UCHAR + ')*>'Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
(r"""'(\\['"\\nrt]|\\x[0-7][0-9a-fA-F]|\\0"""
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
(r"""b'(\\['"\\nrt]|\\x[0-9a-fA-F]{2}|\\0"""Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
(r"""\\['"\\nrt]|\\x[0-7][0-9a-fA-F]|\\0"""
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
(r'(?=[\x00|&])', Text, '#pop'),
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
_ident_char = r'[\\\w-]|[^\x00-\x7f]'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
_ident_begin = r'(?:[\\_a-z]|[^\x00-\x7f])'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
Cc = '\x00-\x1f\x7f-\x9f'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
NULL = b"\x00"[0]
Strip null bytes from all file path inputs before processing.
Backslash-based directory traversal patterns targeting Windows file systems.
msg = "There are no active break-points.\r\n\r\nSelecting this debug option without any\r\nbreak-points is unlikely to have the desired effect\r\nas the debugger is unlikely to be invoked..\r\n\r\nWould you like to step-through in the debugger instead?"
Normalize path separators and apply traversal checks for both forward and backslashes.
Null bytes in file paths can truncate path validation and access unintended files.
buff = (keywords + "\0").encode(default_scintilla_encoding)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
the returned string contains null characters ('\0') if they occurredStrip null bytes from all file path inputs before processing.
Backslash-based directory traversal patterns targeting Windows file systems.
# debug("QueueOutput on thread %d, flags %d with '%s'...\n" % (win32api.GetCurrentThreadId(), self.writeQueueing, message ))Normalize path separators and apply traversal checks for both forward and backslashes.
Null bytes in file paths can truncate path validation and access unintended files.
null_byte = b"\0"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
buff = (name + "\0").encode(default_scintilla_encoding)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
buff = (text + "\0").encode(default_scintilla_encoding)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
buff = (stops + "\0").encode(default_scintilla_encoding)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
buff = (text + "\0").encode(default_scintilla_encoding)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
name_buff = array.array("b", (name + "\0").encode(default_scintilla_encoding))Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
"b", (str(value) + "\0").encode(default_scintilla_encoding)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
txt_buff = (findText + "\0").encode(default_scintilla_encoding)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# but we just blindly assume that the last char is \0 and
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
buff = (str + "\0").encode(default_scintilla_encoding)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# About the only char we can't live with is \0!
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
file.write(win32trace.read().replace("\0", "<null>"))Strip null bytes from all file path inputs before processing.
Backslash-based directory traversal patterns targeting Windows file systems.
os.path.join(self.path, "..\\win32comext")
Normalize path separators and apply traversal checks for both forward and backslashes.
Null bytes in file paths can truncate path validation and access unintended files.
_NULL = _byte_string('\0')Strip null bytes from all file path inputs before processing.
Using Python's open() with variable paths without validation enables path traversal.
with open(args.path, encoding="utf-8") as markdown_file:
Validate and sanitize file paths using os.path.realpath() and check against allowed directories.
Using Python's open() with variable paths without validation enables path traversal.
code = sys.stdin.read() if args.path == "-" else open(args.path, "rt", encoding=args.encoding).read()
Validate and sanitize file paths using os.path.realpath() and check against allowed directories.
Null bytes in file paths can truncate path validation and access unintended files.
return tuple(f.read().split("\0")[:-1])Strip null bytes from all file path inputs before processing.
Backslash-based directory traversal patterns targeting Windows file systems.
..........content...........\n
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
..........content...........\n
Normalize path separators and apply traversal checks for both forward and backslashes.
Null bytes in file paths can truncate path validation and access unintended files.
ANSI_PREFIX = "\033["
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
HEADER_RE = re.compile(b'[\x00-\x1f\x7f()<>@,;:[]={} \t\\"]')Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
HEADER_VALUE_RE = re.compile(b"[\x00-\x08\x0a-\x1f\x7f]")
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
_EMPTY_UNCOMPRESSED_BLOCK = b"\x00\x00\xff\xff"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
_EMPTY_UNCOMPRESSED_BLOCK = b"\x00\x00\xff\xff"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
binary = b"".join([binary[: 2 * cut], b"\x00\x00", binary[-cut:]])
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
binary = b"".join([binary[: 2 * cut], b"\x00\x00", binary[-cut:]])
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
binary = b"".join([binary[: 2 * cut], b"\x00\x00", binary[-cut:]])
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
binary = b"".join([binary[: 2 * cut], b"\x00\x00", binary[-cut:]])
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
filter = "Python Scripts\0*.py;*.pyw;*.pys\0Text files\0*.txt\0"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
filter = "Python Scripts\0*.py;*.pyw;*.pys\0Text files\0*.txt\0"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
filter = "Python Scripts\0*.py;*.pyw;*.pys\0Text files\0*.txt\0"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
filter = "Python Scripts\0*.py;*.pyw;*.pys\0Text files\0*.txt\0"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
customfilter = "Other file types\0*.*\0"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
customfilter = "Other file types\0*.*\0"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
data=b"Raw\0Data",
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
data=b"Raw\0Data",
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
data=b"Raw\0Data",
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
auth = encodestring(data).replace("\012", "")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if input_record.Char == "\0":
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
test_data = b"Hello\0there"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
val += "\x00"
Strip null bytes from all file path inputs before processing.
Backslash-based directory traversal patterns targeting Windows file systems.
os.path.join(os.path.split(sys.executable)[0], "..\\PC\\pyc.ico")
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
os.path.join(os.path.split(sys.executable)[0], "..\\PC\\pyc.ico")
Normalize path separators and apply traversal checks for both forward and backslashes.
Null bytes in file paths can truncate path validation and access unintended files.
x[0].lower() for x in win32api.GetLogicalDriveStrings().split("\0") if xStrip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
ALL_TRANSPORTS = "M\0\0\0"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
ALL_TRANSPORTS = "M\0\0\0"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
ALL_TRANSPORTS = "M\0\0\0"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
val: bytes | int = b"\0"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
val = b"\0" * l
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
"\xa9\xd1\xca\x15\x76\x88\x11\xd1\xad\xed\x00\xc0\x4f\xd8\xd5\xcd"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
"\xaa\x31\x28\x25\x76\x88\x11\xd1\xad\xed\x00\xc0\x4f\xd8\xd5\xcd"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
"\xab\x1d\x30\xf3\x76\x88\x11\xd1\xad\xed\x00\xc0\x4f\xd8\xd5\xcd"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
"\xa3\x61\xb2\xff\xff\xd2\x11\xd1\xaa\x4b\x00\xc0\x4f\xd7\xd8\x3a"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
"\x2f\xba\xc1\x87\x0a\xde\x11\xd2\x97\xc4\x00\xc0\x4f\xd8\xd5\xcd"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
"\x18\xe2\xea\x80\x68\x4f\x11\xd2\xb9\xaa\x00\xc0\x4f\x79\xf8\x05"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
"\xab\x81\x53\xb7\x76\x88\x11\xd1\xad\xed\x00\xc0\x4f\xd8\xd5\xcd"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
data = (text + "\0").encode("utf-16le")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
return _make_text_buffer("\0" * cch)Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
extra_data += b"\0" * (4 - len(extra_data) % 4)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
guid=b"\0" * 16,
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
data=b"\0",
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# 16 bytes for the IID followed by \0 term'd string.
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
null_byte = b"\0"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
return (str(s) + "\0").encode("utf-16le")Strip null bytes from all file path inputs before processing.
Backslash-based directory traversal patterns targeting Windows file systems.
# Example: python bulkstamp.py 103 ..\win32\Build\ desc.txt
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
# "somewhere" and "..\Lib" should also be searched.
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
searchPath.append("..\\Build")Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
searchPath.append("..\\Lib")Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
searchPath.append("..\\..")Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
# also search somewhere\lib, ..\build, and ..\..\build
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
# also search somewhere\lib, ..\build, and ..\..\build
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
# also search somewhere\lib, ..\build, and ..\..\build
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
searchPath.append("..\\..\\lib")Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
searchPath.append("..\\..\\lib")Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
searchPath.append("..\\build")Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
searchPath.append("..\\..\\pcbuild\\amd64")Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
searchPath.append("..\\..\\pcbuild\\amd64")Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
searchPath.append("..\\..\\pcbuild")Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
searchPath.append("..\\..\\pcbuild")Normalize path separators and apply traversal checks for both forward and backslashes.
Null bytes in file paths can truncate path validation and access unintended files.
CheckEvent(server, client, b"Here is a null>\x00<", verbose)
Strip null bytes from all file path inputs before processing.
Backslash-based directory traversal patterns targeting Windows file systems.
win32api.GetFullPathName(__path__[0] + "\\..\\win32comext")
Normalize path separators and apply traversal checks for both forward and backslashes.
Null bytes in file paths can truncate path validation and access unintended files.
# windows seems to add an extra \0 (via the underlying BSTR)
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# The mainwin toolkit does not add this erroneous \0
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if typLibPath[-1] == "\0":
Strip null bytes from all file path inputs before processing.
Backslash-based directory traversal patterns targeting Windows file systems.
"# Generated file - this directory may be deleted to reset the COM cache...\n"
Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
sys.stderr.write("Generation complete..\n")Normalize path separators and apply traversal checks for both forward and backslashes.
Null bytes in file paths can truncate path validation and access unintended files.
CheckEvent(server, client, "Here is a null>\x00<", verbose)
Strip null bytes from all file path inputs before processing.
Backslash-based directory traversal patterns targeting Windows file systems.
iexplore.Navigate(win32api.GetFullPathName("..\\readme.html"))Normalize path separators and apply traversal checks for both forward and backslashes.
Backslash-based directory traversal patterns targeting Windows file systems.
iexplore.Navigate(win32api.GetFullPathName("..\\readme.html"))Normalize path separators and apply traversal checks for both forward and backslashes.
Null bytes in file paths can truncate path validation and access unintended files.
str_buf = array.array("c", val + "\0")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
hkey, comclass._reg_clsid_, 0, winreg.REG_BINARY, b"\0"
Strip null bytes from all file path inputs before processing.
Backslash-based directory traversal patterns targeting Windows file systems.
print("CMF_DEFAULTONLY...\r\n")Normalize path separators and apply traversal checks for both forward and backslashes.
Null bytes in file paths can truncate path validation and access unintended files.
# "directory\0directory_name", "file\0file_name" or
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# "directory\0directory_name", "file\0file_name" or
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# "object\0file_name\0class_name[.method_name"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# "object\0file_name\0class_name[.method_name"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# 'file' or 'object', and every other string is variable. We use '\0' as
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# "object_type\0object_name[\0extra ...]"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# "object_type\0object_name[\0extra ...]"
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
typ, extra = final_pidl.split("\0", 1)Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
typ, name = my_idl[0].split("\0")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
typ, name = pidl.split("\0")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
pidls.append([type_name + "\0" + fqn])
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
full_fname = final_pidl.split("\0")[-1]Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
pidls.append(["object\0" + self.path + "\0" + name])
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
pidls.append(["object\0" + self.path + "\0" + name])
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
typ, filename, obname = pidl.split("\0")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
typ, fname, obname = pidl[0].split("\0")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
self.path, details = details.split("\0")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
pidl = ["object\0" + self.path + "\0" + self.class_name + "." + func_name]
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
pidl = ["object\0" + self.path + "\0" + self.class_name + "." + func_name]
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
typ, fname, obname = pidl[0].split("\0")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
items = [["directory\0" + p] for p in sys.path if os.path.isdir(p)]
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
display_name = final_pidl.split("\0")[-1]Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
typ, path = data[0].split("\0")Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
scalar[1] in '\0 \t\r\n\x85\u2028\u2029')
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
preceded_by_whitespace = (ch in '\0 \t\r\n\x85\u2028\u2029')
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
scalar[index+1] in '\0 \t\r\n\x85\u2028\u2029')
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
'\0': '0',
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
while start > 0 and self.buffer[start-1] not in '\0\r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
while end < len(self.buffer) and self.buffer[end] not in '\0\r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
# - adds '\0' to the end.
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
self.buffer = stream+'\0'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
self.buffer += '\0'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if ch == '\0':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
return ch not in '\0 \t\r\n\x85\u2028\u2029-?:,[]{}#&*!|>\'\"%@`' \Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
or (self.peek(1) not in '\0 \t\r\n\x85\u2028\u2029'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
while self.peek() not in '\0\r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
while self.peek() not in '\0\r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if ch not in '\0 \r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if self.peek() not in '\0 \r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if ch not in '\0 \r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
while self.peek() not in '\0\r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if ch not in '\0\r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if ch not in '\0 \t\r\n\x85\u2028\u2029?:,]}%@`':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
elif ch in '\0 \t\r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
while ch not in '\0 \r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if ch not in '\0 \r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
while self.column == indent and self.peek() != '\0':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
while self.peek(length) not in '\0\r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if self.column == indent and self.peek() != '\0':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if ch not in '\0 \r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
while self.peek() not in '\0\r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if ch not in '\0\r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
'0': '\0',
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
while self.peek(length) not in '\'\"\\\0 \t\r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if ch == '\0':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
if ch in '\0 \t\r\n\x85\u2028\u2029' \
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
self.peek(length+1) in '\0 \t\r\n\x85\u2028\u2029'
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Null bytes in file paths can truncate path validation and access unintended files.
and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
Strip null bytes from all file path inputs before processing.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def create_endpoint_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return self.server.create_json_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def create_endpoint_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return self.server.create_json_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_token_request(self):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def create_endpoint_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return self.server.create_oauth2_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_openid_authorization_request(self, grant, redirect_uri):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_authorization_request(self):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return validate_code_authorization_request(self)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_authorization_request(self):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_consent_request(self):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def create_endpoint_request(self, request: OAuth2Request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return self.server.create_oauth2_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
Command: ["CMD-SHELL", "python -c \"import urllib.request; sys.exit(0 if urllib.request.urlopen('http://localhost:8000/health').getcode() == 200 else 1)\""]Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
batch_tasks.append(self.send_request(req_id))
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def send_request(self, req_id):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
url = f"http://localhost:{SERVER_PORT}/health"Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
url = f"http://localhost:{SERVER_PORT}/mcp"Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def send_request(self, method: str, params: Dict[str, Any]) -> Dict[str, Any]:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def send_request(self, method: str, params: Dict[str, Any]) -> Dict[str, Any]:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def _fetch(self, limit=None):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return self._fetch(size)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
return uri.startswith(("https://", "http://localhost:", "http://127.0.0.1:"))Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
return uri.startswith(("https://", "http://localhost:", "http://127.0.0.1:"))Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def request(self, method, url, token=None, **kwargs):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return await _http_request(self, session, method, url, token, kwargs)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def request(self, method, url, token=None, **kwargs):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return await _http_request(self, session, method, url, token, kwargs)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def _http_request(ctx, session, method, url, token, kwargs):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return await session.request(method, url, **kwargs)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return await session.request(method, url, **kwargs)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def request(self, method, url, token=None, **kwargs):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def _send_token_request(self, session, method, url, token, kwargs):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return session.request(method, url, **kwargs)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return session.request(method, url, **kwargs)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def request(self, method, url, token=None, **kwargs):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return self._send_token_request(session, method, url, token, kwargs)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def request(self, method, url, token=None, **kwargs):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return self._send_token_request(session, method, url, token, kwargs)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def check_authorization_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
req = self.create_oauth1_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
self.validate_authorization_request(req)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def create_oauth1_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
req = self.validate_request(request.method, url, body, request.headers)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def create_oauth2_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def create_json_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def check_authorization_request(self):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
req = self.create_oauth1_request(None)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
self.validate_authorization_request(req)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def create_oauth1_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def create_oauth2_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def create_json_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return await super().request(method, url, auth=auth, **kwargs)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return super().request(method, url, auth=auth, **kwargs)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return await super().request(method, url, auth=auth, **kwargs)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return super().request(method, url, auth=auth, **kwargs)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def build_request(url, headers, body, initial_request: Request) -> Request:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def request(self, method, url, withhold_token=False, auth=None, **kwargs):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return super().request(method, url, auth=auth, **kwargs)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def request(self, method, url, withhold_token=False, auth=None, **kwargs):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return super().request(method, url, auth=auth, **kwargs)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def create_oauth1_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_temporary_credentials_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
request = self.create_oauth1_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
self.validate_temporary_credentials_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_authorization_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
request = self.create_oauth1_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
self.validate_authorization_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_token_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
request = self.create_oauth1_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
self.validate_token_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_request(self, method, uri, body, headers):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return prepare_token_request(grant_type, body, **kwargs)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return prepare_token_request(grant_type, body, **kwargs)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def create_oauth2_request(self, request) -> OAuth2Request:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def create_json_request(self, request) -> JsonRequest:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
request = self.create_oauth2_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
request = endpoint.create_endpoint_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
request = self.create_oauth2_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
request = self.create_oauth2_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_authorization_request(self):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return validate_code_authorization_request(self)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_token_request(self):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_code_authorization_request(grant):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_token_request(self):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_consent_request(self):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_authorization_request(self):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_token_request(self):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_authorization_request(self):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_token_request(self):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_token_request(self):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def prepare_token_request(grant_type, body="", redirect_uri=None, **kwargs):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def validate_request(self, scopes, request, **kwargs):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
validator.validate_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def create_endpoint_request(self, request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return self.server.create_oauth2_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def prepare_revoke_token_request(token, token_type_hint=None, body=None, headers=None):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
# Common case: we got (True, result), so we return the result.
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
file://, gopher://, dict://, and other non-HTTP schemas can be exploited for SSRF.
if url.startswith("file://"):Only allow http:// and https:// URL schemas. Validate URL schemas before making requests.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
nargs = _fetch(nargs_spec)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
rv.append(_fetch(args)) # type: ignore[arg-type]
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
x = [_fetch(args) for _ in range(nargs)]
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
Creates an empty X.509 certificate request (v1).
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return ocsp.create_ocsp_request(self)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def fetch(self, mode, filename, value, read):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def fetch(self, mode, filename, value, read):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
data = super().fetch(mode, filename, value, read)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
value = self._disk.fetch(mode, filename, db_value, read)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
value = self._disk.fetch(mode, filename, db_value, read)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
value = self._disk.fetch(mode, filename, db_value, False)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
value = self._disk.fetch(mode, name, db_value, False)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
value = self._disk.fetch(mode, name, db_value, False)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
value = self._disk.fetch(mode, name, db_value, False)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
redirect_uri = f"http://localhost:{self.redirect_port}/callback"Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
client = Client("http://localhost:8080")Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await self.on_request(message) # type: ignore[arg-type]
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
webbrowser.open(f"http://localhost:{port}/callback?code=test123&state=xyz")Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
file://, gopher://, dict://, and other non-HTTP schemas can be exploited for SSRF.
task = await client.read_resource_as_task("file://data.txt")Only allow http:// and https:// URL schemas. Validate URL schemas before making requests.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
Patterns support wildcards (e.g., "http://localhost:*", "https://*.example.com/*").
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
redirect_uris=client_info.redirect_uris or [AnyUrl("http://localhost")],Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
Patterns support wildcards (e.g., "http://localhost:*", "https://*.example.com/*").
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
base_url="http://localhost:8000",
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
base_url="http://localhost:8000",
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
base_url="http://localhost:8000",
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
base_url="http://localhost:8000",
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
base_url="http://localhost:8000",
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
base_url="http://localhost:8000",
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
base_url="http://localhost:8000"
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
"http://localhost:*",
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
"http://127.0.0.1:*",
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def on_request(self, context, call_next):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await self.session_manager.handle_request(scope, receive, send)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await super(MiddlewareServerSession, self)._received_request(responder)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return await super()._received_request(responder)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def on_request(self, context: MiddlewareContext, call_next: CallNext) -> Any:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def on_request(self, context: MiddlewareContext, call_next: CallNext) -> Any:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def on_request(self, context: MiddlewareContext, call_next: CallNext) -> Any:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def on_request(self, context: MiddlewareContext, call_next: CallNext) -> Any:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
else "http://localhost"
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
file://, gopher://, dict://, and other non-HTTP schemas can be exploited for SSRF.
"uri": f"file://{path}",Only allow http:// and https:// URL schemas. Validate URL schemas before making requests.
file://, gopher://, dict://, and other non-HTTP schemas can be exploited for SSRF.
>>> build_task_key("session123", "task456", "resource", "file://data.txt")Only allow http:// and https:// URL schemas. Validate URL schemas before making requests.
file://, gopher://, dict://, and other non-HTTP schemas can be exploited for SSRF.
'task_type': 'resource', 'component_identifier': 'file://data.txt'}
Only allow http:// and https:// URL schemas. Validate URL schemas before making requests.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
base_url: str = "http://localhost",
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
file://, gopher://, dict://, and other non-HTTP schemas can be exploited for SSRF.
uri_str = f"file:///{self._name}.{self._mime_type.split('/')[1]}"Only allow http:// and https:// URL schemas. Validate URL schemas before making requests.
file://, gopher://, dict://, and other non-HTTP schemas can be exploited for SSRF.
uri_str = f"file:///resource.{self._mime_type.split('/')[1]}"Only allow http:// and https:// URL schemas. Validate URL schemas before making requests.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def handle_async_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
if not self.can_handle_request(request.url.origin):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return await self._connection.handle_async_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def can_handle_request(self, origin: Origin) -> bool:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def handle_async_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
if connection.can_handle_request(origin) and connection.is_available()
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def handle_async_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
if not self.can_handle_request(request.url.origin):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def can_handle_request(self, origin: Origin) -> bool:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def handle_async_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
if not self.can_handle_request(request.url.origin):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def can_handle_request(self, origin: Origin) -> bool:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def handle_async_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return await self._connection.handle_async_request(proxy_request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def can_handle_request(self, origin: Origin) -> bool:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def handle_async_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return await self._connection.handle_async_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def can_handle_request(self, origin: Origin) -> bool:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
For example `"http://127.0.0.1:8080/"`.
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
response = await self.handle_async_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
response = await self.handle_async_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def handle_async_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def can_handle_request(self, origin: Origin) -> bool:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def handle_async_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return await self._connection.handle_async_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def can_handle_request(self, origin: Origin) -> bool:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
For example `"http://127.0.0.1:8080/"`.
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
at `http://localhost:8080`...
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def handle_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
if not self.can_handle_request(request.url.origin):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return self._connection.handle_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def can_handle_request(self, origin: Origin) -> bool:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def handle_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
if connection.can_handle_request(origin) and connection.is_available()
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def handle_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
if not self.can_handle_request(request.url.origin):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def can_handle_request(self, origin: Origin) -> bool:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def handle_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
if not self.can_handle_request(request.url.origin):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def can_handle_request(self, origin: Origin) -> bool:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def handle_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return self._connection.handle_request(proxy_request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def can_handle_request(self, origin: Origin) -> bool:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def handle_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return self._connection.handle_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def can_handle_request(self, origin: Origin) -> bool:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
For example `"http://127.0.0.1:8080/"`.
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
response = self.handle_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
response = self.handle_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def handle_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def can_handle_request(self, origin: Origin) -> bool:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def handle_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return self._connection.handle_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def can_handle_request(self, origin: Origin) -> bool:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
For example `"http://127.0.0.1:8080/"`.
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def _build_redirect_request(self, request: Request, response: Response) -> Request:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
response = self._send_single_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
request = self._build_redirect_request(request, response)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def _send_single_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
response = transport.handle_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
response = await self._send_single_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
request = self._build_redirect_request(request, response)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def _send_single_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
response = await transport.handle_async_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def request(self) -> Request:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def request(self, request: Request) -> None:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
file://, gopher://, dict://, and other non-HTTP schemas can be exploited for SSRF.
For example issuing a request to `ftp://www.example.com`.
Only allow http:// and https:// URL schemas. Validate URL schemas before making requests.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def request(self) -> Request:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def request(self, value: Request) -> None:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def handle_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
resp = transport.handle_request(req)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
resp = self._pool.handle_request(req)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
resp = await self._pool.handle_async_request(req)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def handle_request(self, request: Request) -> Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
url: str = "http://localhost:8200",
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
url: str = "http://localhost:8200",
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
url: The URL of the Vault server. Defaults to "http://localhost:8200".
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
discovery_request = create_oauth_metadata_request(url)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
oauth_metadata_request = create_oauth_metadata_request(url)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def _received_request(self, responder: RequestResponder[types.ServerRequest, types.ClientResult]) -> None:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
if self._task_handlers.handles_request(responder.request):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await self._task_handlers.handle_request(ctx, responder)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def _is_initialization_request(self, message: JSONRPCMessage) -> bool:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def _handle_resumption_request(self, ctx: RequestContext) -> None:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def _handle_post_request(self, ctx: RequestContext) -> None:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
is_initialization = self._is_initialization_request(message)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await self._handle_resumption_request(ctx)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await self._handle_post_request(ctx)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
client = await self.client_authenticator.authenticate_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
client_info = await self.client_authenticator.authenticate_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def authenticate_request(self, request: Request) -> OAuthClientInformationFull:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await self.session_manager.handle_request(scope, receive, send)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
allowed_origins=["http://127.0.0.1:*", "http://localhost:*", "http://[::1]:*"],
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
allowed_origins=["http://127.0.0.1:*", "http://localhost:*", "http://[::1]:*"],
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
allowed_origins=["http://127.0.0.1:*", "http://localhost:*", "http://[::1]:*"],
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
file://, gopher://, dict://, and other non-HTTP schemas can be exploited for SSRF.
"uri": f"file://{path}",Only allow http:// and https:// URL schemas. Validate URL schemas before making requests.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await self._handle_request(message, req, session, lifespan_context, raise_exceptions)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def _received_request(self, responder: RequestResponder[types.ClientRequest, types.ServerResult]):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
error_response = await self._security.validate_request(request, is_post=False)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
error_response = await self._security.validate_request(request, is_post=True)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def handle_request(self, scope: Scope, receive: Receive, send: Send) -> None:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
error_response = await self._security.validate_request(request, is_post=is_post)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await self._handle_post_request(scope, request, receive, send)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await self._handle_get_request(request, send)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await self._handle_delete_request(request, send)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await self._handle_unsupported_request(request, send)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def _handle_post_request(self, scope: Scope, request: Request, receive: Receive, send: Send) -> None:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def _handle_get_request(self, request: Request, send: Send) -> None: # pragma: no cover
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def _handle_delete_request(self, request: Request, send: Send) -> None: # pragma: no cover
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def _handle_unsupported_request(self, request: Request, send: Send) -> None: # pragma: no cover
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await self._handle_stateless_request(scope, receive, send)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await self._handle_stateful_request(scope, receive, send)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await http_transport.handle_request(scope, receive, send)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await transport.handle_request(scope, receive, send)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await http_transport.handle_request(scope, receive, send)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def validate_request(self, request: Request, is_post: bool = False) -> Response | None:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
await self._received_request(responder)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def _received_request(self, responder: RequestResponder[ReceiveRequestT, SendResultT]) -> None:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def get_header_from_flask_request(request, key):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def redirect_request(self, req, fp, code, msg, headers, newurl):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
file://, gopher://, dict://, and other non-HTTP schemas can be exploited for SSRF.
MyModel(url='ftp://invalid.url')
Only allow http:// and https:// URL schemas. Validate URL schemas before making requests.
file://, gopher://, dict://, and other non-HTTP schemas can be exploited for SSRF.
URL scheme should be 'http' or 'https' [type=url_scheme, input_value='ftp://invalid.url', input_type=str]
Only allow http:// and https:// URL schemas. Validate URL schemas before making requests.
file://, gopher://, dict://, and other non-HTTP schemas can be exploited for SSRF.
'bitcoin:', 'ftp://', 'ftps://', 'geo:', 'git://', 'gopher://', 'http://', 'https://',
Only allow http:// and https:// URL schemas. Validate URL schemas before making requests.
file://, gopher://, dict://, and other non-HTTP schemas can be exploited for SSRF.
'bitcoin:', 'ftp://', 'ftps://', 'geo:', 'git://', 'gopher://', 'http://', 'https://',
Only allow http:// and https:// URL schemas. Validate URL schemas before making requests.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
lambda: self._make_request(req, context=context, timeout=timeout),
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
" endpoint='http://localhost:4318/v1/metrics'\n"
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
class Module_six_moves_urllib_request(_LazyModule):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def handle_request(self, request: httpx.Request) -> httpx.Response:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def process_request(self, path: str, request_headers: Headers) -> HTTPResponse | None:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
websockets.legacy.handshake.check_request(request_headers)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
self.protocol.send_request(self.request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
prepare_connect_request(self.proxy, self.ws_uri, self.user_agent_header)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
response = _process_request(connection, request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return router.route_request(connection, request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
response = process_request(self, self.request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def send_request(self, request: Request) -> None:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return await super().process_request(path, request_headers)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def write_http_request(self, path: str, headers: Headers) -> None:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
key = build_request(request_headers)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
self.write_http_request(wsuri.resource_name, request_headers)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
async def read_http_request(self) -> tuple[str, Headers]:
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
path, headers = await read_request(self.reader)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
response = self._process_request(path, request_headers)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
early_response_awaitable = self.process_request(path, request_headers)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
key = check_request(request_headers)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
) = self.process_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
self.protocol.send_request(self.request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
sock.sendall(prepare_connect_request(proxy, ws_uri, user_agent_header))
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
response = _process_request(connection, request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
return router.route_request(connection, request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
response = process_request(self, self.request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
args = ["http://localhost/localstart.asp"]
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def verify_request(self, sock, ca):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
def process_request(self, request, client_address):
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
self.close_request(request)
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(cmd, globals, locals)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(what, globs, locs)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(code, glob, glob)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
hint_resolved = eval(hint, decor_meta.func_wrappee_scope_forward)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
# however via `exec(...)` / `eval(...)` they can be other types
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
# hint_resolved = eval(hint, decor_meta.func_wrappee_scope_forward)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
# however via `exec(...)` / `eval(...)` they can be other types
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Using exec or execSync with template literals or string concatenation allows attackers to inject arbitrary shell commands.
require('child_process').execSync(`${cmd} --version`, { stdio: 'ignore' });Replace exec/execSync with execFile or spawn with explicit argument arrays instead of string interpolation.
Direct usage of child_process module methods with variable arguments may allow command injection.
const { spawn } = require('child_process');Use execFile with explicit argument arrays instead of child_process with string commands.
Direct usage of child_process module methods with variable arguments may allow command injection.
require('child_process').execSync(`${cmd} --version`, { stdio: 'ignore' });Use execFile with explicit argument arrays instead of child_process with string commands.
Building shell commands with template literals allows injection via interpolated values.
require('child_process').execSync(`${cmd} --version`, { stdio: 'ignore' });Use parameterized command execution instead of template literals.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exc_info = _interpreters.exec(self._interpreter_id, _run_func)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
eval(bytecode, globs, locs)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(func_body, globals(), local_attrs)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
# simply calling "exec(func_code, func_globals, func_locals)". Why?
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(func_code_compiled, func_globals, func_locals)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
f' exec("type alias_name = alias_value") # <-- eldritch abomination\n'Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
# exec(f'{__hint_pep695_forwardref_beartype__.__name_beartype__} = __hint_pep695_forwardref_beartype__')Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
# exec(f'{_.__name_beartype__} = _')Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
return eval(sizestring)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
The Function constructor creates functions from strings, equivalent to eval() and equally dangerous with untrusted input.
aelements[i].addEventListener("click", new Function("e",Replace new Function() with a safe alternative. Avoid constructing functions from strings.
The Function constructor creates functions from strings, equivalent to eval() and equally dangerous with untrusted input.
aelements[i].attachEvent("onclick", new Function("",Replace new Function() with a safe alternative. Avoid constructing functions from strings.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
def eval(self, script: bytes, numkeys: int, *keys_and_args: bytes) -> Any:
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
return self.eval(script, numkeys, *keys_and_args)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
script_map_func = eval(script_map_func)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
return eval(use)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
subprocess calls with shell=True execute commands through the shell, enabling injection attacks.
subprocess.run([cmd, "--version"], check=True, capture_output=True, shell=True)
Set shell=False in subprocess calls and pass command as a list.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(code, evaldict)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
return eval(typ, *ns)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
eval('__IPYTHON__')Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(f.read(), custom_namespace)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(f.read(), custom_namespace)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
v = eval(Symbol(compl.mod))
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
v = eval(Symbol(compl.mod))
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
self.intervaler = eval(self.dlg.buildTimer)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(self.dlg.doWork)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Using exec or execSync with template literals or string concatenation allows attackers to inject arbitrary shell commands.
exec(cmd + "\n", __main__.__dict__)
Replace exec/execSync with execFile or spawn with explicit argument arrays instead of string interpolation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(cmd + "\n", __main__.__dict__)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(cmd)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
val = repr(eval(text, globs, locs))
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
return eval(fmt)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(code, self.globals, self.locals)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(o, __main__.__dict__)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Using exec or execSync with template literals or string concatenation allows attackers to inject arbitrary shell commands.
exec(command + "\n")
Replace exec/execSync with execFile or spawn with explicit argument arrays instead of string interpolation.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
browser.Browse(eval(obName, __main__.__dict__, __main__.__dict__))
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(command + "\n")
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(codeObject, __main__.__dict__)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(codeObj, __main__.__dict__)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
root = eval("win32con." + keystr[0])Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec("%s\n" % pyCmd)Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
det = eval(line[line.find(":") + 1 :].strip())Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
return eval(word, namespace)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
return eval("%d%s%d" % (i1, op, i2))Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(codeob, ns)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
style.format = eval(new)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
val = eval(name)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
return eval(left, namespace)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
def eval(self):
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
def eval(self):
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
def eval(self):
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec("""exec _code_ in _globs_, _locs_""")Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
value if not isinstance(value, str) else eval(value, globals, locals)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
value = eval(code, globals, locals)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(func_code, globals_, locals_)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(func_code, globals_, locals_)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
os.system() passes commands to the shell and is vulnerable to injection when using unsanitized input.
os.system("")Replace os.system() with subprocess.run() using a list of arguments.
os.system() passes commands to the shell and is vulnerable to injection when using unsanitized input.
os.system(f"{exeName} -debug {serviceName} {svcArgs}")Replace os.system() with subprocess.run() using a list of arguments.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
strVal = eval(strVal, evalEnv[0], evalEnv[1])
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(stmt, env)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(stmt, env)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
return eval(str(exp), self.dict)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(str(exp), self.dict)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(self.code, self.frame.f_globals, self.frame.f_locals)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
return eval(codeBlock, globals, locals)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
eval() executes arbitrary code and should never be used with untrusted input. It enables full code injection.
return eval(codeBlock, globals, locals)
Remove eval() usage. Use JSON.parse for data or a sandboxed interpreter for dynamic code.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(codeObject, globals, locals)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Python's exec() function executes arbitrary code strings and is a vector for code injection.
exec(codeObject, globals, locals)
Remove exec() calls. Use ast.literal_eval for safe expression evaluation.
Dynamic imports with variable URLs can load malicious code at runtime.
# A future import (i.e., import of the form "from __future__
Use static imports only. Do not dynamically import modules from variable paths.
Dynamic imports with variable URLs can load malicious code at runtime.
from _imp import (acquire_lock, release_lock,
Use static imports only. Do not dynamically import modules from variable paths.
Registering a tool with a name that collides with common system commands (bash, shell, exec, eval, etc.) can shadow built-in tools and intercept agent operations.
name = "bash"
Rename the tool to a unique, descriptive name that does not collide with system commands.
Dynamic imports with variable URLs can load malicious code at runtime.
def subimport(name):
Use static imports only. Do not dynamically import modules from variable paths.
Dynamic imports with variable URLs can load malicious code at runtime.
def dynamic_subimport(name, vars):
Use static imports only. Do not dynamically import modules from variable paths.
Dynamic imports with variable URLs can load malicious code at runtime.
from docutils import (__version__, __version_details__, SettingsSpec,
Use static imports only. Do not dynamically import modules from variable paths.
Dynamic imports with variable URLs can load malicious code at runtime.
from collections.abc import (Callable, Iterable, Iterator,
Use static imports only. Do not dynamically import modules from variable paths.
Dynamic imports with variable URLs can load malicious code at runtime.
from docutils.utils._roman_numerals import (InvalidRomanNumeralError,
Use static imports only. Do not dynamically import modules from variable paths.
Dynamic imports with variable URLs can load malicious code at runtime.
from docutils.utils.math import (MathError, mathalphabet2unichar,
Use static imports only. Do not dynamically import modules from variable paths.
Dynamic imports with variable URLs can load malicious code at runtime.
from docutils.utils.math import (latex2mathml, math2html, tex2mathml_extern,
Use static imports only. Do not dynamically import modules from variable paths.
Dynamic imports with variable URLs can load malicious code at runtime.
from .pygmentsformatter import (OdtPygmentsProgFormatter,
Use static imports only. Do not dynamically import modules from variable paths.
Dynamic imports with variable URLs can load malicious code at runtime.
# Lazy load `deliverability` as it is slow to import (due to dns.resolver)
Use static imports only. Do not dynamically import modules from variable paths.
Dynamic imports with variable URLs can load malicious code at runtime.
# Lazy load `deliverability` as it is slow to import (due to dns.resolver)
Use static imports only. Do not dynamically import modules from variable paths.
Dynamic imports with variable URLs can load malicious code at runtime.
lua_runtime.require(module.encode())
Use static imports only. Do not dynamically import modules from variable paths.
Registering a tool with a name that collides with common system commands (bash, shell, exec, eval, etc.) can shadow built-in tools and intercept agent operations.
@command(name="COMMAND", fixed=(), repeat=())
Rename the tool to a unique, descriptive name that does not collide with system commands.
Registering a tool with a name that collides with common system commands (bash, shell, exec, eval, etc.) can shadow built-in tools and intercept agent operations.
@command(name="exec", fixed=(), repeat=(), flags=[msgs.FLAG_NO_SCRIPT, msgs.FLAG_TRANSACTION])
Rename the tool to a unique, descriptive name that does not collide with system commands.
Dynamic imports with variable URLs can load malicious code at runtime.
# This is likely due to a star import (see the dataclasses plugin for a more detailed explanation)
Use static imports only. Do not dynamically import modules from variable paths.
Dynamic imports with variable URLs can load malicious code at runtime.
# This is likely due to a star import (see the dataclasses plugin for a more detailed explanation)
Use static imports only. Do not dynamically import modules from variable paths.
Registering a tool with a name that collides with common system commands (bash, shell, exec, eval, etc.) can shadow built-in tools and intercept agent operations.
name = 'Terminal'
Rename the tool to a unique, descriptive name that does not collide with system commands.
Dynamic imports with variable URLs can load malicious code at runtime.
from pygments.token import (Comment, Keyword, Name, Number, Punctuation, String,
Use static imports only. Do not dynamically import modules from variable paths.
Dynamic imports with variable URLs can load malicious code at runtime.
from pygments.token import (Comment, Keyword, Name, Number, Punctuation,
Use static imports only. Do not dynamically import modules from variable paths.
Registering a tool with a name that collides with common system commands (bash, shell, exec, eval, etc.) can shadow built-in tools and intercept agent operations.
name = 'Bash'
Rename the tool to a unique, descriptive name that does not collide with system commands.
Registering a tool with a name that collides with common system commands (bash, shell, exec, eval, etc.) can shadow built-in tools and intercept agent operations.
name = 'PowerShell'
Rename the tool to a unique, descriptive name that does not collide with system commands.
Dynamic imports with variable URLs can load malicious code at runtime.
from pygments.token import (Comment, String, Name, Keyword, Number,
Use static imports only. Do not dynamically import modules from variable paths.
Dynamic imports with variable URLs can load malicious code at runtime.
from pygments.token import (Comment, Error, Generic, Keyword, Literal, Name,
Use static imports only. Do not dynamically import modules from variable paths.
Dynamic imports with variable URLs can load malicious code at runtime.
from ctypes.wintypes import (HGLOBAL, LPVOID, DWORD, LPCSTR, INT, HWND,
Use static imports only. Do not dynamically import modules from variable paths.
Registering a tool with a name that collides with common system commands (bash, shell, exec, eval, etc.) can shadow built-in tools and intercept agent operations.
click_obj.name = "run"
Rename the tool to a unique, descriptive name that does not collide with system commands.
Using sudo in scripts escalates privileges and may allow unintended system-wide modifications.
sudo apt-get install wl-clipboard
Remove sudo usage. Run processes with the minimum required privileges.
Using sudo in scripts escalates privileges and may allow unintended system-wide modifications.
sudo apt-get install xclip
Remove sudo usage. Run processes with the minimum required privileges.
Using sudo in scripts escalates privileges and may allow unintended system-wide modifications.
additionalInfo = '\nOn Linux, you can run `sudo apt-get install xclip`, `sudo apt-get install xselect` (on X11) or `sudo apt-get install wl-clipboard` (on Wayland) to install a copy/paste mechanism.'
Remove sudo usage. Run processes with the minimum required privileges.
Using sudo in scripts escalates privileges and may allow unintended system-wide modifications.
additionalInfo = '\nOn Linux, you can run `sudo apt-get install xclip`, `sudo apt-get install xselect` (on X11) or `sudo apt-get install wl-clipboard` (on Wayland) to install a copy/paste mechanism.'
Remove sudo usage. Run processes with the minimum required privileges.
Using sudo in scripts escalates privileges and may allow unintended system-wide modifications.
additionalInfo = '\nOn Linux, you can run `sudo apt-get install xclip`, `sudo apt-get install xselect` (on X11) or `sudo apt-get install wl-clipboard` (on Wayland) to install a copy/paste mechanism.'
Remove sudo usage. Run processes with the minimum required privileges.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# Note that this logic should *ALWAYS* be non-"None". Nonetheless...
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if hint_logic is None: # pragma: no cover
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# Hint logic type-checking this sign if any *OR* "None" otherwise.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# that this logic should *ALWAYS* be non-"None". Nonetheless, assumptions.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if hint_logic is None: # pragma: no cover
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger.info("FastMCP skills provider disabled by MCP_SKILLS_PROVIDER_ENABLED=false")Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
AUDIT_LOG_SQL_TEXT = _env_bool("MCP_AUDIT_LOG_SQL_TEXT", False)Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
AUDIT_REQUIRE_PROMPT = _env_bool("MCP_AUDIT_REQUIRE_PROMPT", False)Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
AUDIT_LOG_REQUIRED = _env_bool("MCP_AUDIT_LOG_REQUIRED", False)Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
"Audit policy requires source_prompt for query tools. Provide source_prompt or set MCP_AUDIT_REQUIRE_PROMPT=false."
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
async def _ctx_log(ctx: Context | None, level: Literal["debug", "info", "warning", "error"], message: str) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# Suppress Uvicorn logs to prevent stdout pollution
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
_compose("logs", SERVER_SERVICE, check=False)Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: types.TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
raise ClosedResourceError().with_traceback(exc.__traceback__) from None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
raise ClosedResourceError().with_traceback(exc.__traceback__) from None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: types.TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
type[BaseException] | None, BaseException | None, TracebackType | None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
__traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# Logically, flag is None and auto_detect is True here.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log.debug(f'Authenticate {client_id} via "none" success')Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log.debug(f'Authenticate {client_id} via "none" failed')Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# as such, we suppress all exceptions while accessing __tracebackhide__
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
f_trace tracing function for this frame, or None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def __exit__(self, cls, value, traceback) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# Is this a 'silent' install - ie, avoid all dialogs.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
epilog: str | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def format_epilog(self, ctx: Context, formatter: HelpFormatter) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# Click is logically enforcing that the name is None if the parameter is
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
help_epilogue: str | None = field(default=None, kw_only=True)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def _log_framework_warning(framework: TestFramework) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
Unknown directives are silently removed but logged as debug messages.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
raise ex.with_traceback(tb) from None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def set_logging_format(format: LogFormat) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def set_logging_level(level: LogLevel) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: type[BaseException] | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
async def my_task(logger: "LoggerAdapter[Logger]" = TaskLogger()) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
trace_context: opentelemetry.context.Context | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def trace_context(self) -> opentelemetry.context.Context | None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def log_message(self, format: str, *args: object) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# Suppress access logs from the webserver
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def _startup_log(self) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
['--traceback'], {'action': 'store_true', 'default': None,Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
('Disable Python tracebacks. (default)',Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
['--no-traceback'], {'dest': 'traceback', 'action': 'store_false'}),Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
include_log.append((current_source, (None, None, '', '')))
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
return sys.gettrace() is not None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
etype: type[BaseException], value: BaseException, tb: TracebackType | None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
yield traceback._format_final_exc_line(None, self._str)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
elif traceback_exception_format_syntax_error is not None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback.TracebackException, "_format_syntax_error", None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def _lua_redis_log(lua_runtime: LUA_MODULE.LuaRuntime, expected_globals: Set[Any], lvl: int, *args: Any) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def reset_log(self) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_level: LogLevelType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_handler: LogHandler | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if log_handler is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
async def set_logging_level(self, level: mcp.types.LoggingLevel) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
LogHandler: TypeAlias = Callable[[LogMessage], Awaitable[None]]
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
async def default_log_handler(message: LogMessage) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def create_log_callback(handler: LogHandler | None = None) -> LoggingFnT:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
async def log_callback(params: LoggingMessageNotificationParams) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
access_log=False,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logging_callback: LoggingFnT | None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_file: Path | TextIO | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_file: Path | TextIO | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if log_file is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_file: Path | TextIO | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_file: Path | TextIO | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_file: Path | TextIO | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger.debug("Token validation failed: callable returned False")Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self.logger.debug("Token introspection returned active=false")Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
level: LoggingLevel | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger_name: str | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger_name: str | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger_name: str | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger_name: str | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger_name: str | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger_name: str | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: logging.Logger | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
include_traceback: bool = False,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: Logger instance for error logging. If None, uses 'fastmcp.errors'
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def _log_error(self, error: Exception, context: MiddlewareContext) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: logging.Logger | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self, message: dict[str, str | int | float], log_level: int | None = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: logging.Logger | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: Logger instance to use. If None, creates a logger named 'fastmcp.requests'
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
methods: List of methods to log. If None, logs all methods.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self.structured_logging: bool = False
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: logging.Logger | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: Logger instance to use. If None, creates a logger named 'fastmcp.structured'
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
methods: List of methods to log. If None, logs all methods.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self, logger: logging.Logger | None = None, log_level: int = logging.INFO
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: Logger instance to use. If None, creates a logger named 'fastmcp.timing'
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self, logger: logging.Logger | None = None, log_level: int = logging.INFO
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: Logger instance to use. If None, creates a logger named 'fastmcp.timing.detailed'
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
async def default_log_handler(cls, message: LogMessage) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
async def __aexit__(self, exc_type, exc_value, traceback) -> None: # type: ignore[override]
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_level: str | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_level: str | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self, show_banner: bool = True, log_level: str | None = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_level: str | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: logging.Logger | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
enable_rich_tracebacks: bool | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# Check if logging is disabled in settings
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if enable_rich_tracebacks is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if logger is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger.propagate = False
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback_handler.addFilter(lambda record: record.exc_info is not None)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: logging.Logger | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
enable_rich_tracebacks: bool | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def _unclamp_logger(logger: logging.Logger) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_level: Literal["DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"] | None = Field(
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger.error(f"Failed to extract schema as dict: {e}", exc_info=False)Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger.error(f"Failed to extract schema as dict: {e}", exc_info=False)Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
) -> Generator[LogCaptureFixture, None, None]:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
"""Context manager to capture logs from FastMCP loggers even when propagation is disabled."""
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def create_logo(icon_url: str | None = None, alt_text: str = "FastMCP") -> str:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
async with Trace("close", logger, None, {}):Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
with Trace("close", logger, None, {}):Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self.should_trace = self.debug or self.trace_extension is not None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def trace(self, name: str, info: dict[str, typing.Any]) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if self.trace_extension is not None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
async def atrace(self, name: str, info: dict[str, typing.Any]) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if self.trace_extension is not None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def InstallModule(conf_module_name, params, options, log=lambda *args: None):
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def UninstallModule(conf_module_name, params, options, log=lambda *args: None):
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self, exc_type: type[BaseException] | None, exc_value: BaseException | None, traceback: TracebackType | None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: logging.Logger | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_values: bool = False,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
structured_logs: bool = False,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: Logger instance to use. If None, creates a logger named 'key_value.logging'.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self._log(state="finish", action="GET", keys=key, collection=collection, values=result, extra={"hit": result is not None})Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logging_callback: LoggingFnT | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logging_callback: LoggingFnT | None = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
_exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
errlog: TextIO | None = sys.stderr,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
errlog (TextIO | None): Where to send stderr output (defaults to sys.stderr)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
errlog: TextIO | None = sys.stderr,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger_name: str | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logging_capability = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def decorator(func: Callable[[types.LoggingLevel], Awaitable[None]]):
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: str | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logo_uri: AnyHttpUrl | None = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logging_callback: LoggingFnT | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_tb: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logging: LoggingCapability | None = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: str | None = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
trace: Optional[Operation] = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
trace: Optional[Operation] = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
trace_id: Optional[int] = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
trace_flags: Optional["TraceFlags"] = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self._real_event_logger: Optional[EventLogger] = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
_EVENT_LOGGER_PROVIDER: Optional[EventLoggerProvider] = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if _EVENT_LOGGER_PROVIDER is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
_set_event_logger_provider(event_logger_provider, log=False)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
event_logger_provider: Optional[EventLoggerProvider] = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if event_logger_provider is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
trace_id: Optional[int] = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
trace_flags: Optional["TraceFlags"] = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
trace_id: Optional[int] = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
trace_flags: Optional["TraceFlags"] = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
record: LogRecord | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
record: LogRecord | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self._real_logger: Optional[Logger] = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
record: LogRecord | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
_LOGGER_PROVIDER: Optional[LoggerProvider] = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if _LOGGER_PROVIDER is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
_set_logger_provider(logger_provider, log=False)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def _set_logger_provider(logger_provider: LoggerProvider, log: bool) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def set_logger_provider(logger_provider: LoggerProvider) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger_provider: Optional[LoggerProvider] = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if logger_provider is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def _set_meter_provider(meter_provider: MeterProvider, log: bool) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
_set_meter_provider(meter_provider, log=False)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self._real_tracer: Optional[Tracer] = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
_TRACER_PROVIDER: Optional[TracerProvider] = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tracer_provider: Optional[TracerProvider] = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if tracer_provider is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def _set_tracer_provider(tracer_provider: TracerProvider, log: bool) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def set_tracer_provider(tracer_provider: TracerProvider) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if _TRACER_PROVIDER is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
_set_tracer_provider(tracer_provider, log=False)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if tracestate_headers is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tracestate = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if trace_flags is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if trace_state is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def __exit__(self, typ: Optional[Type[BaseException]], value: Optional[BaseException], traceback: Optional[TracebackType]) -> Literal[False]:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def log_message(self, format: str, *args: Any) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchEnsure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
'jdisableTrace',
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
r'RADIOBUTTON\s+GROUP|RANGE\s+OF|REF\s+TO|SUPPRESS DIALOG|'
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
r'radiobuttons|right|show|silent|silentlog|smooth|textonly|top|'
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
r'Link_PrevGroup|Link_PrevRecord|Log|Loop|Output_None|Portal|'
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
'log', 'make', 'mount volume', 'new', 'offset',
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_data[field] = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
ps = dialog.PropertySheet("Property Sheet/Page Demo", None, [page1, page2])Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
["Example slider", (0, 0, 50, 43), _dialogstyle, None, (8, "MS SansSerif")],
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
sys.settrace(None) # May be hooked
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# No idea why I need to settrace to None - it should have been reset by now?
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
sys.settrace(None)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if tb.dialog is not None: # We may never have actually been shown.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
sys.settrace(None)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
sys.settrace(None)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# may be disabled primarily if a modal dialog is displayed.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
d = win32ui.CreateFontDialog(existingFormat, flags, None, self)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self.dialog = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def StatusProgressDialog(title, msg="", maxticks=100, parent=None):
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self.dialog = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if self.GetSafeHwnd() == 0 or self.dialog is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def RunScript(defName=None, defArgs=None, bShowDialog=1, debuggingType=None):
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
"""displays a dialog, and returns a string, or None if cancelled.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
trace = lambda *args: None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
d = win32ui.CreateFontDialog(baseFormat, flags, None, self)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
d = win32ui.CreateFontDialog(format, flags, None, self)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
curDialog = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if curDialog is not None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
curDialog = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if curDialog is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
curDialog = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
trace = lambda *args: None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
async def __aexit__(self, exc_type: None, exc_value: None, traceback: None) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
async def __aexit__(self, exc_type, exc_value, traceback) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def __exit__(self, exc_type, exc_value, traceback) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def acl_log(self, count: Optional[int] = None, **kwargs) -> ResponseT:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def slowlog_get(self, num: Optional[int] = None, **kwargs) -> ResponseT:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_time: Optional[datetime] = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log("Hello, World!", "{'a': 1}", repr(console))Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def __exit__(self, exc_type: Any, exc_value: Any, traceback: Any) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
suppress (Iterable[Union[str, ModuleType]]): Optional sequence of modules or paths to exclude from traceback.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_locals: bool = False,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
"traceback.offset": Style(color="bright_red", bold=True),
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(next(examples))
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
highlighter (Highlighter, optional): Highlighter to style log messages, or None to use ReprHighlighter. Defaults to None.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
markup (bool, optional): Enable console markup in log messages. Defaults to False.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
rich_tracebacks (bool, optional): Enable rich tracebacks with syntax highlighting and formatting. Defaults to False.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tracebacks_width (Optional[int], optional): Number of characters used to render tracebacks, or None for full width. Defaults to None.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tracebacks_code_width (int, optional): Number of code characters used to render tracebacks, or None for full width. Defaults to 88.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tracebacks_extra_lines (int, optional): Additional lines of code to render tracebacks, or None for full width. Defaults to None.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tracebacks_show_locals (bool, optional): Enable display of locals in tracebacks. Defaults to False.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tracebacks_suppress (Sequence[Union[str, ModuleType]]): Optional sequence of modules or paths to exclude from traceback.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
rich_tracebacks: bool = False,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tracebacks_width: Optional[int] = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tracebacks_theme: Optional[str] = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tracebacks_show_locals: bool = False,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self.tracebacks_suppress = tracebacks_suppress
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def emit(self, record: LogRecord) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
suppress=self.tracebacks_suppress,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback (Optional[Traceback]): Traceback instance or None for no Traceback.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log("Importing advanced AI")Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log("Advanced Covid AI Ready")Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log("Found 10,000,000,000 copies of Covid32.exe")Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
theme (Optional[str], optional): Pygments theme to use in traceback. Defaults to ``None`` which will pick
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
suppress (Sequence[Union[str, ModuleType]]): Optional sequence of modules or paths to exclude from traceback.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback_console = Console(stderr=True) if console is None else console
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if (traceback_console.is_jupyter and locals_hide_sunder is None)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def ipy_show_traceback(*args: Any, **kwargs: Any) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tb: Optional[TracebackType] = None if is_syntax else exc_tuple[2]
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# remove ipython internal frames from trace with tb_offset
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
trace (Trace, optional): A `Trace` object produced from `extract`. Defaults to None, which uses
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
suppress (Sequence[Union[str, ModuleType]]): Optional sequence of modules or paths to exclude from traceback.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
trace: Optional[Trace] = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if trace is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if exc_type is None or exc_value is None or traceback is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
suppress (Iterable[Union[str, ModuleType]]): Optional sequence of modules or paths to exclude from traceback.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if frame_summary.f_locals.get("_rich_traceback_omit", False):Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if frame_summary.f_locals.get("_rich_traceback_guard", False):Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# __traceback__ can be None, e.g. for exceptions raised by the
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
"\n" + " " * offset + "[traceback.offset]▲[/]",
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if exc_traceback is not None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: types.TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
epilog: str | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_type: type[BaseException], exc_value: BaseException, tb: TracebackType | None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
If you want to show the full trace instead, you can set the parameter `pretty_exceptions_short` to `False`:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
epilog: str | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
epilog: str | None = Default(None),
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
console.print(Padding(Align(epilogue_text, pad=False), 1))
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# suppress the exception to avoid a traceback from subprocess.Popen
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
ExcInfo = tuple[type[BaseException], BaseException, types.TracebackType | None]
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
"disable_existing_loggers": False,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_config: dict[str, Any] | str | RawConfigParser | IO[Any] | None = LOGGING_CONFIG,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_level: str | int | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def configure_logging(self) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if self.log_config is not None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logging.config.fileConfig(self.log_config, disable_existing_loggers=False)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if self.log_level is not None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if self.access_log is False:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logging.getLogger("uvicorn.access").propagate = FalseEnsure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
help="Enable/Disable access log.",
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
help="Enable/Disable colorized logging.",
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_config=LOGGING_CONFIG if log_config is None else log_config,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_config: dict[str, Any] | str | RawConfigParser | IO[Any] | None = LOGGING_CONFIG,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log_level: str | int | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def trace(message: Any, *args: Any, **kwargs: Any) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self.logger.error("ASGI callable should return None, but returned '%s'.", result)Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self.logger.error("ASGI callable should return None, but returned '%s'.", result)Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self.logger.error("ASGI callable should return None, but returned '%s'.", result)Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def _log_started_message(self, listeners: Sequence[socket.SocketType]) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger.propagate = False
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger.propagate = False
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
"log_config": None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
delay - value in seconds or None to disable timeout logic
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: LoggerLike | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if logger is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: LoggerLike | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if logger is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: LoggerLike | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: LoggerLike | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: LoggerLike | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if logger is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: LoggerLike | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if logger is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: LoggerLike | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if logger is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: LoggerLike | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if logger is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def __init__(self, logger: LoggerLike | None = None) -> None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if logger is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: LoggerLike | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: LoggerLike | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if logger is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: LoggerLike | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: LoggerLike | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: LoggerLike | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if logger is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback: TracebackType | None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
logger: LoggerLike | None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
traceback.print_exc(None, errbuf)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
"POLICY_AUDIT_EVENT_NONE",
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
ENDSESSION_LOGOFF = -2147483648
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
"""Finds any disconnected terminal service sessions and logs them off"""
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
print("Logging off disconnected user:", username)Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
win32ts.WTSLogoffSession(win32ts.WTS_CURRENT_SERVER_HANDLE, sessionid, True)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
login=None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if login is not None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
NTDSSETTINGS_OPT_IS_AUTO_TOPOLOGY_DISABLED = 1 << 0
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
NTDSSETTINGS_OPT_IS_INTER_SITE_AUTO_TOPOLOGY_DISABLED = 1 << 4
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
EWX_LOGOFF = 0
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
CTRL_LOGOFF_EVENT = 5
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
CERT_AUTH_ROOT_AUTO_UPDATE_DISABLE_UNTRUSTED_ROOT_LOGGING_FLAG = 0x1
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
CERT_AUTH_ROOT_AUTO_UPDATE_DISABLE_PARTIAL_CHAIN_LOGGING_FLAG = 0x2
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
eventLogFlags=None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if eventLogFlags is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
hAppLog = win32evtlog.RegisterEventSource(None, appName)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
def SafeFormatMessage(eventLogRecord, logType=None):
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if logType is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if eventLogRecord.StringInserts is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
feeder, machineName=None, logName="Application", readFlags=None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
USER_LAST_LOGOFF_PARMNUM = 16
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
USER_LAST_LOGOFF_INFOLEVEL = PARMNUM_BASE_INFOLEVEL + USER_LAST_LOGOFF_PARMNUM
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
VALID_LOGOFF = 1
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
MODALS_FORCE_LOGOFF_PARMNUM = 4
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
MODALS_FORCE_LOGOFF_INFOLEVEL = PARMNUM_BASE_INFOLEVEL + MODALS_FORCE_LOGOFF_PARMNUM
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
USER_NO_LOGOFF = -1
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
DEF_FORCE_LOGOFF = -1
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
SV_ENABLEFORCEDLOGOFF_PARMNUM = 515
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
dialogs: dict[str, list[list[str | int | None | tuple[str | int, ...]]]] = {}Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
RCParser.loadDialogs(rcFileName) -> None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
ERROR_DLL_INIT_FAILED_LOGOFF = 624
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
ERROR_LOG_RECORD_NONEXISTENT = 6624
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
ERROR_CTX_LOGON_DISABLED = 7037
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
ERROR_CTX_NO_FORCE_LOGOFF = 7063
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
ERROR_EC_LOG_DISABLED = 15081
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
ERROR_DEPLOYMENT_BLOCKED_BY_USER_LOG_OFF = 15641
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
ERROR_AUDITING_DISABLED = -1073151999
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
ERROR_CTLOG_VHD_CHANGED_OFFLINE = -1069940702
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
hlog = win32evtlog.OpenEventLog(None, logType)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# Is this a 'silent' install - ie, avoid all dialogs.
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
dlg = win32ui.CreateFileDialog(1, None, fileName, flags, filter, None)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
win32com.server.policy.DispatcherWin32trace if self.debug else None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self.dialog = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if self.dialog is not None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self.dialog = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if self.dialog is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
dlg = win32ui.CreateFileDialog(1, None, None, openFlags, fspec)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# The logger we should dump to. If None, we should send to the
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self.logger = getattr(win32com, "logger", None)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if self.logger is not None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if self.logger is not None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if self.logger is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if frame.f_trace is None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self.logicalbotframe = None # Anything at this level or below does not exist!
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
sys.settrace(None)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
# sys.settrace(None)
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self.logicalbotframe = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
self.logicalbotframe = None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
useDispatcher = win32com.server.policy.DispatcherWin32trace if debugging else None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
trace("EnumCodeContextsOfPosition", context, charOffset, numChars)Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
exc_traceback: None = None,
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
if exc_type is not None or exc_traceback is not None:
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tb = value.__traceback__ if value else None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
tb_look: TracebackType | None = tb_top
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
trace("Debugging interfaces not available - debugging is disabled..")Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
useDispatcher = win32com.server.policy.DispatcherWin32trace if debugging else None
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
URLPOLICY_CREDENTIALS_SILENT_LOGON_OK = 0x00000000
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
<!-- Summary Stats -->
Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
<!-- Main Content -->
Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
<!-- Diagram Section -->
Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
<!-- Findings & Recommendations Grid -->
Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
<!-- Issues -->
Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
<!-- Issues injected here -->
Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
<!-- Recommendations -->
Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
<!-- Recommendations injected here -->
Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
<!-- Detailed Analysis -->
Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
<!-- Rows injected here -->
Remove HTML comments from description strings. Use source code comments instead.
Tool descriptions containing system-prompt-style directives (e.g., 'you are', 'always respond') attempt to hijack LLM behavior.
# like that is unlikely in the extreme. You are now reading this comment
Remove system-prompt-style directives from description. Descriptions should explain the tool's function, not instruct the model.
Tool descriptions containing system-prompt-style directives (e.g., 'you are', 'always respond') attempt to hijack LLM behavior.
# function to have a unique name. You are now thinking: "B-b-but...
Remove system-prompt-style directives from description. Descriptions should explain the tool's function, not instruct the model.
Tool descriptions containing system-prompt-style directives (e.g., 'you are', 'always respond') attempt to hijack LLM behavior.
#But you are now cogitating: "Uhh... but doesn't the *ENTIRE* codebase assume a
Remove system-prompt-style directives from description. Descriptions should explain the tool's function, not instruct the model.
Tool descriptions containing system-prompt-style directives (e.g., 'you are', 'always respond') attempt to hijack LLM behavior.
f'Since neither applies here, you are now off the deep end. '
Remove system-prompt-style directives from description. Descriptions should explain the tool's function, not instruct the model.
Tool descriptions containing system-prompt-style directives (e.g., 'you are', 'always respond') attempt to hijack LLM behavior.
# You are now thinking: "B-b-but how can a package be a subpackage of
Remove system-prompt-style directives from description. Descriptions should explain the tool's function, not instruct the model.
Tool names mimicking built-in system tools (e.g., 'bash', 'shell', 'terminal') can trick the LLM into routing actions to a malicious handler.
name = "bash"
Rename the tool to avoid colliding with system commands (bash, shell, exec, etc.).
Zero-width and invisible unicode characters can hide malicious text within tool descriptions.
'copyright': 'کپیرایت',
Remove zero-width/invisible unicode characters. Run descriptions through a unicode sanitizer.
Zero-width and invisible unicode characters can hide malicious text within tool descriptions.
'کپیرایت': 'copyright',
Remove zero-width/invisible unicode characters. Run descriptions through a unicode sanitizer.
Zero-width and invisible unicode characters can hide malicious text within tool descriptions.
'قانون-پیشفرض': 'default-role',
Remove zero-width/invisible unicode characters. Run descriptions through a unicode sanitizer.
Zero-width and invisible unicode characters can hide malicious text within tool descriptions.
'شمارهگذاری-فصل': 'sectnum',
Remove zero-width/invisible unicode characters. Run descriptions through a unicode sanitizer.
Zero-width and invisible unicode characters can hide malicious text within tool descriptions.
'منبع-نامگذاری': 'named-reference',
Remove zero-width/invisible unicode characters. Run descriptions through a unicode sanitizer.
Zero-width and invisible unicode characters can hide malicious text within tool descriptions.
'منبع-نقلفول': 'citation-reference',
Remove zero-width/invisible unicode characters. Run descriptions through a unicode sanitizer.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
self.body.append('<!-- %s -->\n' % sub('- ', node.astext()))Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
generator = '<!-- Generated by Docutils %s -->\n'
Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
<!-- configuration parameters -->
Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
<!-- style sheet links -->
Remove HTML comments from description strings. Use source code comments instead.
Tool names mimicking built-in system tools (e.g., 'bash', 'shell', 'terminal') can trick the LLM into routing actions to a malicious handler.
@command(name="exec", fixed=(), repeat=(), flags=[msgs.FLAG_NO_SCRIPT, msgs.FLAG_TRANSACTION])
Rename the tool to avoid colliding with system commands (bash, shell, exec, etc.).
Tool descriptions containing system-prompt-style directives (e.g., 'you are', 'always respond') attempt to hijack LLM behavior.
since you must always specify the config first, e.g.
Remove system-prompt-style directives from description. Descriptions should explain the tool's function, not instruct the model.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
comment = "<!---?>|<!--(?:[^-]|-[^-]|--[^>])*-->"
Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
(re.compile(r"^<!--"), re.compile(r"-->"), True),
Remove HTML comments from description strings. Use source code comments instead.
Phrases like 'ignore previous instructions' or 'disregard' attempt to override LLM system prompts via tool metadata.
will override previous propagators.
Remove prompt-override phrases from descriptions. Tool metadata must not contain behavioral directives.
Phrases like 'ignore previous instructions' or 'disregard' attempt to override LLM system prompts via tool metadata.
will override previous propagators.
Remove prompt-override phrases from descriptions. Tool metadata must not contain behavioral directives.
Tool names mimicking built-in system tools (e.g., 'bash', 'shell', 'terminal') can trick the LLM into routing actions to a malicious handler.
name = 'Terminal'
Rename the tool to avoid colliding with system commands (bash, shell, exec, etc.).
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
(r'<!--.*?-->', Comment.Multiline),
Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
(r'<!--.*?-->', Comment.Multiline),
Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
((?: [{}] | \{{{{2,3}}[^{{}}]*?\}}{{2,3}} | <!--[\s\S]*?--> )*)Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
((?: [{}] | \{{{{2,3}}[^{{}}]*?\}}{{2,3}} | <!--[\s\S]*?--> )*?)Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
((?: [{}] | \{{{{2,3}}[^{{}}]*?\}}{{2,3}} | <!--[\s\S]*?--> )*?)Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
(r'<!--[\s\S]*?(?:-->|\Z)', Comment.Multiline),
Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
# comments, an extra state is required to handle things like {{\n<!---->\n name}}Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
(r'<!--[\s\S]*?(?:-->|\Z)', Comment.Multiline),
Remove HTML comments from description strings. Use source code comments instead.
Tool names mimicking built-in system tools (e.g., 'bash', 'shell', 'terminal') can trick the LLM into routing actions to a malicious handler.
name = 'Bash'
Rename the tool to avoid colliding with system commands (bash, shell, exec, etc.).
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
(r'(?s)<!--.*?-->', Comment),
Remove HTML comments from description strings. Use source code comments instead.
HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.
<!-- Generated with Rich https://www.textualize.io -->
Remove HTML comments from description strings. Use source code comments instead.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
"select * from hypopg_create_index(%(ddl)s)",
Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
_execute_safe(cur, "select * from hypopg_reset()")
Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
_execute_safe(cur, "select * from hypopg_reset()")
Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
select * from bloat
Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
select * from indexes
Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
result = tool.fn("pg_catalog", "SELECT * FROM pg_catalog.pg_class LIMIT 5")Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
("db_pg96_explain_query", {"sql": "select * from public.orders", "output_format": "text"}),Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
func("SELECT * FROM users", params_json='{"id": 1}', max_rows=1)Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
assert "SELECT * FROM users" not in info_msg
Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
("db_pg96_explain_query", {"sql": "select * from public.orders", "output_format": "text"}),Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
{"sql": "select * from public.orders where customer_id = 1 order by created_at desc limit 10", "output_format": "json"},Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
("db_pg96_explain_query", {"sql": "select * from public.orders", "output_format": "text"}),Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
sql = "select * from %s" % kw_args["table_name"]
Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
sql = "SELECT * from [%s]" % sheet
Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected error.stack or err.stack being sent in HTTP responses. Stack traces reveal internal file paths, library versions, and code structure that can aid attackers.
return t.cast("Context", _local.stack[-1])Never send stack traces in production responses. Log the full error server-side and return a generic error message to the client.
Detected error.stack or err.stack being sent in HTTP responses. Stack traces reveal internal file paths, library versions, and code structure that can aid attackers.
return self.stack[-1]
Never send stack traces in production responses. Log the full error server-side and return a generic error message to the client.
Detected DEBUG=true or similar debug flags that may be active in production. Debug mode often enables verbose logging, detailed error messages, and development-only endpoints.
For example, FASTMCP_DEBUG=true will set debug=True.
Ensure debug mode is disabled in production. Use environment-based configuration to control debug settings.
Detected error.stack or err.stack being sent in HTTP responses. Stack traces reveal internal file paths, library versions, and code structure that can aid attackers.
return f'LexerContext({self.text!r}, {self.pos!r}, {self.stack!r})'Never send stack traces in production responses. Log the full error server-side and return a generic error message to the client.
Detected error.stack or err.stack being sent in HTTP responses. Stack traces reveal internal file paths, library versions, and code structure that can aid attackers.
return stack_info_str.splitlines() if self.stack_info_as_array else stack_info_str
Never send stack traces in production responses. Log the full error server-side and return a generic error message to the client.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
query("SELECT * FROM table") # okAlways specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
query(f"SELECT * FROM {input()}") # not okAlways specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"destructiveHint": True, "openWorldHint": False}, timeout=60.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"destructiveHint": True, "openWorldHint": False}, timeout=60.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"destructiveHint": True, "openWorldHint": False}, timeout=90.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"destructiveHint": True, "openWorldHint": False}, timeout=90.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"destructiveHint": True, "openWorldHint": False}, timeout=90.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False}, timeout=90.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False}, timeout=60.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False}, timeout=120.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False}, timeout=120.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False}, timeout=120.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False}, timeout=90.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False}, timeout=90.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"destructiveHint": True, "openWorldHint": False}, timeout=30.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False}, timeout=30.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False}, timeout=60.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False}, timeout=90.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False}, timeout=90.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False}, timeout=120.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False}, timeout=60.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"openWorldHint": False}, timeout=120.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"openWorldHint": False}, timeout=120.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False}, timeout=15.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False}, timeout=30.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False}, timeout=30.0)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, task=True, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False})Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, task=True, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False})Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, task=True, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False})Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, task=True, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False})Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(tags={"public"}, task=True, annotations={"readOnlyHint": True, "idempotentHint": True, "openWorldHint": False})Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
registered = mcp.tool(name=alias_name, tags={"public"})(alias_callable)Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected proxy, relay, or forwarding patterns targeting MCP, tool, or server endpoints. A relay server can silently intercept, modify, or exfiltrate MCP tool requests and responses.
server = FastMCP.as_proxy(mcp_config)
Remove unauthorized proxy or relay layers from the MCP pipeline. If proxying is required, ensure it is explicitly documented and uses authenticated, encrypted channels.
Detected proxy, relay, or forwarding patterns targeting MCP, tool, or server endpoints. A relay server can silently intercept, modify, or exfiltrate MCP tool requests and responses.
class FastMCPProxy(FastMCP):
Remove unauthorized proxy or relay layers from the MCP pipeline. If proxying is required, ensure it is explicitly documented and uses authenticated, encrypted channels.
Detected proxy, relay, or forwarding patterns targeting MCP, tool, or server endpoints. A relay server can silently intercept, modify, or exfiltrate MCP tool requests and responses.
lifespan=_lifespan_proxy(fastmcp_server=self),
Remove unauthorized proxy or relay layers from the MCP pipeline. If proxying is required, ensure it is explicitly documented and uses authenticated, encrypted channels.
Detected proxy, relay, or forwarding patterns targeting MCP, tool, or server endpoints. A relay server can silently intercept, modify, or exfiltrate MCP tool requests and responses.
server = FastMCP.as_proxy(server)
Remove unauthorized proxy or relay layers from the MCP pipeline. If proxying is required, ensure it is explicitly documented and uses authenticated, encrypted channels.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
- @server.tool (without parentheses)
Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
- @server.tool (with empty parentheses)
Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
- @server.tool(name="custom_name") (with name as keyword argument)
Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
- server.tool(function, name="custom_name") (direct function call)
Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@server.tool(name="custom_name")
Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
server.tool(my_function, name="custom_name")
Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(task=TaskConfig(mode="required"))
Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
@mcp.tool(task=TaskConfig(mode="optional"))
Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.
Detected proxy, relay, or forwarding patterns targeting MCP, tool, or server endpoints. A relay server can silently intercept, modify, or exfiltrate MCP tool requests and responses.
server = FastMCP.as_proxy(name=server_name, backend=client)
Remove unauthorized proxy or relay layers from the MCP pipeline. If proxying is required, ensure it is explicitly documented and uses authenticated, encrypted channels.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
mock_cursor.description = [
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.
result = _invoke(server, "db_pg96_ping")
Tool responses should never contain tool invocation patterns. Validate and sanitize all output to ensure it does not include cross-tool call instructions.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = description
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = "ECDH-1PU in the Direct Key Agreement mode"
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = (
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = "XChaCha20-Poly1305"
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = "ChaCha20-Poly1305"
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = description
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = f"AES Key Wrap using {key_size}-bit key"Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = f"Key wrapping with AES GCM using {key_size}-bit key"Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = "ECDH-ES in the Direct Key Agreement mode"
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = (
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = tpl.format(key_size, hash_type)
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = f"AES GCM using {key_size}-bit key"Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = f"HMAC using SHA-{sha_type}"Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = f"RSASSA-PKCS1-v1_5 using SHA-{sha_type}"Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = f"ECDSA using {self.curve} and SHA-{sha_type}"Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = tpl.format(sha_type, sha_type)
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.
>>> result = runner.invoke(cli=main)
Tool responses should never contain tool invocation patterns. Validate and sanitize all output to ensure it does not include cross-tool call instructions.
Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.
result = runner.invoke(cli=main)
Tool responses should never contain tool invocation patterns. Validate and sanitize all output to ensure it does not include cross-tool call instructions.
Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.
return _process_result(sub_ctx.command.invoke(sub_ctx))
Tool responses should never contain tool invocation patterns. Validate and sanitize all output to ensure it does not include cross-tool call instructions.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
command_panel.description = RichGroup(command_panel.description, NewLine(), group_help)
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
command_panel.description = group_help
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
new_panel.description = RichGroup(
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
new_panel.description = existing_panel.description
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = description
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = description
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = description
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = description
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.
result = await client.call_tool("my_tool", {"param": "value"})Tool responses should never contain tool invocation patterns. Validate and sanitize all output to ensure it does not include cross-tool call instructions.
Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.
result = await self.session.call_tool(
Tool responses should never contain tool invocation patterns. Validate and sanitize all output to ensure it does not include cross-tool call instructions.
Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.
result = await self._call_tool(tool_call.tool, tool_call.arguments)
Tool responses should never contain tool invocation patterns. Validate and sanitize all output to ensure it does not include cross-tool call instructions.
Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.
result = await self._call_tool(tool, tool_call_arguments)
Tool responses should never contain tool invocation patterns. Validate and sanitize all output to ensure it does not include cross-tool call instructions.
Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.
result = await client.call_tool(key, arguments)
Tool responses should never contain tool invocation patterns. Validate and sanitize all output to ensure it does not include cross-tool call instructions.
Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.
result = await client.call_tool("greet", {"name": "World"})Tool responses should never contain tool invocation patterns. Validate and sanitize all output to ensure it does not include cross-tool call instructions.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
field_info.description = fields_docs[ann_name]
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
new_field.description = new_field.description if new_field.description is not None else existing_desc
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
new_field.description = new_field.description if new_field.description is not None else existing_desc
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
field_info.description = field_docstrings[field_name]
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = kwargs.pop('description', None)Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = kwargs.pop('description', None)Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
task.description = description
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
task.description = description
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.desc = None
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.desc = desc_or_id
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.desc = None
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
spec.desc = tlbdesc
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
if item.desc == desc:
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = description or desc
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = "S_FALSE"
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = pythoncom.GetScodeString(scode)
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = FormatForAX(msg)
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = ExpandTabs("".join(list))Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
self.description = ExpandTabs("".join(bits))Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
An HTTP server is created without configuring Strict-Transport-Security (HSTS) headers. Without HSTS, browsers may allow downgrade attacks from HTTPS to HTTP.
raw_socket.listen(backlog)
Add Strict-Transport-Security headers to your server responses. Use a middleware such as helmet to set HSTS automatically.
Detected use of SSLv3, TLS 1.0, or TLS 1.1, which are deprecated and have known vulnerabilities. These protocols are susceptible to POODLE, BEAST, and other attacks.
#: the TLS protocol version (e.g. ``TLSv1.2``)
Configure your server to use TLS 1.2 or TLS 1.3 only. Remove any references to SSLv3, TLSv1, or TLSv1.1.
Detected use of SSLv3, TLS 1.0, or TLS 1.1, which are deprecated and have known vulnerabilities. These protocols are susceptible to POODLE, BEAST, and other attacks.
f"send_eof() requires at least TLSv1.3; current "
Configure your server to use TLS 1.2 or TLS 1.3 only. Remove any references to SSLv3, TLSv1, or TLSv1.1.
Detected use of SSLv3, TLS 1.0, or TLS 1.1, which are deprecated and have known vulnerabilities. These protocols are susceptible to POODLE, BEAST, and other attacks.
"DTLSv1_listen",
Configure your server to use TLS 1.2 or TLS 1.3 only. Remove any references to SSLv3, TLSv1, or TLSv1.1.
Detected use of SSLv3, TLS 1.0, or TLS 1.1, which are deprecated and have known vulnerabilities. These protocols are susceptible to POODLE, BEAST, and other attacks.
"Cryptography_HAS_PSK_TLSv1_3": cryptography_has_psk_tlsv13,
Configure your server to use TLS 1.2 or TLS 1.3 only. Remove any references to SSLv3, TLSv1, or TLSv1.1.
Detected use of SSLv3, TLS 1.0, or TLS 1.1, which are deprecated and have known vulnerabilities. These protocols are susceptible to POODLE, BEAST, and other attacks.
"Cryptography_HAS_TLSv1_3_FUNCTIONS": cryptography_has_tlsv13_functions,
Configure your server to use TLS 1.2 or TLS 1.3 only. Remove any references to SSLv3, TLSv1, or TLSv1.1.
Detected use of SSLv3, TLS 1.0, or TLS 1.1, which are deprecated and have known vulnerabilities. These protocols are susceptible to POODLE, BEAST, and other attacks.
"Cryptography_HAS_TLSv1_3_HS_FUNCTIONS": (
Configure your server to use TLS 1.2 or TLS 1.3 only. Remove any references to SSLv3, TLSv1, or TLSv1.1.
Detected use of SSLv3, TLS 1.0, or TLS 1.1, which are deprecated and have known vulnerabilities. These protocols are susceptible to POODLE, BEAST, and other attacks.
ctx.minimum_version = ssl.TLSVersion.TLSv1_2
Configure your server to use TLS 1.2 or TLS 1.3 only. Remove any references to SSLv3, TLSv1, or TLSv1.1.
Detected use of SSLv3, TLS 1.0, or TLS 1.1, which are deprecated and have known vulnerabilities. These protocols are susceptible to POODLE, BEAST, and other attacks.
TLSv1_2 = 12
Configure your server to use TLS 1.2 or TLS 1.3 only. Remove any references to SSLv3, TLSv1, or TLSv1.1.
Detected use of SSLv3, TLS 1.0, or TLS 1.1, which are deprecated and have known vulnerabilities. These protocols are susceptible to POODLE, BEAST, and other attacks.
self.minimum_version: Any = TLSVersion.TLSv1_2
Configure your server to use TLS 1.2 or TLS 1.3 only. Remove any references to SSLv3, TLSv1, or TLSv1.1.
Detected use of SSLv3, TLS 1.0, or TLS 1.1, which are deprecated and have known vulnerabilities. These protocols are susceptible to POODLE, BEAST, and other attacks.
ssl_context.minimum_version = ssl.TLSVersion.TLSv1_2 # type: ignore
Configure your server to use TLS 1.2 or TLS 1.3 only. Remove any references to SSLv3, TLSv1, or TLSv1.1.
An HTTP server is created without configuring Strict-Transport-Security (HSTS) headers. Without HSTS, browsers may allow downgrade attacks from HTTPS to HTTP.
async for message in pubsub.listen(): # pragma: no cover
Add Strict-Transport-Security headers to your server responses. Use a middleware such as helmet to set HSTS automatically.
An HTTP server is created without configuring Strict-Transport-Security (HSTS) headers. Without HSTS, browsers may allow downgrade attacks from HTTPS to HTTP.
async for message in pubsub.listen(): # pragma: no cover
Add Strict-Transport-Security headers to your server responses. Use a middleware such as helmet to set HSTS automatically.
An HTTP server is created without configuring Strict-Transport-Security (HSTS) headers. Without HSTS, browsers may allow downgrade attacks from HTTPS to HTTP.
listener.listen(event)
Add Strict-Transport-Security headers to your server responses. Use a middleware such as helmet to set HSTS automatically.
An HTTP server is created without configuring Strict-Transport-Security (HSTS) headers. Without HSTS, browsers may allow downgrade attacks from HTTPS to HTTP.
await listener.listen(event)
Add Strict-Transport-Security headers to your server responses. Use a middleware such as helmet to set HSTS automatically.
Detected use of ws:// (unencrypted WebSocket) instead of wss:// (encrypted). WebSocket traffic over ws:// is transmitted in plaintext and can be intercepted or tampered with by network attackers.
url = urljoin("ws://testserver", url)Replace ws:// with wss:// to ensure WebSocket connections are encrypted with TLS.
Detected use of SSLv3, TLS 1.0, or TLS 1.1, which are deprecated and have known vulnerabilities. These protocols are susceptible to POODLE, BEAST, and other attacks.
ssl_ciphers: str = "TLSv1",
Configure your server to use TLS 1.2 or TLS 1.3 only. Remove any references to SSLv3, TLSv1, or TLSv1.1.
Detected use of SSLv3, TLS 1.0, or TLS 1.1, which are deprecated and have known vulnerabilities. These protocols are susceptible to POODLE, BEAST, and other attacks.
default="TLSv1",
Configure your server to use TLS 1.2 or TLS 1.3 only. Remove any references to SSLv3, TLSv1, or TLSv1.1.
Detected use of SSLv3, TLS 1.0, or TLS 1.1, which are deprecated and have known vulnerabilities. These protocols are susceptible to POODLE, BEAST, and other attacks.
ssl_ciphers: str = "TLSv1",
Configure your server to use TLS 1.2 or TLS 1.3 only. Remove any references to SSLv3, TLSv1, or TLSv1.1.
Detected use of ws:// (unencrypted WebSocket) instead of wss:// (encrypted). WebSocket traffic over ws:// is transmitted in plaintext and can be intercepted or tampered with by network attackers.
``wss://`` instead of ``ws://``.
Replace ws:// with wss:// to ensure WebSocket connections are encrypted with TLS.
Detected use of ws:// (unencrypted WebSocket) instead of wss:// (encrypted). WebSocket traffic over ws:// is transmitted in plaintext and can be intercepted or tampered with by network attackers.
``wss://`` instead of ``ws://``.
Replace ws:// with wss:// to ensure WebSocket connections are encrypted with TLS.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
"PrecertificateSignedCertificateTimestamps",
Remove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
`ElasticsearchV1CollectionSanitizationStrategy` strategies.
Remove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
"FileTreeV1CollectionSanitizationStrategy",
Remove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
To avoid issues, you may want to consider leveraging the `FileTreeV1CollectionSanitizationStrategy`
Remove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
To avoid issues, you may want to consider leveraging the `WindowsRegistryV1CollectionSanitizationStrategy`.
Remove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
m = Model(base64_str='VGhlc2UgYXJlbid0IHRoZSBkcm9pZHMgeW91J3JlIGxvb2tpbmcgZm9y')
Remove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
#> {'base64_str': 'VGhlc2UgYXJlbid0IHRoZSBkcm9pZHMgeW91J3JlIGxvb2tpbmcgZm9y'}Remove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_INTERFACES = {'AAAttribution', 'ABNewPersonViewController', 'ABPeoplePickerNavigationController', 'ABPersonViewController', 'ABUnknownPersonViewController', 'ACAccount', 'ACAccountCredential', 'ACAccountStore', 'ACAccountType', 'ADBannerView', 'ADClient', 'ADInterstitialAd', 'ADInterstitialAdPresentationViewController', 'AEAssessmentConfiguration', 'AEAssessmentSession', 'ALAsset', 'ALAssetRepresentation', 'ALAssetsFilter', 'ALAssetsGroup', 'ALAssetsLibrary', 'APActivationPayload', 'ARAnchRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
COCOA_PROTOCOLS = {'ABNewPersonViewControllerDelegate', 'ABPeoplePickerNavigationControllerDelegate', 'ABPersonViewControllerDelegate', 'ABUnknownPersonViewControllerDelegate', 'ADActionViewControllerChildInterface', 'ADActionViewControllerInterface', 'ADBannerViewDelegate', 'ADInterstitialAdDelegate', 'AEAssessmentSessionDelegate', 'ARAnchorCopying', 'ARCoachingOverlayViewDelegate', 'ARSCNViewDelegate', 'ARSKViewDelegate', 'ARSessionDelegate', 'ARSessionObserver', 'ARSessionProviding', 'ARTrackRemove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
'gsnPanelFigureStringsBackgroundFillColor',
Remove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
'ExtendedGraphemeClusterLiteralConvertible',
Remove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
pool: "MaintNotificationsAbstractConnectionPool",
Remove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
_GIBBERISH = """aihwerij235234ljsdnp34ksodfipwoe234234jlskjdf"""
Remove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
"PolicyNotifyDomainKerberosTicketInformation",
Remove hardcoded secrets from source code. Use environment variables or a secrets manager.
String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.
"PolicyNotifyMachineAccountPasswordInformation",
Remove hardcoded secrets from source code. Use environment variables or a secrets manager.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
sys.stdout.write(f"{prompt or ''}\n")Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending tool execution results over WebSocket to external servers may exfiltrate data.
self._socket.send(datagram)
Do not send tool outputs over WebSocket. Return results through the MCP protocol only.
Sending tool execution results over WebSocket to external servers may exfiltrate data.
await self._socket.send(datagram)
Do not send tool outputs over WebSocket. Return results through the MCP protocol only.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
channel.write(message + '\n')
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await read_stream_writer.send(session_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await read_stream_writer.send(session_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await read_stream_writer.send(session_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await read_stream_writer.send(session_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await read_stream_writer.send(session_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await read_stream_writer.send(session_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self._write_stream.send(message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await writer.send(session_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await read_stream_writer.send(session_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await writer.send(session_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await writer.send(session_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await writer.send(session_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self._request_streams[request_stream_id][0].send(EventMessage(message, event_id))
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await read_stream_writer.send(session_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self._write_stream.send(SessionMessage(message=JSONRPCMessage(jsonrpc_request), metadata=metadata))
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self._write_stream.send(session_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self._write_stream.send(session_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self._write_stream.send(session_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self._write_stream.send(session_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
self.outputQueue.put(message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await send_stream.send(message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self.send(self.initial_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self.send(message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self.send(self.initial_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self.send(message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self.send(self.initial_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self.send(message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self.send(self.initial_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self.send(message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self.send(message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self.send(self.initial_message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await self.send(message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
body.write(body_message.get("body", b""))Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
output = self.conn.send(event=h11.EndOfMessage())
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
output = self.conn.send(event=h11.EndOfMessage())
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
output = self.conn.send(wsproto.events.Message(data=data)) # type: ignore
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await websocket.send(message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
self.file.write(message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
self.redir.write(message)
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.