Scan Results

List of Findings

Error: SIGMA.hardcoded_secret (CWE-798): [#def1]
/pcs/pcs_test/tier0/test_host.py:77: Sigma main event: A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to. Secret type: `Password (generic)`.
/pcs/pcs_test/tier0/test_host.py:77: remediation: Avoid setting sensitive configuration values as string literals. Instead, these values should be set using variables with the sensitive data loaded from an encrypted file or a secret store.

Error: SIGMA.xml_external_entity_enabled (CWE-611): [#def2]
/pcs/pcs_test/tier1/legacy/test_rule.py:1719: Sigma main event: The application uses Python's built in `xml` module which does not properly handle erroneous or maliciously constructed data, making the application vulnerable to one or more types of XML attacks.
/pcs/pcs_test/tier1/legacy/test_rule.py:1719: remediation: Avoid using the `xml` module. Consider using the `defusedxml` module or similar which safely prevents all XML entity attacks.

Error: SIGMA.xml_external_entity_enabled (CWE-611): [#def3]
/pcs/pcs_test/tier1/legacy/test_rule.py:2017: Sigma main event: The application uses Python's built in `xml` module which does not properly handle erroneous or maliciously constructed data, making the application vulnerable to one or more types of XML attacks.
/pcs/pcs_test/tier1/legacy/test_rule.py:2017: remediation: Avoid using the `xml` module. Consider using the `defusedxml` module or similar which safely prevents all XML entity attacks.

Error: SIGMA.xml_external_entity_enabled (CWE-611): [#def4]
/pcs/pcs_test/tier1/legacy/test_rule.py:2025: Sigma main event: The application uses Python's built in `xml` module which does not properly handle erroneous or maliciously constructed data, making the application vulnerable to one or more types of XML attacks.
/pcs/pcs_test/tier1/legacy/test_rule.py:2025: remediation: Avoid using the `xml` module. Consider using the `defusedxml` module or similar which safely prevents all XML entity attacks.

Error: SIGMA.xml_external_entity_enabled (CWE-611): [#def5]
/pcs/pcs_test/tier1/legacy/test_rule.py:2195: Sigma main event: The application uses Python's built in `xml` module which does not properly handle erroneous or maliciously constructed data, making the application vulnerable to one or more types of XML attacks.
/pcs/pcs_test/tier1/legacy/test_rule.py:2195: remediation: Avoid using the `xml` module. Consider using the `defusedxml` module or similar which safely prevents all XML entity attacks.

Error: SIGMA.xml_external_entity_enabled (CWE-611): [#def6]
/pcs/pcs_test/tier1/legacy/test_utils.py:1637: Sigma main event: The application uses Python's built in `xml` module which does not properly handle erroneous or maliciously constructed data, making the application vulnerable to one or more types of XML attacks.
/pcs/pcs_test/tier1/legacy/test_utils.py:1637: remediation: Avoid using the `xml` module. Consider using the `defusedxml` module or similar which safely prevents all XML entity attacks.