Skip to content

Testing Snyk PR integration #170

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cameronwaterman wants to merge 1 commit into from
Closed

Testing Snyk PR integration #170

cameronwaterman wants to merge 1 commit into from

Conversation

@cameronwaterman
Copy link
Collaborator

@cameronwaterman cameronwaterman commented Nov 13, 2025

TEST PR TO BE CLOSED

@cameronwaterman
Include insecure examples for SAST analysis
5ea2df3 
Added intentionally insecure code examples for SAST testing.
@ni-github-admins
Copy link

ni-github-admins commented Nov 13, 2025

Snyk checks have failed. 2 issues have been found so far.

Status Scanner Critical High Medium Low Total (2)
Code Security 0 2 0 0 2 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

ni-github-admins
ni-github-admins reviewed Nov 13, 2025
View reviewed changes
nisystemlink/clients/dataframe/_data_frame_client.py
"""
# Hardcoded secrets / credentials
password = "P@ssw0rd!" # hardcoded password
api_key = "AKIA1234567890FAKE" # fake AWS-style access key
Copy link

@ni-github-admins ni-github-admins Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  Hardcoded Non-Cryptographic Secret

Avoid hardcoding values that are meant to be secret. Found a hardcoded string used in here.

Line 124 | CWE-547 | Priority score 820
Data flow: 2 steps

Step 1 - 2

nisystemlink-clients-python/nisystemlink/clients/dataframe/_data_frame_client.py

Line 124 in 5ea2df3

api_key = "AKIA1234567890FAKE" # fake AWS-style access key

nisystemlink/clients/dataframe/_data_frame_client.py

# Insecure HTTP request (certificate verification disabled)
import requests
r = requests.get(url, verify=False)
Copy link

@ni-github-admins ni-github-admins Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  Improper Certificate Validation - SSL Verification Bypass

Certificate verification is disabled by setting verify to False in requests.get. This may lead to Man-in-the-middle attacks.

Line 146 | CWE-295 | Priority score 820
Data flow: 3 steps

Step 1 - 3

nisystemlink-clients-python/nisystemlink/clients/dataframe/_data_frame_client.py

Line 146 in 5ea2df3

r = requests.get(url, verify=False)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ni-github-admins ni-github-admins ni-github-admins left review comments

@rbell517 rbell517 Awaiting requested review from rbell517 rbell517 is a code owner

@spanglerco spanglerco Awaiting requested review from spanglerco spanglerco is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cameronwaterman @ni-github-admins