Sign upLogin

MAKENTNU/web

View on GitHub
Star

Showing 230 of 230 total issues

TODO found
Open

        # TODO: translate this and Reservation.__str__()
Severity: Minor
Found in src/make_queue/models/reservation.py by fixme

Possible hardcoded password: '1234'
Open

    password = "1234"
Severity: Info
Found in src/util/test_utils.py by bandit

TODO found
Open

# TODO: rewrite this whole view (and everything that uses it), so that it's more extendable,
Severity: Minor
Found in src/make_queue/views/reservation.py by fixme

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

    assert len(result__params__tuples) == 1
Severity: Info
Found in src/util/url_utils.py by bandit

Possible hardcoded password: ''
Open

def register(card_id="0123456789", secret=""):
    return _card(reverse('admin_register_card'), card_id, secret)
 
 
 
Severity: Info
Found in src/checkin/local_scanner.py by bandit

TODO found
Open

{# TODO: make this template extend web/generic_form.html #}
Severity: Minor
Found in src/make_queue/templates/make_queue/course/printer_3d_course_form.html by fixme

Use of mark_safe() may expose cross-site scripting vulnerabilities and should be reviewed.
Open

        return mark_safe(tag) + escape(object_collection[0]) + mark_safe("</div>") + everything_except_first
Severity: Minor
Found in src/util/html_utils.py by bandit

TODO found
Open

    # TODO: reduce code duplication between this and the two methods above
Severity: Minor
Found in src/make_queue/models/machine.py by fixme

TODO found
Open

            // TODO: check if this is DOM or jQuery object
Severity: Minor
Found in src/web/static/lib/jquery/jquery.dirty.js by fixme

Potential XSS on mark_safe function.
Open

        return mark_safe(f"{obj.get_full_name()} &nbsp;&ndash;&nbsp; {obj.username}")
Severity: Minor
Found in src/make_queue/formfields.py by bandit

TODO found
Open

{# TODO: make this template extend web/generic_form.html #}
Severity: Minor
Found in src/make_queue/templates/make_queue/reservation_form.html by fixme

Use of mark_safe() may expose cross-site scripting vulnerabilities and should be reviewed.
Open

        return mark_safe(f"{obj.get_full_name()} &nbsp;&ndash;&nbsp; {obj.username}")
Severity: Minor
Found in src/make_queue/formfields.py by bandit

Potential XSS on mark_safe function.
Open

                mark_safe(
                    f"{time_place.ticket_count}/{time_place.number_of_tickets}&emsp;"
                    + link_to_admin_change_form(time_place, text=f"({short_datetime_format(time_place.start_time)})")
Severity: Minor
Found in src/news/admin.py by bandit

Possible hardcoded password: ''
Open

def check(card_id="0123456789", secret=""):
Severity: Info
Found in src/checkin/local_scanner.py by bandit

TODO found
Open

    # TODO: move all validation out of the `save()` method and to a form
Severity: Minor
Found in src/make_queue/models/reservation.py by fixme

Use of mark_safe() may expose cross-site scripting vulnerabilities and should be reviewed.
Open

            return mark_safe(f"- <i>({standalone_notice})</i>")
Severity: Minor
Found in src/news/admin.py by bandit

Use of mark_safe() may expose cross-site scripting vulnerabilities and should be reviewed.
Open

            message = mark_safe(trim_whitespace(message))
Severity: Minor
Found in src/news/views/event.py by bandit

Use of mark_safe() may expose cross-site scripting vulnerabilities and should be reviewed.
Open

            mark_safe("<br>"), f"{tag}{sep}" + " {}</div>",
Severity: Minor
Found in src/util/html_utils.py by bandit

Use of mark_safe() may expose cross-site scripting vulnerabilities and should be reviewed.
Open

    return mark_safe(f'{prefix}{tag_start}target="_blank" {rest}')
Severity: Minor
Found in src/util/templatetags/html_tags.py by bandit

Potential XSS on mark_safe function.
Open

    return format_html('<a href="{}"{}>{}</a>', href, mark_safe(extra_attrs), text)
Severity: Minor
Found in src/util/templatetags/html_tags.py by bandit
Severity
Category
Status
Source
Language