Bugsy

DEMO
Back to Marketing
DU

Demo User

demo@acmebank.com

Back to Projects

Data Analytics Pipeline

ETL pipeline processing transaction data for fraud detection models

Project Details

Repository
github.com/acmebank/analytics-pipeline
Framework
Apache Airflow
Languages
PythonSQL
Last Scan
4/16/2024
scanning

Security Findings

1
Critical
2
High
6
Medium
3
Low
12
Total Findings

Security Findings (12 of 12)

SQL Injection vulnerability in payment validation

Security vulnerability found in src/api/payments.py. This is a critical issue that requires immediate attention.

critical
src/api/payments.py:88
CWE-89
93% confidence
Recommendation: Immediately patch this vulnerability by following security best practices.

Hardcoded API key in configuration

Security vulnerability found in config/settings.py. This is a high-priority security concern.

high
config/settings.py:268
CWE-798
72% confidence
Recommendation: Prioritize fixing this vulnerability by following security best practices.

Missing input validation on amount field

Security vulnerability found in src/api/transactions.py. This is a high-priority security concern.

high
src/api/transactions.py:245
CWE-20
78% confidence
Recommendation: Prioritize fixing this vulnerability by following security best practices.

Cross-site scripting (XSS) in user profile

Security vulnerability found in src/components/Profile.jsx. This issue should be addressed in the next development cycle.

medium
src/components/Profile.jsx:488
CWE-79
92% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Insecure direct object reference

Security vulnerability found in src/api/accounts.py. This issue should be addressed in the next development cycle.

medium
src/api/accounts.py:43
CWE-639
88% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Weak password requirements

Security vulnerability found in src/auth/validators.py. This issue should be addressed in the next development cycle.

medium
src/auth/validators.py:144
CWE-521
90% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Missing CSRF protection

Security vulnerability found in src/middleware/csrf.py. This issue should be addressed in the next development cycle.

medium
src/middleware/csrf.py:440
CWE-352
91% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Information disclosure in error messages

Security vulnerability found in src/utils/errors.py. This issue should be addressed in the next development cycle.

medium
src/utils/errors.py:78
CWE-209
74% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Race condition in transaction processing

Security vulnerability found in src/api/transactions.py. This issue should be addressed in the next development cycle.

medium
src/api/transactions.py:347
CWE-362
79% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Buffer overflow in data parsing

Security vulnerability found in src/parsers/xml.c. This is a low-priority issue that can be addressed when convenient.

low
src/parsers/xml.c:479
CWE-120
97% confidence
Recommendation: Consider addressing this vulnerability by following security best practices.

Improper authentication handling

Security vulnerability found in src/auth/middleware.py. This is a low-priority issue that can be addressed when convenient.

low
src/auth/middleware.py:107
CWE-287
80% confidence
Recommendation: Consider addressing this vulnerability by following security best practices.

Path traversal vulnerability

Security vulnerability found in src/api/files.py. This is a low-priority issue that can be addressed when convenient.

low
src/api/files.py:47
CWE-22
85% confidence
Recommendation: Consider addressing this vulnerability by following security best practices.