[Snyk] Security upgrade gulp from 3.9.1 to 5.0.0 #95

Summary

32 security issue(s)
- High : 10
- Medium : 22
- Low : 0

NShiftKey

Password in URL
- Target Code : lemur/docker-compose.yml [view change history] [ignore this]
  
  lemur/docker-compose.yml
  
  Line 12 in ff663c5
  
  SQLALCHEMY_DATABASE_URI: postgresql://lemur:lemur@postgres:5432/lemur
- Target Code : lemur/docs/administration.rst [view change history] [ignore this]
  
  lemur/docs/administration.rst
  
  Line 65 in ff663c5
  
  SQLALCHEMY_DATABASE_URI = 'postgresql://<user>:<password>@<hostname>:5432/lemur'
- Target Code : lemur/docs/quickstart/index.rst [view change history] [ignore this]
  
  lemur/docs/quickstart/index.rst
  
  Line 130 in ff663c5
  
  ``postgresql://userame:password@<database-fqdn>:<database-port>/<database-name>``
- Target Code : lemur/lemur/manage.py [view change history] [ignore this]
  
  lemur/lemur/manage.py
  
  Line 114 in ff663c5
  
  SQLALCHEMY_DATABASE_URI = 'postgresql://lemur:lemur@localhost:5432/lemur'
- Target Code : lemur/lemur/tests/conf.py [view change history] [ignore this]
  
  lemur/lemur/tests/conf.py
  
  Line 52 in ff663c5
  
  SQLALCHEMY_DATABASE_URI = os.getenv('SQLALCHEMY_DATABASE_URI', 'postgresql://lemur:lemur@localhost:5432/lemur')

Private Key Exposure

Target Code : lemur/lemur/certificates/views.py [view change history] [ignore this]

lemur/lemur/certificates/views.py

Line 305 in ff663c5

"privateKey": "-----BEGIN RSA PRIVATE KEY-----..."

Target Code : lemur/lemur/static/app/angular/certificates/certificate/upload.tpl.html [view change history] [ignore this]

lemur/lemur/static/app/angular/certificates/certificate/upload.tpl.html

Line 59 in ff663c5

    
           ng-pattern="/(^-----BEGIN PRIVATE KEY-----[\S\s]*-----END PRIVATE KEY-----)|(^-----BEGIN RSA PRIVATE KEY-----[\S\s]*-----END RSA PRIVATE KEY-----)/"></textarea>

Target Code : lemur/lemur/tests/conf.py [view change history] [ignore this]

lemur/lemur/tests/conf.py

Line 87 in ff663c5

-----BEGIN RSA PRIVATE KEY-----
Target Code : lemur/lemur/tests/vectors.py [view change history] [ignore this]

lemur/lemur/tests/vectors.py

Line 167 in ff663c5

-----BEGIN RSA PRIVATE KEY-----
Target Code : lemur/lemur/tests/vectors.py [view change history] [ignore this]

lemur/lemur/tests/vectors.py

Line 222 in ff663c5

-----BEGIN RSA PRIVATE KEY-----

Potential Key Exposure
- Target Code : lemur/docs/administration.rst [view change history] [ignore this]
  
  lemur/docs/administration.rst
  
  Line 92 in ff663c5
  
  >>> secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(6))
- Target Code : lemur/docs/administration.rst [view change history] [ignore this]
  
  lemur/docs/administration.rst
  
  Line 93 in ff663c5
  
  >>> secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(6))
- Target Code : lemur/docs/administration.rst [view change history] [ignore this]
  
  lemur/docs/administration.rst
  
  Line 94 in ff663c5
  
  >>> secret_key = secret_key + ''.join(random.choice(string.digits) for x in range(6))
- Target Code : lemur/lemur/plugins/lemur_cryptography/plugin.py [view change history] [ignore this]
  
  lemur/lemur/plugins/lemur_cryptography/plugin.py
  
  Line 55 in ff663c5
  
  issuer_private_key = private_key
- Target Code : lemur/lemur/tests/factories.py [view change history] [ignore this]
  
  lemur/lemur/tests/factories.py
  
  Line 36 in ff663c5
  
  private_key = PRIVATE_KEY_STR
- Target Code : lemur/lemur/authorities/views.py [view change history] [ignore this]
  
  lemur/lemur/authorities/views.py
  
  Line 137 in ff663c5
  
  "keyType": "RSA2048",
- Target Code : lemur/lemur/plugins/lemur_cryptography/tests/test_cryptography.py [view change history] [ignore this]
  
  lemur/lemur/plugins/lemur_cryptography/tests/test_cryptography.py
  
  Line 8 in ff663c5
  
  'key_type': 'RSA2048',
- Target Code : lemur/lemur/tests/conf.py [view change history] [ignore this]
  
  lemur/lemur/tests/conf.py
  
  Line 22 in ff663c5
  
  LEMUR_ENCRYPTION_KEYS = 'o61sBLNBSGtAckngtNrfVNd8xy8Hp9LBGDstTbMbqCY='
- Target Code : lemur/lemur/tests/test_authorities.py [view change history] [ignore this]
  
  lemur/lemur/tests/test_authorities.py
  
  Line 19 in ff663c5
  
  'keyType': 'RSA2048',
- Target Code : lemur/lemur/tests/test_certificates.py [view change history] [ignore this]
  
  lemur/lemur/tests/test_certificates.py
  
  Line 257 in ff663c5
  
  key_type='RSA2048',
- Target Code : lemur/lemur/tests/test_certificates.py [view change history] [ignore this]
  
  lemur/lemur/tests/test_certificates.py
  
  Line 307 in ff663c5
  
  state='CA', location='Here', key_type='RSA2048')
- Target Code : lemur/lemur/tests/test_certificates.py [view change history] [ignore this]
  
  lemur/lemur/tests/test_certificates.py
  
  Line 313 in ff663c5
  
  state='CA', location='Here', extensions=extensions, key_type='RSA2048')

Potential Password Exposure
- Target Code : lemur/lemur/auth/views.py [view change history] [ignore this]
  
  lemur/lemur/auth/views.py
  
  Line 83 in ff663c5
  
  :arg password: password
- Target Code : lemur/lemur/manage.py [view change history] [ignore this]
  
  lemur/lemur/manage.py
  
  Line 303 in ff663c5
  
  user.password = password1
- Target Code : lemur/lemur/roles/service.py [view change history] [ignore this]
  
  lemur/lemur/roles/service.py
  
  Line 46 in ff663c5
  
  role = Role(name=name, description=description, username=username, password=password)
- Target Code : lemur/lemur/roles/views.py [view change history] [ignore this]
  
  lemur/lemur/roles/views.py
  
  Line 131 in ff663c5
  
  :arg password: password for new role
- Target Code : lemur/lemur/roles/views.py [view change history] [ignore this]
  
  lemur/lemur/roles/views.py
  
  Line 170 in ff663c5
  
  "password": "apassword"
- Target Code : lemur/lemur/tests/test_users.py [view change history] [ignore this]
  
  lemur/lemur/tests/test_users.py
  
  Line 14 in ff663c5
  
  'password': '1233432',
- Target Code : lemur/lemur/users/views.py [view change history] [ignore this]
  
  lemur/lemur/users/views.py
  
  Line 134 in ff663c5
  
  :arg password: password for new user
- Target Code : lemur/lemur/certificates/views.py [view change history] [ignore this]
  
  lemur/lemur/certificates/views.py
  
  Line 912 in ff663c5
  
  "passphrase": "UAWOHW#&@_%!tnwmxh832025",

JSON Web Token

Target Code : lemur/lemur/tests/vectors.py [view change history] [ignore this]

lemur/lemur/tests/vectors.py

Line 4 in ff663c5

    
           'Authorization': 'Basic ' + 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE0MzUyMzMzNjksInN1YiI6MSwiZXhwIjoxNTIxNTQ2OTY5fQ.1qCi0Ip7mzKbjNh0tVd3_eJOrae3rNa_9MCVdA4WtQI',

Target Code : lemur/lemur/tests/vectors.py [view change history] [ignore this]

lemur/lemur/tests/vectors.py

Line 10 in ff663c5

    
           'Authorization': 'Basic ' + 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE0MzUyNTAyMTgsInN1YiI6MiwiZXhwIjoxNTIxNTYzODE4fQ.6mbq4-Ro6K5MmuNiTJBB153RDhlM5LGJBjI7GBKkfqA',

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade gulp from 3.9.1 to 5.0.0 #95

[Snyk] Security upgrade gulp from 3.9.1 to 5.0.0 #95

Summary

Details

NShiftKey

Password in URL

Private Key Exposure

Potential Key Exposure

Potential Password Exposure

JSON Web Token

Re-running checks...

[Snyk] Security upgrade gulp from 3.9.1 to 5.0.0 #95

Are you sure you want to change the base?

fix: package.json to reduce vulnerabilities

[Snyk] Security upgrade gulp from 3.9.1 to 5.0.0 #95

Summary

Details

NShiftKey

Password in URL

Private Key Exposure

Potential Key Exposure

Potential Password Exposure

JSON Web Token

Re-running checks...