베타 Shoulder는 베타 버전입니다 — 결과가 가끔 잘못될 수 있습니다. 여러분의 피드백이 다음에 무엇을 고칠지 결정합니다. 피드백 공유

🐍

Python Security

97 규칙

64 CWE 14 critical

Python 보안 취약점

Shoulder는 Python로 구축된 Python 애플리케이션에 특화된 97개의 보안 패턴을 탐지합니다.

프레임워크 커버리지

Django 65 규칙 Flask 63 규칙 Fastapi 61 규칙 Pyramid 5 규칙 Tornado 5 규칙 Bottle 4 규칙 Graphene 1 규칙 Ariadne 1 규칙 Strawberry 1 규칙 Python 1 규칙 Pymongo 1 규칙 Motor 1 규칙 Falcon 1 규칙 Sanic 1 규칙 Jinja2 1 규칙

취약점 카테고리

CWE-200 5 규칙

Exposure of Sensitive Information to an Unauthorized Actor

CWE-94 4 규칙

Improper Control of Generation of Code ('Code Injection')

CWE-942 4 규칙

Permissive Cross-domain Policy with Untrusted Domains

CWE-502 3 규칙

Deserialization of Untrusted Data

CWE-798 3 규칙

Use of Hard-coded Credentials

CWE-915 3 규칙

Improperly Controlled Modification of Dynamically-Determined Object Attributes

CWE-20 2 규칙

Improper Input Validation

CWE-22 2 규칙

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-89 2 규칙

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-209 2 규칙

Generation of Error Message Containing Sensitive Information

CWE-269 2 규칙

Improper Privilege Management

CWE-295 2 규칙

Improper Certificate Validation

CWE-306 2 규칙

Missing Authentication for Critical Function

CWE-326 2 규칙

Inadequate Encryption Strength

CWE-338 2 규칙

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE-347 2 규칙

Improper Verification of Cryptographic Signature

CWE-400 2 규칙

Uncontrolled Resource Consumption

CWE-489 2 규칙

Active Debug Code

CWE-614 2 규칙

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CWE-639 2 규칙

Authorization Bypass Through User-Controlled Key

🐍

Python 프로젝트 스캔

Shoulder CLI를 실행하여 Python 고유의 취약점을 찾으세요.

npx @shoulderdev/cli trust . 모든 Python 위협