RVD#3291: By default, jinja2 sets autoescape to False, ./Firmware/src/modules/systemlib/param/px_generate_params.py:35
rvd-bot opened this issue · 0 comments
rvd-bot commented
id: 3291
title: 'RVD#3291: By default, jinja2 sets autoescape to False, ./Firmware/src/modules/systemlib/param/px_generate_params.py:35'
type: bug
description: HIGH confidence of HIGH severity bug. By default, jinja2 sets autoescape
to False. Consider using autoescape=True or use the select_autoescape function to
mitigate XSS vulnerabilities. ./Firmware/src/modules/systemlib/param/px_generate_params.py:35.
See links for more info on the bug.
cwe: None
cve: None
keywords:
- bandit
- bug
- static analysis
- testing
- triage
- bug
- 'version: v1.7.0'
- 'robot component: PX4'
- components software
system: ''
vendor: null
severity:
rvss-score: 0
rvss-vector: ''
severity-description: ''
cvss-score: 0
cvss-vector: ''
links:
- https://github.com/aliasrobotics/RVD/issues/3291
- https://bandit.readthedocs.io/en/latest/plugins/b701_jinja2_autoescape_false.html
flaw:
phase: testing
specificity: subject-specific
architectural-location: application-specific
application: N/A
subsystem: N/A
package: N/A
languages: None
date-detected: 2020-06-30 (10:47)
detected-by: Alias Robotics
detected-by-method: testing static
date-reported: 2020-06-30 (10:47)
reported-by: Alias Robotics
reported-by-relationship: automatic
issue: https://github.com/aliasrobotics/RVD/issues/3291
reproducibility: always
trace: ./Firmware/src/modules/systemlib/param/px_generate_params.py:35
reproduction: See artifacts below (if available)
reproduction-image: ''
exploitation:
description: ''
exploitation-image: ''
exploitation-vector: ''
exploitation-recipe: ''
mitigation:
description: ''
pull-request: ''
date-mitigation: ''