Giter Club home page Giter Club logo

python-mini-projects's Introduction

forthebadge forthebadge forthebadge forthebadge

Python-Mini-Projects

All Contributors Issues Pull Requests Forks Stars License

A collection of simple python mini projects to enhance your Python skills.

If you want to learn about python, visit here.

If you are new to Github and open source then, visit here.

Steps To Follow

  • Select an issue and ask to be assigned to it.

  • Check existing scripts in the projects directory.

  • Star this repository.

  • On the python-mini-projects repo page, click the Fork button.

  • Clone your forked repository to your local machine. This button will show you the URL to run.

    For example, run this command inside your terminal:

    git clone https://github.com/<your-github-username>/python-mini-projects.git

    Replace <your-github-username>!

    Learn more about forking and cloning a repo.

  • Before you make any changes, keep your fork in sync to avoid merge conflicts:

    git remote add upstream https://github.com/Python-World/python-mini-projects.git
git fetch upstream
git pull upstream master
git push

    Alternatively, GitHub also provides syncing now - click "Fetch upstream" at the top of your repo below "Code" button.

  • If you run into a merge conflict, you have to resolve the conflict. There are a lot of guides online, or you can try this one by opensource.com.

  • Checkout to development branch (name your branch according to the issue name).

    git checkout -b <branch-name>

  • Create a folder in projects directory according to issue name.

  • Write your code and add to the respective folder in the projects directory, locally.

  • Don't forget to add a README.md in your folder, according to the README_TEMPLATE.

  • Add the changes with git add, git commit (write a good commit message, if possible):

    git add -A
git commit -m "<your message>"

  • Push the code to your repository.

    git push origin <branch-name>

  • Go to the GitHub page of your fork, and make a pull request:

    pull request image

    Read more about pull requests on the GitHub help pages.

  • Now wait, until one of us reviews your Pull Request! If there are any conflicts, you will get a notification.

README Template for scripts

README Template

Connect On Social media

Join WhatsApp group

Contributors ✨

SR No Project Author
1 Hello World Ravi Chavare
2 JSON to CSV Murilo Pagliuso
3 Random Password Generator Mitesh
4 Instagram Profile Info Ravi Chavare
5 Search string in Files Mitesh
6 Fetch links from Webpage Mitesh & Michael Mba
7 Todo App With Flask Mitesh
8 Add Watermark on Images Mitesh
9 WishList App Using Django Ravi Chavare
10 Split Folders into Subfolders Ravi Chavare
11 Download bulk images Mitesh
12 Random word from file Ravi Chavare
13 Battery notification Mitesh
14 Calculate age Gaodong
15 Text file analysis m044de
16 Generate image snipets ravi chavare
17 Organize file system Mitesh
18 Send emails Mitesh
19 Get Ipaddress and Hostname of Website Nuh Mohammed
20 Progressbar using tqdm Mitesh
21 Get meta information of images Gaodong
22 Captures Frames from video phileinSophos
23 Fetch Wifi Saved Password Windows Mitesh
24 Save Screenshot of given Website m044de
25 Split files using no of lines phileinSophos
26 Encrypt and decrypt text Gaodong
27 Captures screenshot at regular interval of time d33pc
28 Create password hash m044de
29 Encrypt file and folders Gaodong
30 Decimal to binary and vice versa Alan Anaya
31 Cli Based Todo Application Audrey Yang
32 Currency Convertor cli app github-of-wone
33 Stopwatch Application Gaodong
34 CLI Proxy Tester Ingo Kleiber
35 XML to JSON file Convertor John Kirtley
36 Compress file and folders Gaodong
37 Find IMDB movie ratings ShivSt
38 Convert dictionary to python object Varun-22
39 Move files to alphabetically arranged folders Chathura Nimesh
40 Scrape Youtube video comment Saicharan67
41 Website Summerization Believe Ohiozua
42 Text To speech(mp3) Sergej Dikun
43 Image format conversion Ramon Ferreira
44 Save random article from wikipedia Rakshit Puri
45 Check website connectivity Shiv Thakur
46 Fetch city weather information Kushal Agrawal
47 Calculator App Gaodong
48 Merge Csv files Kushal Agrawal
49 Fetch tweets and save in csv Kushal Agrawal
50 Language Translator using googletrans Ashiqur Rahman Tusher
51 Split video using timeperiod Chathura Nimesh
52 Fetch unique words from file Rakshit Puri
53 Speech to text converter Paulo Henrique
54 Set Random Wallpaper Chathura Nimesh
55 Find Dominant color from image Mitesh
56 Ascii art Shiny Akash
57 Merge Pdf Files ShivSt
58 Fetch Open Port Kushal Agrawal
59 Convert Numbers To Words Niraj Shrestha
60 Restart and Shutdown System Phillibob55
61 Check website connectivity Shiv Thakur
62 Digital clock using tkinter Aditya Jetely
63 Covert Image To Pdf Gaodong
64 Store emails in csv file Shiv Thakur
65 Test Internet Connection Jacob Ogle
66 XKCD Comics Downloader Aditya Jetely
67 Website Blocker And Unblocker Phillibob55
68 Fetch Domain Dns Record Aditya Jetely
69 Python-Auto-Draw Tushar Nankani
70 News Website Scraper pratik-choudhari
71 Rock Paper Scissors Game Tushar Nankani
72 Zip File Extractor Aditya Jetely
73 Random Password Generator Tushar Nankani
74 Script to perform Geocoding Aditya Jetely
75 Python Carbon Clips Ravishankar Chavare
76 QR Code Generator Shiv Thakur
77 Recursive Password Generator Erfan Saberi
78 Tic Tac Toe Erfan Saberi
79 Tic Tac Toe with AI Tushar Nankani
80 Cartoonify an Image Bartu Yaman
81 Quote Scrapper Anandha Krishnan Aji
82 Time To Load Website Aditya Jetely
83 Customer Loan Repayment Prediction ART
84 Generate Wordcloud from Wikipedia Article Naman Shah
85 Number Guessing Game Javokhirbek
86 Convert JPEG to PNG AnuragGupta
87 Movie Information Scrapper Anandha Krishnan Aji
88 Fetch HTTP Status Code AkshataJ96
89 Check Leap Year Hariom Vyas
90 Scrape Medium Articles Naman Shah
91 HackerNews Scrapper Javokhirbek
92 Reduce Image Size Vipul Verma
93 Easy Video Player Bartu Yaman
94 GeeksforGeeks Article downloader Shiv Thakur
95 PDF to Text pi1814
96 Unstructured Supplemenrary Service Data ART
97 Duplicate Files remover Anandha Krishnan Aji
98 PNG to ICO converter weicheansoo
99 Find IMDB Ratings Utkarsh Bajaj
100 Terminal Based Hangman Game neohboonyee99
101 Whatsapp Bot urmil89
102 Zip Bruter Erdoğan YOKSUL
103 CountDown Timer Japneet Kalra

Test 170/1

python-mini-projects's People

Contributors

adityaj7 avatar alex108-lab avatar anandhakrishnanaji avatar azhad56 avatar brtymn avatar chandrabosep avatar chavarera avatar darahaas15 avatar dependabot[bot] avatar devanshh avatar echoaj avatar erfansaberi avatar githubuser1234567890 avatar hariom1509 avatar killinefficiency avatar leader2one avatar logan-mo avatar mitesh2499 avatar namanshah01 avatar pi1814 avatar shiny-akash avatar shivst avatar skate1512 avatar tomyzon1728 avatar tripleee avatar tusharnankani avatar ulixius9 avatar urmillive avatar utkarshbajaj avatar xlgd avatar

python-mini-projects's Issues

CX Unchecked_Input_for_Loop_Condition @ projects/Terminal_Based_Hangman_Game/hangman.py [master]

Unchecked_Input_for_Loop_Condition issue exists @ projects/Terminal_Based_Hangman_Game/hangman.py in branch master

Method main at line 177 of projects\Terminal_Based_Hangman_Game\hangman.py gets user input from element input . This element’s value flows through the code without being validated, and is eventually used in a loop condition in main at line 177 of projects\Terminal_Based_Hangman_Game\hangman.py. This constitutes an Unchecked Input for Loop Condition.Similarity ID: 1161607269

Severity: Medium

CWE:606

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: 177

Code (Line #177):

while input("Play Again? (Y/N): ").upper() == "Y":

CX Command_Injection @ projects/Terminal_progress_bar_with_images_resizing/progress_bar_ with_images_resizing.py [master]

Command_Injection issue exists @ projects/Terminal_progress_bar_with_images_resizing/progress_bar_ with_images_resizing.py in branch master

*The application's input method calls an OS (shell) command with input, at line 17 of projects\Terminal_progress_bar_with_images_resizing\progress_bar_ with_images_resizing.py, using an untrusted string with the command to execute.  This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.The attacker may be able to inject the executed command via user input, input, which is retrieved by the application in the input method, at line 17 of projects\Terminal_progress_bar_with_images_resizing\progress_bar_ with_images_resizing.py.Similarity ID: -930650913

The application's input method calls an OS (shell) command with input, at line 18 of projects\Terminal_progress_bar_with_images_resizing\progress_bar_ with_images_resizing.py, using an untrusted string with the command to execute.  This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.The attacker may be able to inject the executed command via user input, input, which is retrieved by the application in the input method, at line 18 of projects\Terminal_progress_bar_with_images_resizing\progress_bar_ with_images_resizing.py.Similarity ID: 1630544287*

Severity: High

CWE:77

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: [17](https://github.com/mariana-bteixeira/python-mini-projects/blob/master/projects/Terminal_progress_bar_with_images_resizing/progress_bar_ with_images_resizing.py#L17) [18](https://github.com/mariana-bteixeira/python-mini-projects/blob/master/projects/Terminal_progress_bar_with_images_resizing/progress_bar_ with_images_resizing.py#L18)

[Code (Line #17):](https://github.com/mariana-bteixeira/python-mini-projects/blob/master/projects/Terminal_progress_bar_with_images_resizing/progress_bar_ with_images_resizing.py#L17)

path = input("Enter Path to images : ")

[Code (Line #18):](https://github.com/mariana-bteixeira/python-mini-projects/blob/master/projects/Terminal_progress_bar_with_images_resizing/progress_bar_ with_images_resizing.py#L18)

size = input("Size Height , Width : ")

CX SSRF @ projects/download GeeksForGeeks articles/downloader.py [master]

SSRF issue exists @ projects/download GeeksForGeeks articles/downloader.py in branch master

The application sends a request to a remote server, for some resource, using get in projects\download GeeksForGeeks articles\downloader.py:47. However, an attacker can control the target of the request, by sending a URL or other data in input at projects\download GeeksForGeeks articles\downloader.py:45.Similarity ID: -2069893118

Severity: Medium

CWE:918

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: [45](https://github.com/mariana-bteixeira/python-mini-projects/blob/master/projects/download GeeksForGeeks articles/downloader.py#L45)

[Code (Line Python-World#45):](https://github.com/mariana-bteixeira/python-mini-projects/blob/master/projects/download GeeksForGeeks articles/downloader.py#L45)

URL = input("provide article URL: ")

CX SSRF @ projects/Geocoding/geocoding.py [master]

SSRF issue exists @ projects/Geocoding/geocoding.py in branch master

The application sends a request to a remote server, for some resource, using get in projects\Geocoding\geocoding.py:18. However, an attacker can control the target of the request, by sending a URL or other data in input at projects\Geocoding\geocoding.py:6.Similarity ID: 795374525

Severity: Medium

CWE:918

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: 6

Code (Line #6):

address = input("Input the address: ")

CX SSRF @ projects/Scraping Medium Articles/scraping_medium.py [master]

SSRF issue exists @ projects/Scraping Medium Articles/scraping_medium.py in branch master

The application sends a request to a remote server, for some resource, using get in projects\Scraping Medium Articles\scraping_medium.py:18. However, an attacker can control the target of the request, by sending a URL or other data in input at projects\Scraping Medium Articles\scraping_medium.py:13.Similarity ID: -1104767097

Severity: Medium

CWE:918

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: [13](https://github.com/mariana-bteixeira/python-mini-projects/blob/master/projects/Scraping Medium Articles/scraping_medium.py#L13)

[Code (Line #13):](https://github.com/mariana-bteixeira/python-mini-projects/blob/master/projects/Scraping Medium Articles/scraping_medium.py#L13)

url = input('Enter url of a medium article: ')

CX Improper_Resource_Shutdown_or_Release @ projects/Web_page_summation/utils/prepare.py [master]

Improper_Resource_Shutdown_or_Release issue exists @ projects/Web_page_summation/utils/prepare.py in branch master

A possible Denial of Service was found in line 5 in projects\Web_page_summation\utils\prepare.py file. Not closing connection leaves the server vulnerable to a DoS as the resource are not release properly.Similarity ID: -51427163

Severity: Low

CWE:404

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: 5

Code (Line #5):

with gzip.open(default_path + "sumdata/train/train.article.txt.gz", "rb") as gz:

CX SSRF @ projects/Download_images_from_website/scrap-img.py [master]

SSRF issue exists @ projects/Download_images_from_website/scrap-img.py in branch master

The application sends a request to a remote server, for some resource, using get in projects\Download_images_from_website\scrap-img.py:39. However, an attacker can control the target of the request, by sending a URL or other data in input at projects\Download_images_from_website\scrap-img.py:8.Similarity ID: -919520182

Severity: Medium

CWE:918

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: 8

Code (Line #8):

path = input("Enter Path : ")

CX Unchecked_Input_for_Loop_Condition @ projects/Find_imdb_rating/find_IMDb_rating.py [master]

Unchecked_Input_for_Loop_Condition issue exists @ projects/Find_imdb_rating/find_IMDb_rating.py in branch master

Method input at line 19 of projects\Find_imdb_rating\find_IMDb_rating.py gets user input from element input . This element’s value flows through the code without being validated, and is eventually used in a loop condition in filmswe: at line 24 of projects\Find_imdb_rating\find_IMDb_rating.py. This constitutes an Unchecked Input for Loop Condition.Similarity ID: -1406300664

Severity: Medium

CWE:606

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: 19

Code (Line #19):

path = input("Enter the path where your films are: ")

CX Command_Injection @ projects/Image_watermark/watermark.py [master]

Command_Injection issue exists @ projects/Image_watermark/watermark.py in branch master

*The application's input method calls an OS (shell) command with input, at line 31 of projects\Image_watermark\watermark.py, using an untrusted string with the command to execute.  This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.The attacker may be able to inject the executed command via user input, input, which is retrieved by the application in the input method, at line 31 of projects\Image_watermark\watermark.py.Similarity ID: -1846225891

The application's input method calls an OS (shell) command with input, at line 32 of projects\Image_watermark\watermark.py, using an untrusted string with the command to execute.  This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.The attacker may be able to inject the executed command via user input, input, which is retrieved by the application in the input method, at line 32 of projects\Image_watermark\watermark.py.Similarity ID: 1290031077*

Severity: High

CWE:77

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: 32 31

Code (Line #32):

watermark = input("Enter Watermark Path:")

Code (Line #31):

folder = input("Enter Folder Path:")

CX DoS_by_Sleep @ projects/capture_screenshot/screenshot.py [master]

DoS_by_Sleep issue exists @ projects/capture_screenshot/screenshot.py in branch master

Method parser.parse_args at line 12 of projects\capture_screenshot\screenshot.py gets user input for the parse_args element. This element’s value is eventually used to define the application’s ‘sleep’ period, in time.sleep at line 37 of projects\capture_screenshot\screenshot.py. This may enable a DoS by Sleep attack.Similarity ID: -1117934017

Severity: Medium

CWE:834

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: 12

Code (Line #12):

args = parser.parse_args()

CX Communication_Over_HTTP @ projects/Fetch_current_weather/fetch_current_weather.py [master]

Communication_Over_HTTP issue exists @ projects/Fetch_current_weather/fetch_current_weather.py in branch master

The application's requests.get method, in projects\Fetch_current_weather\fetch_current_weather.py at line 14, sends an HTTP request to the server using get. However this request is sent over unprotected HTTP, without securing the channel with HTTPS. This will expose transported data to Man-in-the-Middle attacks.Similarity ID: 1469275027

Severity: Medium

CWE:319

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: 8

Code (Line #8):

base_url = "http://api.openweathermap.org/data/2.5/weather?"

CX Unchecked_Input_for_Loop_Condition @ projects/RockPaperScissors_Game/Rock_Paper_Scissors_Game.py [master]

Unchecked_Input_for_Loop_Condition issue exists @ projects/RockPaperScissors_Game/Rock_Paper_Scissors_Game.py in branch master

Method int at line 11 of projects\RockPaperScissors_Game\Rock_Paper_Scissors_Game.py gets user input from element input . This element’s value flows through the code without being validated, and is eventually used in a loop condition in while at line 13 of projects\RockPaperScissors_Game\Rock_Paper_Scissors_Game.py. This constitutes an Unchecked Input for Loop Condition.Similarity ID: 216258543

Severity: Medium

CWE:606

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: 11

Code (Line #11):

games=int(input("\nEnter the number of games you want to play: "))

CX Unchecked_Input_for_Loop_Condition @ projects/Cli_todo/todo.py [master]

Unchecked_Input_for_Loop_Condition issue exists @ projects/Cli_todo/todo.py in branch master

Method todo at line 10 of projects\Cli_todo\todo.py gets user input from element readlines . This element’s value flows through the code without being validated, and is eventually used in a loop condition in todo at line 13 of projects\Cli_todo\todo.py. This constitutes an Unchecked Input for Loop Condition.Similarity ID: 1408973332

Severity: Medium

CWE:606

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: 10

Code (Line #10):

content = f.readlines()

CX Stored_XSS @ projects/Todo_app/app.py [master]

Stored_XSS issue exists @ projects/Todo_app/app.py in branch master

*The method %} embeds untrusted data in generated output with task, at line 50 of projects\Todo_app\templates\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the index method with all, at line 33 of projects\Todo_app\app.py. This untrusted data then flows through the code straight to the output web page, without sanitization. This can enable a Stored Cross-Site Scripting (XSS) attack.Similarity ID: 382715550

The method %} embeds untrusted data in generated output with task, at line 51 of projects\Todo_app\templates\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the index method with all, at line 33 of projects\Todo_app\app.py. This untrusted data then flows through the code straight to the output web page, without sanitization. This can enable a Stored Cross-Site Scripting (XSS) attack.Similarity ID: 2108549193

The method %} embeds untrusted data in generated output with task, at line 55 of projects\Todo_app\templates\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the index method with all, at line 33 of projects\Todo_app\app.py. This untrusted data then flows through the code straight to the output web page, without sanitization. This can enable a Stored Cross-Site Scripting (XSS) attack.Similarity ID: 382715550

The method %} embeds untrusted data in generated output with task, at line 56 of projects\Todo_app\templates\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the index method with all, at line 33 of projects\Todo_app\app.py. This untrusted data then flows through the code straight to the output web page, without sanitization. This can enable a Stored Cross-Site Scripting (XSS) attack.Similarity ID: 2108549193

The method %} embeds untrusted data in generated output with task, at line 50 of projects\Todo_app\templates\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the update method with all, at line 60 of projects\Todo_app\app.py. This untrusted data then flows through the code straight to the output web page, without sanitization. This can enable a Stored Cross-Site Scripting (XSS) attack.Similarity ID: -7340600

The method %} embeds untrusted data in generated output with task, at line 51 of projects\Todo_app\templates\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the update method with all, at line 60 of projects\Todo_app\app.py. This untrusted data then flows through the code straight to the output web page, without sanitization. This can enable a Stored Cross-Site Scripting (XSS) attack.Similarity ID: 926743795

The method %} embeds untrusted data in generated output with task, at line 55 of projects\Todo_app\templates\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the update method with all, at line 60 of projects\Todo_app\app.py. This untrusted data then flows through the code straight to the output web page, without sanitization. This can enable a Stored Cross-Site Scripting (XSS) attack.Similarity ID: -7340600

The method %} embeds untrusted data in generated output with task, at line 56 of projects\Todo_app\templates\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the update method with all, at line 60 of projects\Todo_app\app.py. This untrusted data then flows through the code straight to the output web page, without sanitization. This can enable a Stored Cross-Site Scripting (XSS) attack.Similarity ID: 926743795*

Severity: High

CWE:79

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: 33 60

Code (Line #33):

tasks = Todo.query.order_by(Todo.pub_date).all()

Code (Line #60):

tasks = Todo.query.order_by(Todo.pub_date).all()

CX Object_Access_Violation @ projects/Hashing_passwords/hashing_passwords.py [master]

Object_Access_Violation issue exists @ projects/Hashing_passwords/hashing_passwords.py in branch master

Method parser.parse_args at line 9 of projects\Hashing_passwords\hashing_passwords.py gets user input from element parse_args. This input is used by the application, without being validated, to access arbitrary attributes of potentially sensitive objects.Similarity ID: -1648249596

Severity: Medium

CWE:610

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: 9

Code (Line #9):

args = parser.parse_args()

CX Path_Traversal @ projects/EasyVideoPlayer/EasyVideoPlayer.py [master]

Path_Traversal issue exists @ projects/EasyVideoPlayer/EasyVideoPlayer.py in branch master

Method input at line 11 of projects\EasyVideoPlayer\EasyVideoPlayer.py gets dynamic data from the input element. This element’s value then flows through the code and is eventually used in a file path for local disk access in find_the_video at line 17 of projects\EasyVideoPlayer\EasyVideoPlayer.py. This may cause a Path Traversal vulnerability.Similarity ID: -448837554

Severity: Medium

CWE:22

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: 11

Code (Line #11):

video_directory_guess = input("Directory that may contain the video:    ")

CX Improper_Resource_Shutdown_or_Release @ projects/Random_word_from_list/Random_word_from_list.py [master]

Improper_Resource_Shutdown_or_Release issue exists @ projects/Random_word_from_list/Random_word_from_list.py in branch master

*A possible Denial of Service was found in line 1 in projects\Random_word_from_list\Random_word_from_list.py file. Not closing connection leaves the server vulnerable to a DoS as the resource are not release properly.Similarity ID: -784285769

A possible Denial of Service was found in line 18 in projects\Random_word_from_list\Random_word_from_list.py file. Not closing connection leaves the server vulnerable to a DoS as the resource are not release properly.Similarity ID: 721463017

A possible Denial of Service was found in line 24 in projects\Random_word_from_list\Random_word_from_list.py file. Not closing connection leaves the server vulnerable to a DoS as the resource are not release properly.Similarity ID: 1621726536

A possible Denial of Service was found in line 26 in projects\Random_word_from_list\Random_word_from_list.py file. Not closing connection leaves the server vulnerable to a DoS as the resource are not release properly.Similarity ID: -37332264*

Severity: Low

CWE:404

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: 11

Code (Line #11):

file = open(filename)

CX Trust_Boundary_Violation_in_Session_Variables @ projects/Todo_app/app.py [master]

Trust_Boundary_Violation_in_Session_Variables issue exists @ projects/Todo_app/app.py in branch master

*Method index at line 24 of projects\Todo_app\app.py gets user input from element form. This element’s value flows through the code without being properly sanitized or validated and is eventually stored in the server-side Session object, in index at line 28 of projects\Todo_app\app.py. This constitutes a Trust Boundary Violation.Similarity ID: -1779236197

Method index at line 24 of projects\Todo_app\app.py gets user input from element form. This element’s value flows through the code without being properly sanitized or validated and is eventually stored in the server-side Session object, in index at line 27 of projects\Todo_app\app.py. This constitutes a Trust Boundary Violation.Similarity ID: 383118991*

Severity: Low

CWE:501

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: 24

Code (Line #24):

task_content = request.form["task"]

CX Communication_Over_HTTP @ projects/Currency_converter/cc.py [master]

Communication_Over_HTTP issue exists @ projects/Currency_converter/cc.py in branch master

The application's requests.get method, in projects\Currency_converter\cc.py at line 19, sends an HTTP request to the server using get. However this request is sent over unprotected HTTP, without securing the channel with HTTPS. This will expose transported data to Man-in-the-Middle attacks.Similarity ID: 2018947983

Severity: Medium

CWE:319

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training
Recommended Fix

Lines: 18

Code (Line #18):

url = "http://data.fixer.io/api/latest?access_key=33ec7c73f8a4eb6b9b5b5f95118b2275"

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.