diff --git a/techstack.md b/techstack.md new file mode 100644 index 000000000..a0784ad9b --- /dev/null +++ b/techstack.md @@ -0,0 +1,96 @@ + +
+ +# Tech Stack File +![](https://img.stackshare.io/repo.svg "repo") [yonasb/syte](https://github.com/yonasb/syte)![](https://img.stackshare.io/public_badge.svg "public") +

+|14
Tools used|03/13/24
Report generated| +|------|------| +
+ +## Languages (2) + + + + + + +
+ JavaScript +
+ JavaScript +
+ +		 + Python +
+ Python +
+ +
+ +## DevOps (2) + + + + + + +
+ Git +
+ Git +
+ +		 + PyPI +
+ PyPI +
+ +
+ + +## Open source packages (10) + +## PyPI (10) + +|NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| +|:------|:------|:------|:------|:------|:------| +|[Django](https://pypi.org/project/Django)|v1.4|05/27/12|Rodrigo Neri |BSD-3-Clause|[CVE-2021-44420](https://github.com/advisories/GHSA-v6rh-hp5x-86rv) (High)
[CVE-2014-0472](https://github.com/advisories/GHSA-rvq6-mrpv-m6rm) (Moderate)
[CVE-2012-3444](https://github.com/advisories/GHSA-5h2q-4hrp-v9rr) (Moderate)| +|[certifi](https://pypi.org/project/certifi)|v0.0.8|05/27/12|Rodrigo Neri |MPL-2.0|N/A| +|[chardet](https://pypi.org/project/chardet)|v1.0.1|05/27/12|Rodrigo Neri |LGPL-2.1|N/A| +|[gunicorn](https://pypi.org/project/gunicorn)|v0.14.2|05/27/12|Rodrigo Neri |MIT|[CVE-2018-1000164](https://github.com/advisories/GHSA-32pc-xphx-q4f6) (High)| +|[httplib2](https://pypi.org/project/httplib2)|v0.7.4|05/27/12|Rodrigo Neri |MIT|[CVE-2020-11078](https://github.com/advisories/GHSA-gg84-qgv9-w4pq) (Low)
[CVE-2021-21240](https://github.com/advisories/GHSA-93xj-8mrv-444m) (Low)| +|[oauthlib](https://pypi.org/project/oauthlib)|v0.1.3|05/27/12|Rodrigo Neri |BSD-3-Clause|N/A| +|[psycopg2](https://pypi.org/project/psycopg2)|v2.4.5|05/27/12|Rodrigo Neri |BSD-3-Clause-Attribution|N/A| +|[pyasn1](https://pypi.org/project/pyasn1)|v0.1.3|05/27/12|Rodrigo Neri |BSD-2-Clause|N/A| +|[requests](https://pypi.org/project/requests)|v0.12.1|05/27/12|Rodrigo Neri |Apache-2.0|[CVE-2018-18074](https://github.com/advisories/GHSA-x84v-xcm2-53pg) (High)
[CVE-2014-1830](https://github.com/advisories/GHSA-652x-xj99-gmcc) (Moderate)
[CVE-2014-1829](https://github.com/advisories/GHSA-cfj3-7x9c-4p3h) (Moderate)| +|[rsa](https://pypi.org/project/rsa)|v3.0.1|05/27/12|Rodrigo Neri |Apache-2.0|[CVE-2020-13757](https://github.com/advisories/GHSA-537h-rv9q-vvph) (High)
[CVE-2016-1494](https://github.com/advisories/GHSA-8rjr-6qq5-pj9p) (Moderate)
[CVE-2020-25658](https://github.com/advisories/GHSA-xrx6-fmxq-rjj2) (Moderate)| + +
+
+ +Generated via [Stack File](https://github.com/marketplace/stack-file) diff --git a/techstack.yml b/techstack.yml new file mode 100644 index 000000000..0431f6269 --- /dev/null +++ b/techstack.yml @@ -0,0 +1,273 @@ +repo_name: yonasb/syte +report_id: c38788f8f5d63b406e111f87aef3092e +version: 0.1 +repo_type: Public +timestamp: '2024-03-13T16:30:23+00:00' +requested_by: rigoneri +provider: github +branch: master +detected_tools_count: 14 +tools: +- name: JavaScript + description: Lightweight, interpreted, object-oriented language with first-class + functions + website_url: https://developer.mozilla.org/en-US/docs/Web/JavaScript + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/1209/javascript.jpeg + detection_source_url: https://github.com/yonasb/syte + detection_source: Repo Metadata +- name: Python + description: A clear and powerful object-oriented programming language, comparable + to Perl, Ruby, Scheme, or Java. + website_url: https://www.python.org + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/993/pUBY5pVj.png + detection_source_url: https://github.com/yonasb/syte + detection_source: Repo Metadata +- name: Git + description: Fast, scalable, distributed revision control system + website_url: http://git-scm.com/ + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Version Control System + image_url: https://img.stackshare.io/service/1046/git.png + detection_source_url: https://github.com/yonasb/syte + detection_source: Repo Metadata +- name: PyPI + description: A repository of software for the Python programming language + website_url: https://pypi.org/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Hosted Package Repository + image_url: https://img.stackshare.io/service/12572/-RIWgodF_400x400.jpg + detection_source_url: https://github.com/yonasb/syte/blob/master/requirements.txt + detection_source: requirements.txt + last_updated_by: Rodrigo Neri + last_updated_on: 2012-05-27 03:32:07.000000000 Z +- name: Django + description: A high-level Python Web framework that encourages rapid development + and clean + package_url: https://pypi.org/project/Django + version: '1.4' + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19832/default_58dbe7b4d7ec447b62773209af0f9a31bbabf5bd.png + detection_source_url: https://github.com/yonasb/syte/blob/master/requirements.txt + detection_source: requirements.txt + last_updated_by: Rodrigo Neri + last_updated_on: 2012-05-27 03:32:07.000000000 Z + vulnerabilities: + - name: Potential bypass of an upstream access control based on URL paths in Django + cve_id: CVE-2021-44420 + cve_url: https://github.com/advisories/GHSA-v6rh-hp5x-86rv + detected_date: Dec 14 + severity: high + first_patched: 2.2.25 + - name: Code Injection in Django + cve_id: CVE-2014-0472 + cve_url: https://github.com/advisories/GHSA-rvq6-mrpv-m6rm + detected_date: Feb 24 + severity: moderate + first_patched: 1.4.11 + - name: Django vulnerable to Improper Restriction of Operations within the Bounds + of a Memory Buffer + cve_id: CVE-2012-3444 + cve_url: https://github.com/advisories/GHSA-5h2q-4hrp-v9rr + detected_date: Apr 22 + severity: moderate + first_patched: 1.4.1 +- name: certifi + description: Python package for providing Mozilla's CA Bundle + package_url: https://pypi.org/project/certifi + version: 0.0.8 + license: MPL-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19849/default_75c38a39b9f0062814489e2ec2cbfca0ca15d9ba.png + detection_source_url: https://github.com/yonasb/syte/blob/master/requirements.txt + detection_source: requirements.txt + last_updated_by: Rodrigo Neri + last_updated_on: 2012-05-27 03:32:07.000000000 Z +- name: chardet + description: Universal encoding detector for Python 2 and 3 + package_url: https://pypi.org/project/chardet + version: 1.0.1 + license: LGPL-2.1 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19856/default_4a8a8fdc10130068bf295812b98e9b72fb42fe70.png + detection_source_url: https://github.com/yonasb/syte/blob/master/requirements.txt + detection_source: requirements.txt + last_updated_by: Rodrigo Neri + last_updated_on: 2012-05-27 03:32:07.000000000 Z +- name: gunicorn + description: WSGI HTTP Server for UNIX + package_url: https://pypi.org/project/gunicorn + version: 0.14.2 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19931/default_74a0c20721d3a0a1484d69586401591fe8993db2.png + detection_source_url: https://github.com/yonasb/syte/blob/master/requirements.txt + detection_source: requirements.txt + last_updated_by: Rodrigo Neri + last_updated_on: 2012-05-27 03:32:07.000000000 Z + vulnerabilities: + - name: Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers + cve_id: CVE-2018-1000164 + cve_url: https://github.com/advisories/GHSA-32pc-xphx-q4f6 + detected_date: Aug 22 + severity: high + first_patched: 19.5.0 +- name: httplib2 + description: A comprehensive HTTP client library + package_url: https://pypi.org/project/httplib2 + version: 0.7.4 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19914/default_37434feaacace26053e41d6e4802560af16ebe44.png + detection_source_url: https://github.com/yonasb/syte/blob/master/requirements.txt + detection_source: requirements.txt + last_updated_by: Rodrigo Neri + last_updated_on: 2012-05-27 03:32:07.000000000 Z + vulnerabilities: + - name: CRLF injection in httplib2 + cve_id: CVE-2020-11078 + cve_url: https://github.com/advisories/GHSA-gg84-qgv9-w4pq + detected_date: Aug 22 + severity: low + first_patched: 0.18.0 + - name: Regular Expression Denial of Service (REDoS) in httplib2 + cve_id: CVE-2021-21240 + cve_url: https://github.com/advisories/GHSA-93xj-8mrv-444m + detected_date: Aug 22 + severity: low + first_patched: 0.19.0 +- name: oauthlib + description: A generic + package_url: https://pypi.org/project/oauthlib + version: 0.1.3 + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20048/default_d9e0956c82c17d568b62f3b0d5e2080c1e501e59.png + detection_source_url: https://github.com/yonasb/syte/blob/master/requirements.txt + detection_source: requirements.txt + last_updated_by: Rodrigo Neri + last_updated_on: 2012-05-27 03:32:07.000000000 Z +- name: psycopg2 + description: Psycopg2 - Python-PostgreSQL Database Adapter + package_url: https://pypi.org/project/psycopg2 + version: 2.4.5 + license: BSD-3-Clause-Attribution + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20416/default_64aa60b33468d1d28611966765867676f6303b64.png + detection_source_url: https://github.com/yonasb/syte/blob/master/requirements.txt + detection_source: requirements.txt + last_updated_by: Rodrigo Neri + last_updated_on: 2012-05-27 03:32:07.000000000 Z +- name: pyasn1 + description: ASN.1 types and codecs + package_url: https://pypi.org/project/pyasn1 + version: 0.1.3 + license: BSD-2-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19915/default_37434feaacace26053e41d6e4802560af16ebe44.png + detection_source_url: https://github.com/yonasb/syte/blob/master/requirements.txt + detection_source: requirements.txt + last_updated_by: Rodrigo Neri + last_updated_on: 2012-05-27 03:32:07.000000000 Z +- name: requests + description: Python HTTP for Humans + package_url: https://pypi.org/project/requests + version: 0.12.1 + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19826/default_d7c684bf2673f008a9f02ac93901229297a22d7e.png + detection_source_url: https://github.com/yonasb/syte/blob/master/requirements.txt + detection_source: requirements.txt + last_updated_by: Rodrigo Neri + last_updated_on: 2012-05-27 03:32:07.000000000 Z + vulnerabilities: + - name: Insufficiently Protected Credentials in Requests + cve_id: CVE-2018-18074 + cve_url: https://github.com/advisories/GHSA-x84v-xcm2-53pg + detected_date: Aug 22 + severity: high + first_patched: 2.20.0 + - name: Exposure of Sensitive Information to an Unauthorized Actor in Requests + cve_id: CVE-2014-1830 + cve_url: https://github.com/advisories/GHSA-652x-xj99-gmcc + detected_date: Jul 8 + severity: moderate + first_patched: 2.3.0 + - name: Exposure of Sensitive Information to an Unauthorized Actor in Requests + cve_id: CVE-2014-1829 + cve_url: https://github.com/advisories/GHSA-cfj3-7x9c-4p3h + detected_date: Jul 8 + severity: moderate + first_patched: 2.3.0 +- name: rsa + description: Pure-Python RSA implementation + package_url: https://pypi.org/project/rsa + version: 3.0.1 + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20021/default_faea030602e3d71554c57e6fc53190ac830da00d.png + detection_source_url: https://github.com/yonasb/syte/blob/master/requirements.txt + detection_source: requirements.txt + last_updated_by: Rodrigo Neri + last_updated_on: 2012-05-27 03:32:07.000000000 Z + vulnerabilities: + - name: Python-RSA decryption of ciphertext leads to DoS + cve_id: CVE-2020-13757 + cve_url: https://github.com/advisories/GHSA-537h-rv9q-vvph + detected_date: Aug 22 + severity: high + first_patched: '4.1' + - name: Python RSA allows attackers to spoof signatures + cve_id: CVE-2016-1494 + cve_url: https://github.com/advisories/GHSA-8rjr-6qq5-pj9p + detected_date: Jul 29 + severity: moderate + first_patched: '3.3' + - name: Timing attacks in python-rsa + cve_id: CVE-2020-25658 + cve_url: https://github.com/advisories/GHSA-xrx6-fmxq-rjj2 + detected_date: Aug 22 + severity: moderate + first_patched: '4.7'