Rich reporting: HTML + CSV artifacts with 7 customer columns#8
Conversation
cycode-summary.py now produces three formats from one JSON input: - Markdown for the Azure Pipelines Build Summary tab (uploadsummary) - Self-contained HTML with severity badges, filterable table, and expandable description + remediation guidance - Excel-friendly CSV with all the same data for offline analysis Columns per customer ask: Issue Name, Description, Where (line), File, Metadata (severity/type/CWE/OWASP/language/category), Mitigation (full remediation_guidelines from the Cycode platform), and a Console URL per finding (links to the policy rule page; base URL overridable via CYCODE_CONSOLE_URL env var). Pipeline bundles raw JSON + HTML + CSV + Markdown into one 'cycode-report' artifact. Verified end-to-end in the azure-pipeline-demo-adv ADO environment.
![cycode-security[bot]](https://avatars.githubusercontent.com/in/39308?s=60&v=4){kind=small}
|
|
||
|
|
||
| def write_csv(rows: list[dict], path: str, base_url: str) -> None: | ||
| with open(path, "w", newline="", encoding="utf-8") as f: |
There was a problem hiding this comment.
❗Cycode: SAST violation: 'Unsanitized user input in file path'.
Severity: High
Description
Unsanitized user input in file path resolution can lead to security vulnerabilities. This issue arises when an application directly uses input from the user to determine file paths or names without proper validation or sanitization. Attackers can exploit this to access unauthorized files or directories, leading to data breaches or other security compromises.
Cycode Remediation Guideline
✅ Do
- Do use a safelist to define accessible paths or directories. Only allow user input to influence file paths within these predefined, safe boundaries.
- Do sanitize user input used in file path resolution. For example, use absolute paths and check against the expected base directory
BASE_DIRECTORY = '/path/to/safe/directory' my_path = os.path.abspath(os.path.join(BASE_DIRECTORY, user_input)) if my_path.startswith(BASE_DIRECTORY): open(my_path)
❌ Don't
- Do not directly use user input in file paths without sanitization. Failure to sanitize could allow attackers to manipulate file paths and to access or manipulate unauthorized files.
🎥 Learning materials (by Secure Code Warrior)
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_sast_ignore_here <reason> | Ignore this violation — applies to this violation only |
| #cycode_ai_remediation | Request remediation guidance using Cycode AI |
| #cycode_sast_false_positive <reason> | Mark as false positive — applies to this violation only |
| ) | ||
| args = parser.parse_args() | ||
|
|
||
| with open(args.input_json) as f: |
There was a problem hiding this comment.
❗Cycode: SAST violation: 'Unsanitized user input in file path'.
Severity: High
Description
Unsanitized user input in file path resolution can lead to security vulnerabilities. This issue arises when an application directly uses input from the user to determine file paths or names without proper validation or sanitization. Attackers can exploit this to access unauthorized files or directories, leading to data breaches or other security compromises.
Cycode Remediation Guideline
✅ Do
- Do use a safelist to define accessible paths or directories. Only allow user input to influence file paths within these predefined, safe boundaries.
- Do sanitize user input used in file path resolution. For example, use absolute paths and check against the expected base directory
BASE_DIRECTORY = '/path/to/safe/directory' my_path = os.path.abspath(os.path.join(BASE_DIRECTORY, user_input)) if my_path.startswith(BASE_DIRECTORY): open(my_path)
❌ Don't
- Do not directly use user input in file paths without sanitization. Failure to sanitize could allow attackers to manipulate file paths and to access or manipulate unauthorized files.
🎥 Learning materials (by Secure Code Warrior)
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_sast_ignore_here <reason> | Ignore this violation — applies to this violation only |
| #cycode_ai_remediation | Request remediation guidance using Cycode AI |
| #cycode_sast_false_positive <reason> | Mark as false positive — applies to this violation only |
| print(md) | ||
|
|
||
| if args.html: | ||
| with open(args.html, "w", encoding="utf-8") as f: |
There was a problem hiding this comment.
❗Cycode: SAST violation: 'Unsanitized user input in file path'.
Severity: High
Description
Unsanitized user input in file path resolution can lead to security vulnerabilities. This issue arises when an application directly uses input from the user to determine file paths or names without proper validation or sanitization. Attackers can exploit this to access unauthorized files or directories, leading to data breaches or other security compromises.
Cycode Remediation Guideline
✅ Do
- Do use a safelist to define accessible paths or directories. Only allow user input to influence file paths within these predefined, safe boundaries.
- Do sanitize user input used in file path resolution. For example, use absolute paths and check against the expected base directory
BASE_DIRECTORY = '/path/to/safe/directory' my_path = os.path.abspath(os.path.join(BASE_DIRECTORY, user_input)) if my_path.startswith(BASE_DIRECTORY): open(my_path)
❌ Don't
- Do not directly use user input in file paths without sanitization. Failure to sanitize could allow attackers to manipulate file paths and to access or manipulate unauthorized files.
🎥 Learning materials (by Secure Code Warrior)
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_sast_ignore_here <reason> | Ignore this violation — applies to this violation only |
| #cycode_ai_remediation | Request remediation guidance using Cycode AI |
| #cycode_sast_false_positive <reason> | Mark as false positive — applies to this violation only |
|
|
||
| md = render_markdown(rows, args.console_url, args.artifact_hint if (args.html or args.csv) else "") | ||
| if args.md: | ||
| with open(args.md, "w", encoding="utf-8") as f: |
There was a problem hiding this comment.
❗Cycode: SAST violation: 'Unsanitized user input in file path'.
Severity: High
Description
Unsanitized user input in file path resolution can lead to security vulnerabilities. This issue arises when an application directly uses input from the user to determine file paths or names without proper validation or sanitization. Attackers can exploit this to access unauthorized files or directories, leading to data breaches or other security compromises.
Cycode Remediation Guideline
✅ Do
- Do use a safelist to define accessible paths or directories. Only allow user input to influence file paths within these predefined, safe boundaries.
- Do sanitize user input used in file path resolution. For example, use absolute paths and check against the expected base directory
BASE_DIRECTORY = '/path/to/safe/directory' my_path = os.path.abspath(os.path.join(BASE_DIRECTORY, user_input)) if my_path.startswith(BASE_DIRECTORY): open(my_path)
❌ Don't
- Do not directly use user input in file paths without sanitization. Failure to sanitize could allow attackers to manipulate file paths and to access or manipulate unauthorized files.
🎥 Learning materials (by Secure Code Warrior)
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_sast_ignore_here <reason> | Ignore this violation — applies to this violation only |
| #cycode_ai_remediation | Request remediation guidance using Cycode AI |
| #cycode_sast_false_positive <reason> | Mark as false positive — applies to this violation only |
2 participants
Summary
Test plan