Tainted flow: 'EMBEDDINGS_URL' from os.environ.get (line 42, credential/environment) → subprocess.run (code execution)
Medium
- Category
- Data Flow
- Content
if _embeddings_available is not None: return _embeddings_available try: result = subprocess.run( ["curl", "-s", "-m", "2", "-X", "POST", EMBEDDINGS_URL, "-H", "Content-Type: application/json", "-d", json.dumps({"input": "test"})],- Confidence
- 90% confidence
- Finding
- result = subprocess.run( ["curl", "-s", "-m", "2", "-X", "POST", EMBEDDINGS_URL, "-H", "Content-Type: application/json", "-d", json.dumps({"input": "test"
