Tainted flow: 'payload' from os.environ.get (line 27, credential/environment) → requests.post (network output)
Critical
- Category
- Data Flow
- Content
"Content-Type": "application/json", "X-API-Key": SKILLPAY_API_KEY } response = requests.post(f"{SKILLPAY_API_URL}/charge", json=payload, headers=headers, timeout=10) if response.status_code == 200: data = response.json() if data.get("success"):- Confidence
- 98% confidence
- Finding
- response = requests.post(f"{SKILLPAY_API_URL}/charge", json=payload, headers=headers, timeout=10)