Adithyan AK

icon indicating a website link https://adithyanak.com

icon company @owasp icon location California icon location Security Engineer at Salesforce | Carnegie Mellon | OSCP | CRTP | CREST CRT | CEH Master

Results 10 issues of Adithyan AK

Fix: 1 security vulnerabilities in reverseip.py

## 🔒 Security Fixes This PR fixes **1 security vulnerability**: ### ✅ 1. Broad Exception Handling Could Mask Important Error Information Replaced broad except Exception with specific exceptions (requests.exceptions.RequestException, ValueError)...

Fix: 1 security vulnerabilities in subdomain.py

## 🔒 Security Fixes This PR fixes **1 security vulnerability**: ### ✅ 1. Hardcoded API Key Replaced the hardcoded VirusTotal API key with reading the API key from an environment...

Fix: 1 security vulnerabilities in cors.py

## Security Fixes\n\nThis PR fixes 1 security vulnerabilities:\n\n- **vuln_bbc95ca1241c48a1a15120295de40bc4**: Implemented a whitelist for allowed hosts and ports via ALLOWED_HOSTS and ALLOWED_PORTS sets. Added validation functions is_valid_hostname and validate_host_port to verify...

Fix: 1 security vulnerabilities in lfi.py

## Security Fixes\n\nThis PR fixes 1 security vulnerabilities:\n\n- **vuln_36595aac9aa44d75b1477b1836f0877b**: Added a whitelist of allowed domains and a function to detect private IP addresses. Validated that the domain parameter is either...

Fix: 1 security vulnerabilities in nslookup.py

## Security Fixes\n\nThis PR fixes 1 security vulnerabilities:\n\n- **vuln_f0c410e9bfaa484a8dd646207d90ea6c**: Removed usage of external HTTP request to 'api.hackertarget.com' to prevent SSRF. Replaced with local DNS resolution using socket.gethostbyname and socket.getaddrinfo which...

Fix: 1 security vulnerabilities in openredirect.py

## Security Fixes\n\nThis PR fixes 1 security vulnerabilities:\n\n- **vuln_d7ee0a7aa9cf43e091849fae0a0dc3c2**: Validated and sanitized the host input using urlparse to ensure it is a valid hostname. Validated the port and returned early...

Fix: 1 security vulnerabilities in others.py

## Security Fixes\n\nThis PR fixes 1 security vulnerabilities:\n\n- **vuln_18bdba3b6e9f4248b59fb103283e5981**: Added a host validation function 'is_valid_host' to ensure the provided host is within a whitelist of allowed domains and resolves to...

Fix: 1 security vulnerabilities in nslookup.py

## Security Fixes\n\nThis PR fixes 1 security vulnerabilities:\n\n- **vuln_51457539f84642da81d3e99a880bce20**: Replaced the insecure HTTP request to an external DNS API with a local DNS lookup using Python's socket library to prevent...

Fix: 1 security vulnerabilities in subdomain.py

## Security Fixes\n\nThis PR fixes 1 security vulnerabilities:\n\n- **vuln_a629ba3613ab4db896157a004f395471**: Added validation for the 'host' parameter using a regular expression to ensure it matches a valid domain name format. Raised a...

Fix: 1 security vulnerabilities in reverseip.py

## Security Fixes\n\nThis PR fixes 1 security vulnerabilities:\n\n- **vuln_bc318e0b43a34dafaa74def34c7957af**: Added validation of the host parameter to ensure it is either a valid IP address or a valid domain name before...