Close Open Privacy Scan
App Privacy Score
Medium risk · 821 finding(s)
Dependency score: 57 (Medium risk)
bar_chart Score Breakdown
list Scan Summary
swap_horiz External domains
0x10c.com687fb701029421ae5549d998--8000.hf.jobs::ffff:192.168.0.1ab-initio.mit.eduabseil.ioacademic.oup.comaclanthology.orgaclweb.orgaddress.localaesara.readthedocs.ioagda.readthedocs.ioaggregate.ee.engr.uky.eduaheui.github.ioaima.cs.berkeley.edualgorithmist.comalloy.mit.eduami.ektf.huampl.comandroid.stackexchange.comangular.ioapi-inference.huggingface.coapi.cerebras.aiapi.cohere.comapi.deepinfra.comapi.endpoints.huggingface.cloudapi.featherless.aiapi.fireworks.aiapi.github.comapi.groq.comapi.novita.aiapi.nuget.orgapi.openai.comapi.openml.orgapi.publicai.coapi.replicate.comapi.scaleway.aiapi.slack.comapi.telegram.orgapi.together.xyzapi.wavespeed.aiapi.yelp.comapi.z.aiapp.neptune.aiarchive.ics.uci.eduarchive.orgarduino.ccarrow.apache.orgarstechnica.comartowen.su.domainsarturo-lang.ioarxiv.orgasymptote.sf.netatom.ioaugeas.netaws.amazon.comawsdocs-neuron.readthedocs-hosted.comawslabs.github.ioaxiom-wiki.newsynthesis.orgazure.microsoft.combaremessages.orgberry-lang.github.iobford.infobitbucket.orgbl.ocks.orgblackboxframework.orgblackforestlabs.aiblitzbasic.comblitzresearch.itch.ioblog.alifaraji.irblog.fal.aiblog.famzah.netblog.ganssle.ioblogs.ams.orgblogs.mathworks.comblogs.oracle.combmva-archive.org.ukboa.cs.iastate.eduboogie-docs.readthedocs.iobooks.google.combootlin.combosh.iobost.ocks.orgbrew.shbrotlipy.readthedocs.iobugreports.qt.iobugs.python.orgbugs.winehq.orgbugzilla.gnome.orgcacr.uwaterloo.cacapnproto.orgcassandra.apache.orgcbcl.mit.educc65.github.iocdn-datasets.huggingface.cocdn-media.huggingface.cocdn.britannica.comcdn.datatables.netcdn.jsdelivr.netcdn.mathjax.orgcdnjs.cloudflare.comcecas.clemson.educens.ioc.eeceylon-lang.orgcfengine.orgcgi.di.uoa.grcgm.cs.mcgill.cachaiscript.comchapel-lang.orgchardet.feedparser.orgcharm.cs.illinois.educirru.orgciteseer.ist.psu.educiteseerx.ist.psu.educivitai.comcjheath.github.ioclang.llvm.orgclaylabs.comclean.cs.ru.nlclear.mlclick.palletsprojects.comclickhouse.comclip-cn-beijing.oss-cn-beijing.aliyuncs.comclojure.orgcloud.google.comcmake.orgcode.activestate.comcode.google.comcode.jquery.comcode.kx.comcodelabs.developers.google.comcoffeescript.orgcolab.research.google.comcole-maclean.github.iocollaboration.cmc.ec.gc.cacommunity.sap.comconnect.buildconnectrpc.comcookbook.openai.comcoq.inria.frcoqui.aicore.telegram.orgcouchdb.apache.orgcplint.eucran.r-project.orgcrates.iocrmsh.github.iocrypto.cs.mcgill.cacryptography.iocrystal-lang.orgcs-people.bu.educs.nyu.educsound.comcucumber.iocve.mitre.orgcxx.rscython.orgd3js.orgdagshub.comdarcs.netdaringfireball.netdart.devdask.pydata.orgdata-apis.orgdata.iana.orgdatasets-server.huggingface.codatatracker.ietf.orgdb.apache.orgdbpubs.stanford.edudeeplearning.netdeprecated.readthedocs.iodev-discuss.pytorch.orgdevblogs.nvidia.comdevcenter.heroku.comdeveloper.algorand.orgdeveloper.android.comdeveloper.apple.comdeveloper.mozilla.orgdeveloper.nvidia.comdeveloper.r-project.orgdevelopers.google.comdigitalassets.lib.berkeley.edudilbert.engr.ucdavis.edudiscord.comdiscordpy.readthedocs.iodiscuss.huggingface.codiscuss.python.orgdiscuss.pytorch.orgdistributed.dask.orgdl.acm.orgdlang.orgdlmf.nist.govdmlc.github.iodoc.qt.iodoc.rust-lang.orgdocbook.sourceforge.netdocker.iodocs.aeternity.comdocs.aiohttp.orgdocs.astropy.orgdocs.aws.amazon.comdocs.bodo.aidocs.dask.orgdocs.databricks.comdocs.datastax.comdocs.docker.comdocs.gap-system.orgdocs.github.comdocs.h5py.orgdocs.lfortran.orgdocs.lib.purdue.edudocs.microsoft.comdocs.modular.comdocs.mongodb.comdocs.mql4.comdocs.neptune.aidocs.nvidia.comdocs.openssl.orgdocs.oracle.comdocs.paramiko.orgdocs.pydantic.devdocs.pytest.orgdocs.python.orgdocs.pytorch.orgdocs.ray.iodocs.rsdocs.scipydocs.scipy.orgdocs.sourcemod.netdocs.sqlalchemy.orgdocs.swanlab.cndocs.sympy.orgdocs.tigergraph.comdocs.ton.orgdocs.typo3.orgdocs.wandb.aidocs.waves.techdocumentation.softwareag.comdocutils.sourceforge.iodogschool.tripod.comdoi.acm.orgdoi.orgdotnet.microsoft.comduelengine.orgdvc.orgdx.doi.orgec-lang.orgeccc.hpi-web.deeclectic.ss.uci.eduelixir-lang.orgelm-lang.orgen.ig.maen.literateprograms.orgen.m.wikipedia.orgen.wikibooks.orgen.wikipedia.orgen.wikiversity.orgencyclopediaofmath.orgendpoint.openai.azure.comendpoints.huggingface.coeprints.ma.man.ac.ukepub.ub.uni-muenchen.deepubs.siam.orgeqworld.ipmnet.ruerrors.pydantic.devessentia.upf.eduexam_ple.comexample-resource.azure.openai.comexslt.orgextempore.moso.com.auezhillang.orgfa.bianp.netfab.cba.mit.edufacebook.github.iofacebookresearch.github.iofactorcode.orgfal.runfarm4.staticflickr.comfennel-lang.orgfilebox.vt.edufiles.pythonhosted.orgfilesystem-spec.readthedocs.iofirebase.google.comfirefox-source-docs.mozilla.orgfishshell.comflax.readthedocs.ioflyte.orgfoo.comformulae.brew.shfortran-lang.orgfoss.heptapod.netfr.wikipedia.orgfreedesktop.orgfreefem.orgfrexx.defsharp.orgfsspec.github.iofunctions.wolfram.comfuthark-lang.orggalton.uchicago.edugcc.gnu.orggcp.gce.instance.hostnamegenshi.edgewall.orggeode.apache.orggeomalgorithms.comgeometer.orggeopandas.orggephi.orggexf.netgiou.stanford.edugist.github.comgit-scm.comgit.kernel.orggit.sr.htgitea.iogithub.comgithub.github.comgitlab-master.nvidia.comgitlab.comgitlab.freedesktop.orggitlab.gnome.orggitter.imgizmojo.orggleam.rungnuplot.infogo.devgolo-lang.orggoo.glgoogle.aip.devgoogle.comgosu-lang.github.iogpuopen.comgraphics.pixar.comgraphics.stanford.edugraphml.graphdrawing.orggraphql.orggroovy-lang.orggroupprops.subwiki.orggroups.google.comgrpc.github.ioguillaumejaume.github.iogum.coh2database.comhal.archives-ouvertes.frhal.inria.frhamberg.nohaml.infohandlebarsjs.comharelang.orghastie.su.domainshaxe.orghbase.apache.orghelp.adobe.comhelp.gooddata.comhelp.openai.comhf.cohg.python.orghips.hearstapps.comhive.apache.orghome.ie.cuhk.edu.hkhome.olemiss.eduhomepages.dcc.ufmg.brhomepages.ecs.vuw.ac.nzhomes.civil.aau.dkhost.comhpccsystems.comhsqldb.orghtml.spec.whatwg.orghttpbin.orghttpd.apache.orghttpwg.orghub-ci.huggingface.cohub.my-company.comhuggingface.cohylang.orghyper.rshypothesis.readthedocs.ioi.postimg.cci.stanford.edui2vgen-xl.github.ioidris2.readthedocs.ioieeexplore.ieee.orgimageio.readthedocs.ioimagen.research.googleimages.cocodataset.orgimages.pexels.comimg.shields.ioimportlib-resources.readthedocs.ioin.mathworks.comindex.docker.ioinf.ufrgs.brinference.api.nscale.cominform-fiction.orginform7.comioke.orgiolanguage.comiopscience.iop.orgipython.orgipython.readthedocs.ioipython.scipy.orgipywidgets.readthedocs.ioisabelle.in.tum.deisocpp.orgitanium-cxx-abi.github.ioiuuk.mff.cuni.czj3-fortran.orgjanet-lang.orgjasmin.sourceforge.netjax.readthedocs.iojeromekelleher.netjfbillingsley.comjgm.github.iojinja.palletsprojects.comjmespath.orgjmlr.csail.mit.edujoblib.readthedocs.iojournals.aps.orgjournals.plos.orgjponnela.comjsoftware.comjson-ld.orgjson-schema.orgjson5.orgjsonlines.orgjsonnet.orgjulialang.orgjupyter-client.readthedocs.orgjuttle.github.iojzgu0buei5.us-east-1.aws.endpoints.huggingface.cloudkconrad.math.uconn.edukeras.iokexue.fmkid-templating.orgkippura.orgkogs-www.informatik.uni-hamburg.dekoka-lang.github.iokotlinlang.orgkubernetes.iolaion.ailara.epfl.chlark-parser.readthedocs.ioleanprover-community.github.iolearn.microsoft.comlesscss.orglh3.googleusercontent.comlib.stat.cmu.edulibrosa.orglibsdl.orglighttpd.netlilypond.orglink.springer.comlinux.die.netlinuxdevcenter.comlips.cs.princeton.edulisp-lang.orglists.llvm.orglists.sourceforge.netlivelovely.comlivescript.netllvm.orgllvmlite.pydata.orgllvmlite.readthedocs.iologtalk.orgluau-lang.orgluschny.delvdmaaten.github.iomacaulay2.commail.python.orgman7.orgmanpages.debian.orgmanual.cytoscape.orgmariadb.orgmarigoldmonodepth.github.iomath.berkeley.edumath.mit.edumath.stackexchange.commath.wvu.edumath24.netmathcs.clarku.edumathforum.orgmathworld.wolfram.commatplotlib.orgmatthewrocklin.commaxdb.sap.commaxima.sourceforge.netmc-stan.orgmcmc-jags.sourceforge.iomechanicalc.commedium.commemcached.orgmersenneforum.orgmesonbuild.commetacpan.orgmicrosoft.comminecraft.wikiminiscript.orgmips.commistralai.github.iomitpress.mit.edumlochbaum.github.iomodular.math.washington.edumoinmo.inmonte.readthedocs.iomoonscript.orgmpmath.orgmpqs.free.frmsdn.microsoft.commsp.orgmy-text-to-image.region.vendor.endpoints.huggingface.cloudmybinder.orgmypy.readthedocs.iomüller.denasm.usnats.ionbformat.readthedocs.orgndjson.orgndownloader.figshare.comnemerle.orgneo4j.comnestedtext.orgnetworkx.lanl.govnetworkx.orgnew-url.comnew.webhook.sitenewspeaklanguage.orgnginx.netnicolas.limare.netnim-lang.orgnineplanets.orgnitlanguage.orgnixos.orgnlp.stanford.edunodejs.orgnotmuchmail.orgnsis.sourceforge.netntrs.nasa.govnumba.pydata.orgnumba.readthedocs.ionumbers.computation.free.frnumexpr.readthedocs.ionumpy.orgnumpydoc.readthedocs.ionusmv.fbk.eunvlpubs.nist.govoai.endpoints.kepler.ai.cloud.ovh.netocaml.orgoeis.orgomoindrot.github.ioonlinelibrary.wiley.comonnxruntime.aiooc-lang.github.ioopalang.orgopenai.comopencobol.add1tocobol.comopenfeature.devopenopt.orgopenproceedings.orgopenreview.netopenscad.orgopensearch.orgopensource.orgopentelemetry.ioopenxla.orgoptuna.readthedocs.ioorgmode.orgosi-model.comother.compackages.msys2.orgpackaging.python.orgpaddle-model-ecology.bj.bcebos.compages.cs.wisc.edupandas.pydata.orgpapers.nips.ccparquet.apache.orgpaste.lisp.orgpastie.caboo.sepaulbourke.netpbs.twimg.compdfs.semanticscholar.orgpdg.lbl.govpendulum.eustace.iopeople.bath.ac.ukpeople.brandeis.edupeople.csail.mit.edupeople.dm.unipi.itpeople.eecs.berkeley.edupeople.math.sfu.capeople.sc.fsu.edupeps.python.orgperldoc.perl.orgpersonal.math.ubc.caphix.x10.mxpi.lacim.uqam.capig.apache.orgpike.lysator.liu.sepillow.readthedocs.iopint.readthedocs.iopip.repos.neuron.amazonaws.compkg.go.devplanetmath.orgplatform.openai.compluggy.readthedocs.ioportal.acm.orgpresbrey.mit.eduprimes.utm.eduproandroiddev.comproceedings.neurips.ccprogramminggeeks.comprojecteuclid.orgprojects.eclipse.orgprojects.scipy.orgprometheus.ioprotobuf.devprql-lang.orgpsysh.orgptls.devpub.ist.ac.atpublic.csusm.edupublic.ukp.informatik.tu-darmstadt.depublicsuffix.orgpugjs.orgpuppet.compushgateway.localpydantic-docs.helpmanual.iopyglet.orgpygments.orgpygraphviz.github.iopyinstaller.readthedocs.iopyo3.rspyos.github.iopyperclip.readthedocs.iopypi.orgpypi.python.orgpypip.inpython-devtools.helpmanual.iopython-lz4.readthedocs.iopython.livinglogic.depython.orgpytorch.orgpyyaml.orgqianwen-res.oss-cn-beijing.aliyuncs.comqlik.comqueue.fal.runqwenlm.github.ior-knott.surrey.ac.ukracket-lang.orgraw.githubusercontent.comreadthedocs.orgreasonml.github.ioredis.ioreference.wolfram.comreferencing.readthedocs.orgrefspecs.linuxfoundation.orgrelaxng.orgreports-archive.adm.cs.cmu.edurequests.readthedocs.ioresearcher.watson.ibm.comresolver.caltech.eduresources.wolframcloud.comrich.readthedocs.ioriverbed.comrob.schapire.netroboconf.github.iorobotframework.orgrosettacode.orgrouter.huggingface.corpm-software-management.github.iorrc.cvc.uab.esrussellfunk.orgrzimmerman.github.ios3.amazonaws.comsafetensors-convert.hf.spacesanssecours.github.iosariyuce.comsass-lang.comsbert.netscalate.fusesource.orgscalate.github.ioschemas.microsoft.comschorn.chscikit-image.orgscikit-learn.orgscipy-cookbook.readthedocs.ioscipy-lectures.orgscipy.orgscrapethis.comseaborn.pydata.orgsel4.systemssemver.orgserverfault.comsetuptools.pypa.ioshenlanguage.orgshex.iosierra.nmsu.edusites.cs.ucsb.eduskarnet.orgskops.readthedocs.ioskyciv.comslim-template.github.ioslsa.devsnowballstem.orgsoliditylang.orgsource.android.comsourceware.orgspec.commonmark.orgspecifications.freedesktop.orgspecifications.openehr.orgspecs.frictionlessdata.iospherelab.aisphinx-gallery.github.iospinroot.comssabook.gforge.inria.frssrg.nicta.com.austackoverflow.comstandards.ieee.orgstat.uw.edustats.stackexchange.comstatweb.stanford.edustorage.googleapis.comsuno-ai.notion.sitesupercollider.github.iosuperuser.comsupport.google.comsupport.sas.comsvnbook.red-bean.comswanlab.cnsympy.orgtact-lang.orgtango.freedesktop.orgteaching.csse.uwa.edu.autechnet.microsoft.comtest.pypi.orgtestanything.orgtestpypi.python.orgtex.stackexchange.comtexfaq.orgthrift.apache.orgthumbs.dreamstime.comtiddlywiki.comtikz.devtimeapi.iotinyurl.comtldp.orgtminka.github.iotodotxt.comtoken.actions.githubusercontent.comtoml.ioton-blockchain.github.iotools.ietf.orgtqdm.github.iotravis-ci.comtravis-ci.orgtreetop.rubyforge.orgtridao.metrino.iotruststore.readthedocs.iottssh2.osdn.jptug.orgtutorial.math.lamar.edutvm.apache.orgtwig.symfony.comtwitter.comtyper.tiangolo.comtyping.python.orgtypst.appu.math.biu.ac.ilunicode-org.github.iounlicense.orgupload.wikimedia.orgurllib3.readthedocs.ious3.php.netuser-images.githubusercontent.comusers.cecs.anu.edu.auusers.cs.dal.causers.iems.northwestern.eduusers.jyu.fiv1-30.docs.kubernetes.iovala.devvalidate-pyproject.readthedocs.iovassarstats.netvelocity.apache.orgverifpal.comvideolectures.netviews.scientific-python.orgvirustotal.github.iovis-www.cs.umass.eduvisualstudio.microsoft.comvlado.fmf.uni-lj.sivuejs.orgvyper.readthedocs.iow3c.github.ioweb.archive.orgweb.cs.elte.huweb.cs.wpi.eduweb.eecs.utk.eduweb.math.princeton.eduweb.mit.eduweb.stanford.eduwebassembly.github.iowebassembly.orgwebhook.sitewebsockets.readthedocs.iowhiley.orgwicg.github.iowiki.archlinux.orgwiki.debian.orgwiki.haskell.orgwiki.osdev.orgwiki.portal.chalmers.sewiki.secondlife.comwiki.ubuntu.comwiki.xxiivv.comwikipedia.orgwixtoolset.orgwowpedia.fandom.comwrapdb.mesonbuild.comwren.iowuecampus2.uni-wuerzburg.dewww-cs-faculty.stanford.eduwww-cs-students.stanford.eduwww-personal.umich.eduwww-sop.inria.frwww.aclweb.orgwww.actian.comwww.adaic.orgwww.adobe.comwww.aiml.informatik.tu-darmstadt.dewww.albmath.orgwww.algorithmic-solutions.infowww.alibabacloud.comwww.almaden.ibm.comwww.alpertron.com.arwww.ams.orgwww.analytictech.comwww.ansys.comwww.antlr.orgwww.apache.orgwww.apfloat.orgwww.apoioinformatica.inf.brwww.archlinux.orgwww.arxiv.orgwww.autohotkey.comwww.autoitscript.comwww.bbcbasic.co.ukwww.bbcode.orgwww.bernoulli.orgwww.bestofmedia.comwww.bramvandersanden.comwww.broadcom.comwww.brynosaurus.comwww.cappuccino.devwww.cecm.sfu.cawww.cheetahtemplate.orgwww.cl.cam.ac.ukwww.cockroachlabs.comwww.colm.netwww.columbia.eduwww.combinatorics.orgwww.comet.comwww.compuphase.comwww.coolmath.comwww.couchbase.comwww.cp.eng.chula.ac.thwww.crmarsh.comwww.cryptol.netwww.cs.cmu.eduwww.cs.cornell.eduwww.cs.hope.eduwww.cs.mcgill.cawww.cs.nyu.eduwww.cs.princeton.eduwww.cs.purdue.eduwww.cs.sfu.cawww.cs.technion.ac.ilwww.cs.toronto.eduwww.cs.ucl.ac.ukwww.cs.umd.eduwww.cs.uu.nlwww.cs.waikato.ac.nzwww.cse.msu.eduwww.csie.ntu.edu.twwww.ctan.orgwww.cybertester.comwww.dartmouth.eduwww.data-publica.comwww.dbs.ifi.lmu.dewww.debian.orgwww.deepmind.comwww.deepspeed.aiwww.devicetree.orgwww.di.ens.frwww.djangoproject.comwww.dms.umontreal.cawww.dtc.umn.eduwww.dvc.orgwww.eclipse.orgwww.ecma-international.orgwww.eecis.udel.eduwww.eecs.tufts.eduwww.eiffel.comwww.elastic.cowww.emba.uvm.eduwww.embarcadero.comwww.erlang.orgwww.euclideanspace.comwww.example.珠宝www.exelisvis.comwww.fantom.orgwww.felix-lang.orgwww.fico.comwww.fim.uni-passau.dewww.firebirdsql.orgwww.fordfoundation.orgwww.forth.comwww.freedesktop.orgwww.fstar-lang.orgwww.gap-system.orgwww.gaussianprocess.orgwww.gexf.netwww.github.comwww.gnu.orgwww.godbole.netwww.godotengine.orgwww.google.comwww.googleapis.comwww.grantjenks.comwww.graphdegeneracy.orgwww.graphviz.orgwww.gutenberg.orgwww.haskell.orgwww.hyperelliptic.orgwww.iana.orgwww.ibm.comwww.ics.uci.eduwww.idris-lang.orgwww.ietf.orgwww.ifp.illinois.eduwww.ilankelman.orgwww.indusoft.comwww.inference.org.ukwww.influxdata.comwww.informatik.uni-augsburg.dewww.instantdb.comwww.intel.comwww.intersystems.comwww.iso.orgwww.itiis.orgwww.itu.intwww.iucnredlist.orgwww.jmlr.orgwww.johndcook.comwww.johnlapeyre.comwww.jpr2718.orgwww.json.orgwww.jstatsoft.orgwww.jstor.orgwww.kernel.orgwww.khronos.orgwww.kxan.comwww.l3harrisgeospatial.comwww.lassosoft.comwww.libarchive.orgwww.logilab.orgwww.lua.orgwww.lulu.comwww.maa.orgwww.makotemplates.orgwww.maplesoft.comwww.mars.comwww.masonhq.comwww.math.colostate.eduwww.math.hmc.eduwww.math.ucsd.eduwww.math.upenn.eduwww.math.usm.eduwww.mathjax.orgwww.mathwave.comwww.mathworks.comwww.mcbe-dev.netwww.mcternan.me.ukwww.mdpi.comwww.media.mit.eduwww.mediawiki.orgwww.merriam-webster.comwww.microsoft.comwww.miketipping.comwww.mit.eduwww.mitpressjournals.orgwww.mlflow.orgwww.mlpack.orgwww.modelica.orgwww.modula2.orgwww.mongodb.comwww.monokai.nlwww.moo.mud.orgwww.mql5.comwww.mrc-bsu.cam.ac.ukwww.mupad.comwww.muppetlabs.comwww.myghty.orgwww.mysql.comwww.nature.comwww.ncbi.nlm.nih.govwww.ncl.ucar.eduwww.neilsloane.comwww.newlisp.orgwww.nordtheme.comwww.numbertheory.orgwww.numberworld.orgwww.oasis-open.orgwww.omg.orgwww.onlamp.comwww.openblas.netwww.openbugs.infowww.opendylan.orgwww.openehr.orgwww.openldap.orgwww.openml.orgwww.openpgp.orgwww.openpolicyagent.orgwww.opm.govwww.oracle.comwww.oreilly.comwww.paddleocr.aiwww.parasail-lang.orgwww.perl.orgwww.php.netwww.picloud.comwww.pnas.orgwww.polyu.edu.hkwww.ponylang.iowww.postgresql.orgwww.povray.orgwww.praat.orgwww.probabilitycourse.comwww.progress.comwww.proofwiki.orgwww.proquest.comwww.pyopenssl.orgwww.python-httpx.orgwww.python.orgwww.r-project.orgwww.radioeng.czwww.raku.orgwww.rebol.comwww.red-bean.comwww.red-lang.orgwww.reed.eduwww.regressive.orgwww.researchgate.netwww.rexxinfo.orgwww.rfc-base.orgwww.rfc-editor.orgwww.rieselprime.dewww.robots.ox.ac.ukwww.ruby-lang.orgwww.rubydoc.infowww.rust-lang.orgwww.santafe.eduwww.santofortunato.netwww.sap.comwww.sarl.iowww.sbert.netwww.scala-lang.orgwww.scheme-reports.orgwww.scielo.brwww.sciencedirect.comwww.scilab.orgwww.scipy.orgwww.scivision.devwww.smalltalk.orgwww.smarty.netwww.sparknotes.comwww.sphinx-doc.orgwww.spicelang.comwww.springer.comwww.sqlite.orgwww.squid-cache.orgwww.sri.comwww.stat.berkeley.eduwww.stat.rice.eduwww.stata.comwww.statemaster.comwww.stats.ox.ac.ukwww.statsmodels.orgwww.stixfonts.orgwww.swift.orgwww.swig.orgwww.sylabs.iowww.sympy.orgwww.systutorials.comwww.tads.orgwww.tandfonline.comwww.tcl.tkwww.tcsh.orgwww.tencentcloud.comwww.tensorflow.orgwww.teradata.comwww.terraform.iowww.textualize.iowww.thermoscientific.comwww.thingsdb.netwww.tsql.infowww.typescriptlang.orgwww.unicode.orgwww.unicon.orgwww.utstat.toronto.eduwww.value-at-risk.netwww.varnish-software.comwww.vim.orgwww.visual-prolog.comwww.vitanuova.comwww.w3.orgwww.wandb.comwww.wavemetrics.comwww.whatsmyua.infowww.win.tue.nlwww.wolfram.comwww.workwithcolor.comwww.wou.eduwww.x.orgwww.xact.eswww.xudongz.comwww.xyz.eduwww.yhat.comwww.yworks.comwww.zeek.orgwww.ziglang.orgwww2.asanet.orgwww2.cs.arizona.eduwww3.risc.jku.atwwwmaths.anu.edu.aux.comx10-lang.orgxarray.pydata.orgxlrd.readthedocs.ioxn--fiqs8s.icom.museumxy-pic.sourceforge.netyahoo.comyaml.orgyann.lecun.comzephir-lang.comziglang.org
</> First-Party Code
first-party (rust): router
rust first-party opentelemetry_otlp::new_exporter()
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
expand_more 63 low-confidence finding(s)
if let Ok(sha) = std::env::var("GIT_SHA") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(label) = std::env::var("DOCKER_LABEL") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!("Current text {:?}", self.text);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Loading template: {}", template_str);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Use default tool template: {}", use_default_tool_template);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("{err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("{err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Tokenization {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("{e}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("{err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Loaded a python tokenizer");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
std::fs::read_to_string(filename)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let content = std::fs::read_to_string(filename).ok()?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::read_to_string(filename)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let ansi = std::env::var("LOG_COLORIZE") != Ok("1".to_string());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let env_filter = if let Ok(log_level) = std::env::var(varname) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::debug!(
"Input: {}",
&req.inputs.chars().take(1000).collect::<String>()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Output: {}", output_text);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Success");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Input: {}", req.inputs);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Failed to send event. Receiver dropped.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Failed to get headers: {:?}", e);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Got chat_template {:?}", infer.chat_template);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("Odd tokenizer detected, falling back on legacy tokenization");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
std::fs::read_to_string(filename)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let authorization_token = std::env::var("HF_TOKEN")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.or_else(|_| std::env::var("HUGGING_FACE_HUB_TOKEN"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(cache_dir) = std::env::var("HUGGINGFACE_HUB_CACHE") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(origin) = std::env::var("HF_HUB_USER_AGENT_ORIGIN") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if std::env::var("HF_HUB_OFFLINE") == Ok("1".to_string()) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let cache = std::env::var("HUGGINGFACE_HUB_CACHE")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::warn!("Offline mode active using cache defaults");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Using the Hugging Face API");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("Unable to build the Hugging Face API");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("Could not retrieve model info from the Hugging Face hub.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Cache {cache:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
.and_then(|f| std::fs::read_to_string(f).ok())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::warn!("Could not parse chat template {e:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("Tokenizer_config {tokenizer_config_path:?} - {tokenizer_config_filename:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("Could not find tokenizer config locally and no API specified");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Using chat template from chat_template.json");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Failed to import python tokenizer {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
std::fs::read_to_string(filename)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::warn!("Could not parse config {err:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Using config {config:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let origin = std::env::var("HF_HUB_USER_AGENT_ORIGIN").ok();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::warn!("no pipeline tag found for model {tokenizer_name}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
std::env::var("AIP_HTTP_PORT")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::warn!("Invalid hostname, defaulting to 0.0.0.0");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
ComputeType(std::env::var("COMPUTE_TYPE").unwrap_or("gpu+optimized".to_string()));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!("Built with `google` feature");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(
"Environment variables `AIP_PREDICT_ROUTE` and `AIP_HEALTH_ROUTE` will be respected."
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
if let Ok(env_predict_route) = std::env::var("AIP_PREDICT_ROUTE") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(env_health_route) = std::env::var("AIP_HEALTH_ROUTE") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!("Built with `kserve` feature");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Connected");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Failed to bind to {addr}: {e}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(
"Serving revision {sha} of model {}",
hub_model_info.model_id
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let file = File::open(tokenizer_config_filename).ok()?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::warn!("Unable to parse tokenizer config: {}", e);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("signal received, starting graceful shutdown");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let _ = client
.post(TELEMETRY_URL)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let file = File::open(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (rust): backends/client
rust first-partyexpand_more 2 low-confidence finding(s)
tracing::error!("{err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("{err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
first-party (rust): backends/llamacpp
rust first-partyexpand_more 4 low-confidence finding(s)
let out_path = PathBuf::from(env::var("OUT_DIR").unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(cache_dir) = std::env::var("HUGGINGFACE_HUB_CACHE") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(token) = std::env::var("HF_TOKEN") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(origin) = std::env::var("HF_HUB_USER_AGENT_ORIGIN") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (rust): backends/trtllm
rust first-partyexpand_more 16 low-confidence finding(s)
let os = env::var("CARGO_CFG_TARGET_OS").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let env = env::var("CARGO_CFG_TARGET_ENV").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let build_profile = env::var("PROFILE").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let authorization_token = std::env::var("HF_TOKEN")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.or_else(|_| std::env::var("HUGGING_FACE_HUB_TOKEN"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(cache_dir) = std::env::var("HUGGINGFACE_HUB_CACHE") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(origin) = std::env::var("HF_HUB_USER_AGENT_ORIGIN") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if std::env::var("HF_HUB_OFFLINE") == Ok("1".to_string()) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let cache = std::env::var("HUGGINGFACE_HUB_CACHE")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::warn!("Offline mode active using cache defaults");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Using the Hugging Face API");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("Unable to build the Hugging Face API");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("Could not retrieve model info from the Hugging Face hub.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Failed to import python tokenizer {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
first-party (rust): backends/v2
rust first-partyexpand_more 18 low-confidence finding(s)
let attention = std::env::var("ATTENTION").unwrap_or("paged".to_string());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::error!("Entry response channel error.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("{err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("{err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("{err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("Model does not support automatic max batch total tokens");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(
"`--max-batch-total-tokens` is deprecated for Flash \
Attention models."
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(
"Inferred max batch total tokens: {max_supported_batch_total_tokens}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Warming up model");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Setting max batch total tokens to {max_batch_total_tokens}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Using backend V3");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("No queue");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Not enough entries");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("No capacity");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Dropping entry");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Over budget: prefill_tokens={prefill_tokens} > {prefill_token_budget} || {prefill_tokens} + {decode_tokens} + {} > {token_budget}", self.speculate);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Accepting entry");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Filtered out all entries");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
first-party (rust): backends/v3
rust first-partyexpand_more 30 low-confidence finding(s)
tracing::warn!("Model supports prefill chunking. `waiting_served_ratio` and `max_waiting_tokens` will be ignored.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Entry response channel error.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("{err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("{err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("{err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("Model does not support automatic max batch total tokens");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(
"`--max-batch-total-tokens` is deprecated for Flash \
Attention models."
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(
"Inferred max batch total tokens: {max_supported_batch_total_tokens}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Warming up model");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Setting max batch total tokens to {max_batch_total_tokens}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Using backend V3");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(
"Maximum input tokens defaulted to {}",
backend_info.max_input_tokens
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(
"Maximum total tokens defaulted to {}",
backend_info.max_total_tokens
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("No queue");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Not enough entries");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("No capacity");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Dropping entry");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Over budget: prefill_tokens={prefill_tokens} > {prefill_token_budget} || {prefill_tokens} + {decode_tokens} + {} > {token_budget}", self.speculate);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Over budget: not enough free blocks");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(
"Matched budget: prefill_tokens={} == {prefill_token_budget}",
prefill_tokens + postfix_len
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(
"Over budget: prefill_tokens={} > {prefill_token_budget}",
prefill_tokens + postfix_len
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Over budget: prefill_tokens={actual_prefill_tokens_for_hpu} > {prefill_token_budget}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Filterered out all entries");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(
"Free blocks {} need {n_blocks_needed}",
self.free_blocks.len()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Prefix {prefix_len} - Suffix {suffix_len}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Cannot allocate {:?}", self.cache_blocks);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Found {prefix_len} prefix tokens need {suffix_blocks} suffix blocks for {tokens} tokens");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Block size {}", self.block_size);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Evicting in search of {n_blocks}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("Evicting node {node_id:?} ");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
first-party (rust): benchmark
rust first-partyexpand_more 8 low-confidence finding(s)
tracing::info!("Loading tokenizer");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Found local tokenizer");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Downloading tokenizer");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let token = std::env::var("HF_TOKEN")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.or_else(|_| std::env::var("HUGGING_FACE_HUB_TOKEN"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!("Tokenizer loaded");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Connect to model server");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Connected");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
first-party (rust): launcher
rust first-partyexpand_more 80 low-confidence finding(s)
if let Ok(sha) = std::env::var("GIT_SHA") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(label) = std::env::var("DOCKER_LABEL") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::warn!("Ignoring negative GPU compute capabilities: {major}.{minor}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("Cannot determine GPU compute capability: {}", err);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(
"Max compute {} model compute {}",
human_size(f16_max_compute as usize, "flop"),
human_size(model_compute as usize, "flop")
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(
"Available vram {}: model needs {}, every tokens requires {}, maximum allocatable tokens {tokens_allowed}",
human_size(available, "B"),
human_size(model, "B"),
human_size(token_vram, "B"),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(
"Not enough VRAM to run the model: Available: {} - Model {}.",
human_size(available, "B"),
human_size(model, "B")
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
if let Ok(token) = std::env::var("HF_TOKEN") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(origin) = env::var("HF_HUB_USER_AGENT_ORIGIN") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let content = std::fs::read_to_string(filename)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut prefix_caching: Option<String> = std::env::var("PREFIX_CACHING").ok();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut attention: Option<String> = std::env::var("ATTENTION").ok();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!("Disabling prefix caching because of VLM model");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Disabling prefix caching because of seq2seq model");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Disabling prefix caching because of lora adapters");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(
"Forcing attention to '{fallback_attention}' because model {} requires it",
config.model_type.as_ref().unwrap()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Disabling prefix caching because it is not supported with 'paged' attention");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Forcing attention to '{fallback_attention}' because head dim is not supported by flashinfer, also disabling prefix caching");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Disabling prefix caching on paged attention");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let enable_hf_transfer = env::var("HF_HUB_ENABLE_HF_TRANSFER").unwrap_or("1".to_string());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(api_token) = env::var("HF_API_TOKEN") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!("Starting shard");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("text-generation-server not found in PATH");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Please install it with `make install-server`")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("{}", err);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Shard complete standard error output:\n{err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Shard process was signaled to shutdown with signal {signal}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Shard ready in {:?}", start_time.elapsed());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Waiting for shard to be ready...");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Shutting down shards");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let devices = match env::var("CUDA_VISIBLE_DEVICES") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Err(_) => match env::var("NVIDIA_VISIBLE_DEVICES") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Err(_) => env::var("ZE_AFFINITY_MASK").ok()?,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
PythonLogLevelEnum::Debug => tracing::debug!("{}", self.text.trim_end()),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
PythonLogLevelEnum::Info => tracing::info!("{}", self.text.trim_end()),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
PythonLogLevelEnum::Success => tracing::info!("{}", self.text.trim_end()),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
PythonLogLevelEnum::Warning => tracing::warn!("{}", self.text.trim_end()),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
PythonLogLevelEnum::Error => tracing::error!("{}", self.text.trim_end()),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
PythonLogLevelEnum::Critical => tracing::error!("{}", self.text.trim_end()),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Parsing num_shard from CUDA_VISIBLE_DEVICES/NVIDIA_VISIBLE_DEVICES/ZE_AFFINITY_MASK");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let enable_hf_transfer = env::var("HF_HUB_ENABLE_HF_TRANSFER").unwrap_or("1".to_string());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(api_token) = env::var("HF_API_TOKEN") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!("Starting check and download process for {model_id}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("text-generation-server not found in PATH");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Please install it with `make install-server`")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("{}", err);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Successfully downloaded weights for {model_id}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!(
"Download process was signaled to shutdown with signal {signal}: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Download encountered an error: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Shard {rank} failed to start");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Shard status channel disconnected");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("Unkown compute for card {card}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("Unexpected memory unit {unit}, expected MiB");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let wiggle_room: f32 = env::var("TGI_WIGGLE_ROOM")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!("Starting Webserver");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
if let Ok(api_token) = env::var("HF_API_TOKEN") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(compute_type) = env::var("COMPUTE_TYPE") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::error!("Failed to start webserver: {}", err);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("text-generation-router not found in PATH");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Please install it with `make install-router`")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("{}", err);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Terminating {process_name}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Waiting for {process_name} to gracefully shutdown");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("{process_name} terminated");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Killing {process_name}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("{process_name} killed");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let env_filter = if let Ok(log_level) = std::env::var(varname) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!("{}", env_runtime);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("{:#?}", args);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Using attention {attention} - Prefix caching {prefix_caching}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Sharding model on {num_shard} processes");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("Reducing the max batch prefill from {default} to {vram_maximum} because there is not enough VRAM to support it.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Default `max_batch_prefill_tokens` to {value}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("Bitsandbytes is deprecated, use `eetq` instead, which provides better latencies overall and is drop-in in most cases.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("Bitsandbytes doesn't work with cuda graphs, deactivating them");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("Exl2 doesn't work with cuda graphs, deactivating them");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Using default cuda graphs {cuda_graphs:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(
"`trust_remote_code` is set. Trusting that model `{}` do not contain malicious code.",
args.model_id
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Shard {rank} crashed");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Webserver Crashed");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
</> Dependencies
init-tracing-opentelemetry
rust dependency "http/protobuf" => opentelemetry_otlp::new_exporter()
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
"grpc/tls" => opentelemetry_otlp::new_exporter()
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
_ => opentelemetry_otlp::new_exporter()
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
expand_more 18 low-confidence finding(s)
std::env::var("OTEL_PROPAGATORS").unwrap_or_else(|_| "tracecontext,baggage".to_string());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::debug!(target: "otel::setup", OTEL_PROPAGATORS = propagators_name.join(","));
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(target: "otel::setup", OTEL_EXPORTER_OTLP_TRACES_ENDPOINT = endpoint);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(target: "otel::setup", OTEL_EXPORTER_OTLP_TRACES_PROTOCOL = protocol);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let maybe_endpoint = std::env::var("OTEL_EXPORTER_OTLP_TRACES_ENDPOINT")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.or_else(|_| std::env::var("OTEL_EXPORTER_OTLP_ENDPOINT"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let maybe_protocol = std::env::var("OTEL_EXPORTER_OTLP_TRACES_PROTOCOL")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.or_else(|_| std::env::var("OTEL_EXPORTER_OTLP_PROTOCOL"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut name = std::env::var("OTEL_TRACES_SAMPLER")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::debug!(target: "otel::setup", OTEL_TRACES_SAMPLER = ?name);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let v = std::env::var("OTEL_TRACES_SAMPLER_ARG")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::debug!(target: "otel::setup", OTEL_TRACES_SAMPLER_ARG = ?v);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
|kv| tracing::debug!(target: "otel::setup::resource", key = %kv.0, value = %kv.1),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let service_name = std::env::var("OTEL_SERVICE_NAME")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.or_else(|_| std::env::var("SERVICE_NAME"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.or_else(|_| std::env::var("APP_NAME"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let service_version = std::env::var("SERVICE_VERSION")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.or_else(|_| std::env::var("APP_VERSION"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing-opentelemetry
rust dependency .with_exporter(opentelemetry_otlp::new_exporter().tonic())
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
expand_more 14 low-confidence finding(s)
tracing::info!(key_1 = "va", "msg");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(key_1 = "va", "msg");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(monotonic_counter.c1 = 1, "msg");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(monotonic_counter.c1 = 1, monotonic_counter.c2 = 1, "msg");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(
monotonic_counter.c1 = 1,
monotonic_counter.c2 = 1,
monotonic_counter.c3 = 1,
monotonic_counter.c4 = 1,
"msg"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(
monotonic_counter.c1 = 1,
monotonic_counter.c2 = 1,
monotonic_counter.c3 = 1,
monotonic_counter.c4 = 1,
monotonic_counter.c5 = 1,
monotonic_counter.c6 = 1,
monotonic_counter.c7 = 1,
monotonic_counter.c8 = 1,
"msg"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(monotonic_counter.c1 = 1, key_1 = 1_i64, "msg");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(
monotonic_counter.c1 = 1,
key_1 = 1_i64,
key_2 = 1_i64,
"msg"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(
monotonic_counter.c1 = 1,
key_1 = 1_i64,
key_2 = 1_i64,
key_3 = 1_i64,
key_4 = 1_i64,
"msg"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(
monotonic_counter.c1 = 1,
key_1 = 1_i64,
key_2 = 1_i64,
key_3 = 1_i64,
key_4 = 1_i64,
key_5 = 1_i64,
key_6 = 1_i64,
key_7 = 1_i64,
key_8 = 1_i64,
"msg"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(
monotonic_counter.foo = 1_u64,
key_1 = "bar",
key_2 = 10,
"handle foo",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(histogram.baz = 10, "histogram example",);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!(
error = &err as &(dyn std::error::Error + 'static),
"request error!"
)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(key = "val", "foo");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
anyhow
rust dependencyexpand_more 9 low-confidence finding(s)
} else if let Some(rustc_bootstrap) = env::var_os("RUSTC_BOOTSTRAP") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if env::var_os("RUSTC_STAGE").is_some() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let rustc_wrapper = env::var_os("RUSTC_WRAPPER").filter(|wrapper| !wrapper.is_empty());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var_os("RUSTC_WORKSPACE_WRAPPER").filter(|wrapper| !wrapper.is_empty());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Some(target) = env::var_os("TARGET") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(rustflags) = env::var("CARGO_ENCODED_RUSTFLAGS") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var_os(key).unwrap_or_else(|| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let enabled = match env::var_os("RUST_LIB_BACKTRACE") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
None => match env::var_os("RUST_BACKTRACE") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
axum
rust dependencyexpand_more 3 low-confidence finding(s)
std::env::var("GITHUB_ACTIONS").is_ok()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let req = Request::post("http://example.com/test")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let req = Request::post("http://example.com/test")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
base64
rust dependencyexpand_more 1 low-confidence finding(s)
Some(f) => Box::new(File::open(f).unwrap()),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
chrono
rust dependencyexpand_more 9 low-confidence finding(s)
return Self::from_tz_data(&fs::read("/etc/localtime")?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return Ok(File::open(path)?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return Ok(File::open(path)?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(file) = File::open(PathBuf::from(folder).join(path)) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
match File::open(TZDATA_PATH) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(tz) = std::env::var("TZ") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let bytes = fs::read(format!("{}/{}", TZDB_LOCATION, tz_name)).ok()?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let env_tz = env::var("TZ").ok();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let env_tz = env::var("TZ").ok();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
clap
rust dependencyexpand_more 3 low-confidence finding(s)
let mut file = match File::create(out_dir.join(file_name)) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.v.env = Some((name, env::var_os(name)));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var("TERM").ok() == Some(String::from("dumb"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
csv
rust dependencyexpand_more 3 low-confidence finding(s)
let file = File::open(file_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Ok(Reader::new(self, File::open(path)?))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Ok(Writer::new(self, File::create(path)?))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
cxx
rust dependencyexpand_more 3 low-confidence finding(s)
let manifest_dir_opt = env::var_os("CARGO_MANIFEST_DIR").map(PathBuf::from);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let rustc = env::var_os("RUSTC")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Some(out_dir) = env::var_os("OUT_DIR") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
hf-hub
rust dependencyexpand_more 12 low-confidence finding(s)
let mut file = std::fs::File::create(&filename)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let val = Sha256::digest(std::fs::read(&*downloaded_path).unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let val = Sha256::digest(std::fs::read(&*downloaded_path).unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let val = Sha256::digest(std::fs::read(&*downloaded_path).unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let val = Sha256::digest(std::fs::read(&*downloaded_path).unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let val = Sha256::digest(std::fs::read(&*downloaded_path).unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::info!("Token file not found {token_filename:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
match std::fs::read_to_string(token_filename) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let commit_hash = std::fs::read_to_string(commit_path).ok()?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut path = match std::env::var("HF_HOME") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(hf_home) = std::env::var("HF_HOME") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(hf_home) = std::env::var("HF_HOME") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
hf-xet
rust dependencyexpand_more 179 low-confidence finding(s)
fs::File::create(&flame_path).inspect_err(|e| eprintln!("Profiler: Error writing flamegraph file: {e:?}"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::File::create(pb_path).inspect_err(|e| eprintln!("Profiler: Failed opening pperf out file: {e:?}"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::warn!("abort() failed during __exit__ exception path: {e}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(id = self.inner.id().0, error = ?e, "PyXetFileDownloadGroup progress thread join failed");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("abort() failed during __exit__ exception path: {e}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(id = self.inner.id().0, error = ?e, "PyXetUploadCommit progress thread join failed");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
.upload_shard(std::fs::read(&new_shard_path).unwrap().into(), permit)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
MDBShardInfo::filter_cas_chunks_for_global_dedup(&mut std::fs::File::open(&new_shard_path).unwrap()).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.upload_shard(std::fs::read(&shard_path).unwrap().into(), permit)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
MDBShardInfo::filter_cas_chunks_for_global_dedup(&mut std::fs::File::open(&shard_path).unwrap()).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let shard_bytes = std::fs::read(&path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let shard_bytes = std::fs::read(&shard_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open(&file_path).map_err(|_| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open(&file_path).map_err(|_| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
match File::open(file_path) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let Ok(file) = File::open(&file_path) else {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::open(&file_path).map_err(|_| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = std::fs::read(&file_path).map_err(|_| ClientError::XORBNotFound(*hash))?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open(&file_path).map_err(|_| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = std::fs::read(&path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let shard_bytes = std::fs::read(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let shard_bytes = std::fs::read(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut shard_file = File::open(&shard_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::open(&shard_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::open(&file_path).map_err(|_| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return Ok(Some(std::fs::read(filename)?.into()));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let shard_bytes = std::fs::read(filename)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let written_shard_bytes = std::fs::read(&shard_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::open(&file_path).map_err(|_| ClientError::XORBNotFound(MerkleHash::default()))?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open(&file_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!("Starting local CAS server with config: {:?}", config);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Storage mode: in-memory");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Storage mode: disk-backed");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Data directory: {:?}", config.data_directory);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Listening on: {}:{}", config.host, config.port);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Local CAS server listening on {}", addr);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Local CAS server listening on {}", addr);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Testing with in-memory storage");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Testing with disk-backed storage");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(
"simulation config apply failed: config={} value={} attempt={}/{} status={} body={}",
config_name,
config_value,
attempt,
CONFIG_POST_MAX_ATTEMPTS,
status,
body
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(
"simulation config apply retrying: config={} value={} attempt={}/{} status={} body={}",
config_name,
config_value,
attempt,
CONFIG_POST_MAX_ATTEMPTS,
status,
body
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(
"simulation config apply failed after retries: config={} value={} attempt={}/{} error={}",
config_name,
config_value,
attempt,
CONFIG_POST_MAX_ATTEMPTS,
error
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(
"simulation config apply retrying after transport error: config={} value={} attempt={}/{} error={}",
config_name,
config_value,
attempt,
CONFIG_POST_MAX_ATTEMPTS,
error
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!(error = %e, "bandwidth proxy accept loop failed");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!(error = %e, "bandwidth proxy accept loop failed");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Testing with in-memory storage");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("Testing with disk-backed storage");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
std::fs::File::create(&socket_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = match File::open(&path) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let Ok(mut file) = File::open(path) else {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut test_request = client.get("https://example.com/api/data").build().unwrap();
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut test_request = client.get("http://example.com/api/data").build().unwrap();
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut test_request = client
.get("https://example.com:8443/path/to/resource?query=value&foo=bar")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut reader = BufReader::new(File::open(path)?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut disk_union_reader = BufReader::new(File::open(&disk_union_path)?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut disk_difference_reader = BufReader::new(File::open(&disk_difference_path)?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
MDBShardInfo::load_from_reader(&mut File::open(path)?)?.print_report();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let reader = File::open(&self.path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut f = std::fs::File::open(&path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::File::open(&self.path)?.read_exact(buffer)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Ok(BufReader::with_capacity(2048, std::fs::File::open(&self.path)?))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::File::create(&dest_file_name).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Box::new(File::open(file_path).unwrap())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Box::new(BufWriter::new(File::create(save).unwrap()))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Box::new(BufReader::new(File::open(path).unwrap()))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Box::new(File::create(path).unwrap())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Some(path) => Box::new(BufReader::new(File::open(path).unwrap())),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
(false, Some(path)) => Box::new(File::create(path).unwrap()),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file_data = std::fs::read(&file_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file_data = std::fs::read(&file_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file_data = std::fs::read(&file_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&file_path, vec![0u8; file_len as usize]).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let reconstructed = std::fs::read(&file_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&file_path, &pattern).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let result = std::fs::read(&file_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::warn!("chunk cache put failed: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let file_reader = File::open(&arg.file)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Some(path) => Box::new(File::open(path)?),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut reader = File::open(&filename)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut reader = File::open(&filename)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&file_path, b"").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&file_path, content).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&file_path, &content).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&file1_path, b"First file content").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&file2_path, b"Second file content").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&file_path, &content).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
write(&out_path, vec![0u8; original_data.len()]).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let result = read(&out_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
write(&out_path, vec![0u8; original_data.len()]).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let result = read(&out_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = std::fs::File::create(&out_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = std::fs::File::create(&out_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = std::fs::File::create(&out_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = std::fs::File::create(&out_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = std::fs::File::create(&out_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = std::fs::File::create(&out_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = std::fs::File::create(&out_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut reader = File::open(&file_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut reader = File::open(file_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut reader = File::open(pointer_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
write(&original_path, original_data).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let result_data = read(hydrated_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let downloaded = std::fs::read(&out_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::read(&out).unwrap()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::open(&si.path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::warn!(error = ?e, "global dedup query failed");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let mut file = File::create(path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::create(path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
File::open(&path1).unwrap().read_to_end(&mut buf1).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
File::open(&path2).unwrap().read_to_end(&mut buf2).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(out_file, pf.as_pointer_file().unwrap().as_bytes()).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(self.ptr_dir.join(files[i].file_name().unwrap()), serde_json::to_string(&xf).unwrap())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let xf: XetFileInfo = serde_json::from_reader(File::open(entry.path()).unwrap()).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let xf: XetFileInfo = serde_json::from_reader(File::open(entry.path()).unwrap()).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let out_file = File::create(&out_filename).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let xf: XetFileInfo = serde_json::from_reader(File::open(entry.path()).unwrap()).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::create(&out_filename).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write("upload_metadata.json", serde_json::to_string_pretty(&uploads_vec)?)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let metadata: Vec<XetFileMetadata> = serde_json::from_str(&std::fs::read_to_string(metadata_file)?)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write("upload_metadata.json", serde_json::to_string_pretty(&uploads_vec)?)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let metadata: Vec<XetFileMetadata> = serde_json::from_str(&std::fs::read_to_string(metadata_file)?)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
File::create(output_path).with_context(|| format!("failed to create {}", output_path.display()))?
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&src, content).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&dest, vec![0xFFu8; 2048]).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let out = std::fs::read(&dest).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&dest, vec![0u8; 1024]).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let out = std::fs::read(&dest).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let content = std::fs::read(&dest).unwrap_or_default();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
resolve_endpoint(self.endpoint.as_deref(), std::env::var("HF_ENDPOINT").ok().as_deref())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
resolve_token(self.token.as_deref(), std::env::var("HF_TOKEN").ok().as_deref())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(output_path, json)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&src, b"hello xet world").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&path, format!("content for file {i}").as_bytes()).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&src, b"sha256 test data").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&src, b"json output test").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&json_path, &json).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let parsed: Vec<XetFileMetadata> = serde_json::from_str(&std::fs::read_to_string(&json_path).unwrap()).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::error!(task_id = %task_id, err = %e, "Download task failed");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
std::fs::write(&src, data).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&src, b"path metadata").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&src, data)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&src, data)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(cache) = env::var("HF_XET_CACHE") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
} else if let Ok(hf_home) = env::var("HF_HOME") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
} else if let Ok(xdg_cache_home) = env::var("XDG_CACHE_HOME") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(val) = std::env::var("TOKIO_WORKER_THREADS") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::error!("Panic reported on xet worker task: {err:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
File::create(&file_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut perms = File::open(&file_path).unwrap().metadata().unwrap().permissions();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let src_file = File::create(&src_file_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let updated_metadata = File::open(file_path).unwrap().metadata().unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let src_metadata = File::open(src_file_path).unwrap().metadata().unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::create(&file_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let src_file = File::create(&src_file_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::create(&file_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let src_file = File::create(&src_file_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
File::create(&file_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut perms = File::open(&file_path).unwrap().metadata().unwrap().permissions();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let src_file = File::create(&src_file_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let updated_metadata = File::open(file_path).unwrap().metadata().unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let src_metadata = File::open(src_file_path).unwrap().metadata().unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let test_path = std::env::var("HF_XET_TEST_PATH")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let test_path = std::env::var("HF_XET_TEST_PATH")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let test_path = std::env::var("HF_XET_TEST_PATH")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let test_path = std::env::var("HF_XET_TEST_PATH")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
File::open(&dest_path).unwrap().read_to_string(&mut contents).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
File::open(&dest_path).unwrap().read_to_string(&mut contents).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::create(&dest_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
File::open(&dest_path).unwrap().read_to_string(&mut contents).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
File::open(&dest_path).unwrap().read_to_string(&mut contents).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
File::open(&dest_path).unwrap().read_to_string(&mut contents).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::create(&dest_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
File::open(&dest_path).unwrap().read_to_string(&mut contents).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&path, [])?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let log_reader = BufReader::new(File::open(log_path.as_path())?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let log_reader = BufReader::new(File::open(log_path.as_path())?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(val) = std::env::var("HF_XET_HIGH_PERFORMANCE") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
} else if let Ok(val) = std::env::var("HF_XET_HP") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let prev = env::var(key).ok();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
image
rust dependencyexpand_more 13 low-confidence finding(s)
let buf = fs::read(path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::create("temp.bmp").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
BufReader::new(std::fs::File::open("tests/images/bmp/images/Core_8_Bit.bmp").unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut data = std::fs::read(&path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = fs::read("tests/images/jpg/portrait_2.jpg").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
read_as_rgba_image(BufReader::new(File::open(path)?))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
read_as_rgb_image(BufReader::new(File::open(path)?))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
HdrDecoder::new(BufReader::new(File::open(reference_path).unwrap())).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::File::open("tests/images/png/bugfixes/debug_triangle_corners_widescreen.png")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::read("tests/images/png/bugfixes/debug_triangle_corners_widescreen.png")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let decoder = QoiDecoder::new(File::open("tests/images/qoi/basic-test.qoi").unwrap())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let buffered_file_write = &mut BufWriter::new(File::create(path)?); // always seekable
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
inner: BufReader::new(File::open(path)?),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
jiter
rust dependencyexpand_more 2 low-confidence finding(s)
let mut file = File::open(path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::open(path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
jsonschema
rust dependencyexpand_more 2 low-confidence finding(s)
let file = std::fs::File::open(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::open(path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
minijinja
rust dependencyexpand_more 1 low-confidence finding(s)
match fs::read_to_string(path) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
ngrok
rust dependencyexpand_more 6 low-confidence finding(s)
.with_env_filter(std::env::var("RUST_LOG").unwrap_or_default())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.with_env_filter(std::env::var("RUST_LOG").unwrap_or_else(|_| "info".into()))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::debug!(?status);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(?err_str);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(?err_str);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
self.authtoken = env::var("NGROK_AUTHTOKEN").ok().map(From::from);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
num_cpus
rust dependencyexpand_more 2 low-confidence finding(s)
::std::env::var(name).ok().map(|val| val.parse().unwrap())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = match File::open("/proc/cpuinfo") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
opentelemetry-otlp
rust dependencyexpand_more 11 low-confidence finding(s)
let protocol = match std::env::var(OTEL_EXPORTER_OTLP_PROTOCOL)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let endpoint = match std::env::var(OTEL_EXPORTER_OTLP_ENDPOINT) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let timeout = match std::env::var(OTEL_EXPORTER_OTLP_TIMEOUT) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
} else if let Ok(compression) = std::env::var(env_override) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
} else if let Ok(compression) = std::env::var(OTEL_EXPORTER_OTLP_COMPRESSION) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let endpoint = match std::env::var(OTEL_EXPORTER_OTLP_METRICS_ENDPOINT) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let _timeout = match std::env::var(OTEL_EXPORTER_OTLP_METRICS_TIMEOUT) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let _endpoint = match std::env::var(OTEL_EXPORTER_OTLP_METRICS_ENDPOINT) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let _timeout = match std::env::var(OTEL_EXPORTER_OTLP_METRICS_TIMEOUT) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let endpoint_str = match std::env::var(OTEL_EXPORTER_OTLP_TRACES_ENDPOINT) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let _timeout = match std::env::var(OTEL_EXPORTER_OTLP_TRACES_TIMEOUT) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
pydantic-core
rust dependencyexpand_more 4 low-confidence finding(s)
env::var("PYTHON")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if std::env::var("RUSTFLAGS")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
match std::env::var_os("PYDANTIC_ERRORS_OMIT_URL") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
None => match std::env::var("PYDANTIC_ERRORS_INCLUDE_URL") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
ratatui
rust dependencyexpand_more 2 low-confidence finding(s)
let token = std::env::var("GITHUB_TOKEN")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::create("tracing.log").wrap_err("failed to create tracing.log")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
reqwest
rust dependencyexpand_more 49 low-confidence finding(s)
let response = reqwest::Client::new()
.post("http://www.baidu.com")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let echo_json: serde_json::Value = reqwest::Client::new()
.post("https://jsonplaceholder.typicode.com/posts")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let new_post: Post = reqwest::Client::new()
.post("https://jsonplaceholder.typicode.com/posts")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let res = client.get("https://check.torproject.org").send().await?;
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
log::warn!(
"rustls failed to parse DER certificate {err:?} {cert:?}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let r = client.get(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.get(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.get(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.get(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let req = client
.get("https://hyper.rs")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let req = client
.get(some_url)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let builder = client
.post("http://httpbin.org/post")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let builder = client.get("http://httpbin.org/get");
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let builder = client
.get("http://httpbin.org/get")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let req = client.get(some_url).build().expect("request build");
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
client.get("http://example.com")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let file = File::open(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let r = client.get(some_url).build().unwrap();
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.post(some_url).build().unwrap();
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.put(some_url).build().unwrap();
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.post(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.post(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.post(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.post(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut r = client.get(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut r = client.get(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut r = client.get(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut r = client.get(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.post(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.post(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.post(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let req = client
.get("https://hyper.rs")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let req = client
.get(some_url)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let req = client.get(some_url).build().expect("request build");
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
log::debug!("proxy({proxy_scheme:?}) intercepts '{dst:?}'");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("starting new connection: {dst:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("tunnel to {host}:{port} using basic auth");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let raw = env::var("NO_PROXY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.or_else(|_| env::var("no_proxy"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if log::log_enabled!(log::Level::Warn) && env::var_os("HTTP_PROXY").is_some() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!("HTTP_PROXY environment variable ignored in CGI");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
if let Ok(val) = env::var(var) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var_os("REQUEST_METHOD").is_some()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let orig_val = env::var(&name).ok();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut req = client
.get("https://www.example.com")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut req = client
.get("https://www.example.com")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut req2 = client
.get("https://www.example.com/x")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut req = client
.get("https://www.example.com")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut req2 = client
.get("https://www.example.com")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
safetensors
rust dependencyexpand_more 8 low-confidence finding(s)
let file = File::open(&filename).map_err(|_| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&filename, out).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let raw = std::fs::read(&filename).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let raw = std::fs::read(&filename).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = std::fs::File::open(&filename).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let raw = std::fs::read(&filename).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut f = std::io::BufWriter::new(std::fs::File::create(filename).unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let reloaded = std::fs::read(filename).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
serde
rust dependencyexpand_more 2 low-confidence finding(s)
let target = env::var("TARGET").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let rustc = env::var_os("RUSTC")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
serde_json
rust dependencyexpand_more 2 low-confidence finding(s)
let target_arch = env::var_os("CARGO_CFG_TARGET_ARCH").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let target_pointer_width = env::var_os("CARGO_CFG_TARGET_POINTER_WIDTH").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
sysinfo
rust dependencyexpand_more 21 low-confidence finding(s)
if std::env::var("APPLE_CI").is_err() && std::env::var("FREEBSD_CI").is_err() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let _ = File::open("/etc/group").and_then(|mut f| f.read_to_string(&mut s));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut f = File::open(file).ok()?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut f = File::open(file).ok()?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let f = match File::open("/proc/stat") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if File::open(format!(
"/sys/devices/system/cpu/cpu{cpu_core_index}/cpufreq/scaling_cur_freq",
))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if File::open("/proc/cpuinfo")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Err(_e) = File::open("/proc/cpuinfo").and_then(|mut f| f.read_to_string(&mut s)) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if File::open("/proc/cpuinfo")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(mut f) = File::open(parent.as_ref().join(path)) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::open(path.join("stat")).map_err(|_| ())?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = match File::open(path) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
match File::open(entry) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(buf) = File::open("/proc/stat").and_then(|mut f| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if File::open("/proc/loadavg")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(buf) = File::open(path).and_then(|mut f| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let buf = File::open(fallback_path)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(
&tmp1,
r#"NAME="Ubuntu"
VERSION="20.10 (Groovy Gorilla)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.10"
VERSION_ID="20.10"
VERSION_CODENAME=groovy
UBUNTU_CODENAME=groovy
"#,
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(
&tmp2,
r#"DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.10
DISTRIB_CODENAME=groovy
DISTRIB_DESCRIPTION="Ubuntu 20.10"
"#,
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::open(file_path.as_ref())?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let _ = File::open("/etc/passwd").and_then(|mut f| f.read_to_string(&mut s));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tabled
rust dependencyexpand_more 1 low-confidence finding(s)
let file = std::fs::File::open(path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
thiserror
rust dependencyexpand_more 7 low-confidence finding(s)
} else if let Some(rustc_bootstrap) = env::var_os("RUSTC_BOOTSTRAP") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if env::var_os("RUSTC_STAGE").is_some() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let rustc_wrapper = env::var_os("RUSTC_WRAPPER").filter(|wrapper| !wrapper.is_empty());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var_os("RUSTC_WORKSPACE_WRAPPER").filter(|wrapper| !wrapper.is_empty());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Some(target) = env::var_os("TARGET") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(rustflags) = env::var("CARGO_ENCODED_RUSTFLAGS") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var_os(key).unwrap_or_else(|| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tokenizers
rust dependencyexpand_more 52 low-confidence finding(s)
let data = std::fs::read_to_string("data/big.txt").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
for line in BufReader::new(File::open(Path::new("data/big.txt")).unwrap()).lines() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = std::fs::read_to_string("data/small.txt").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = std::fs::read_to_string("data/big.txt").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = std::fs::read_to_string("data/big.txt").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = std::fs::read_to_string("data/small.txt").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = std::fs::read_to_string("data/big.txt").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = std::fs::read_to_string("data/big.txt").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let roberta_json = std::fs::read_to_string("data/roberta.json").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = std::fs::read_to_string("data/small.txt").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
for line in BufReader::new(File::open(Path::new("data/big.txt")).unwrap()).lines() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = std::fs::read_to_string("data/big.txt").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = std::fs::read_to_string("data/big.txt").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = std::fs::read_to_string("data/big.txt").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = std::fs::read_to_string("data/big.txt")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let vocab_file = File::open(vocab)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let merge_file = File::open(merges)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut vocab_file = File::create(&vocab_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut merges_file = File::create(&merges_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let string = read_to_string(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&fullpath, string)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let vocab_file = File::open(vocab_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut vocab_file = File::create(&vocab_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open(vocab)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut vocab_file = File::create(&vocab_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
len += File::open(file)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
match File::open(filename) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::create(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::env::var(ENV_VARIABLE).is_ok() || get_override_parallelism().is_some()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
match std::env::var(ENV_VARIABLE) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
for line in BufReader::new(File::open(Path::new("data/big.txt")).unwrap()).lines() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
for line in BufReader::new(File::open(Path::new("data/big.txt")).unwrap()).lines() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
for line in BufReader::new(File::open(Path::new("data/big.txt")).unwrap()).lines() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = std::fs::read_to_string("data/big.txt").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let content = read_to_string("data/small.txt").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let content = read_to_string("data/big.txt").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = std::fs::read_to_string("data/big.txt")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let vocab_file = File::open(vocab)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let merge_file = File::open(merges)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut vocab_file = File::create(&vocab_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut merges_file = File::create(&merges_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let string = read_to_string(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&fullpath, string)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let vocab_file = File::open(vocab_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut vocab_file = File::create(&vocab_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open(vocab)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut vocab_file = File::create(&vocab_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
len += File::open(file)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
match File::open(filename) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::create(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::env::var(ENV_VARIABLE).is_ok() || get_override_parallelism().is_some()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
match std::env::var(ENV_VARIABLE) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tokio
rust dependencyexpand_more 6 low-confidence finding(s)
let std = asyncify(|| StdFile::open(path)).await?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let std_file = asyncify(move || StdFile::create(path)).await?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
asyncify(move || std::fs::read(path)).await
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
asyncify(move || std::fs::read_to_string(path)).await
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
asyncify(move || std::fs::write(path, contents)).await
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
match std::env::var(ENV_WORKER_THREADS) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tonic
rust dependencyexpand_more 2 low-confidence finding(s)
tracing::debug!("reconnect::poll_ready: {:?}", error);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("error: {}", error);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tower
rust dependencyexpand_more 4 low-confidence finding(s)
tracing::info!("using {}", c);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("buffer closing; waking pending tasks");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(service.ready = true, message = "processing request");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!({ %error }, "service failed");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tower-http
rust dependencyexpand_more 14 low-confidence finding(s)
tracing::error!("Service panicked: {}", s);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("Service panicked: {}", s);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!(
"Service panicked but `CatchPanic` was unable to downcast the panic info"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let file = File::open("Cargo.toml").await.expect("file missing");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::error!(error = %err, "Failed to read file");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
match (File::open(&path).await, encoding) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let contents = std::fs::read_to_string("../README.md").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let contents = std::fs::read_to_string("../README.md").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let contents = std::fs::read_to_string("Cargo.toml").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file_contents = std::fs::read("../README.md").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file_contents = std::fs::read("../README.md").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file_contents = std::fs::read("../README.md").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file_contents = std::fs::read("../README.md").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let contents = std::fs::read_to_string("../README.md").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing
rust dependencyexpand_more 1 low-confidence finding(s)
b.iter(|| tracing::info!("hello world!"))
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing-subscriber
rust dependencyexpand_more 113 low-confidence finding(s)
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(target: "foo", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(target: "foo", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(target: "foo", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(target: "foo", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let var = env::var(self.env_var_name()).unwrap_or_default();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let var = env::var(self.env_var_name()).unwrap_or_default();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let var = env::var(self.env_var_name())?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let ansi = cfg!(feature = "ansi") && env::var("NO_COLOR").map_or(true, |v| v.is_empty());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!(?AlwaysError);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(?AlwaysError);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "writer2", "hello writer2!");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(target: "writer1", "hello writer1!");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let _saved_no_color = RestoreEnvVar(env::var(NO_COLOR));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!("some json test");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("some json test");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("some json test");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("some json test");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("some json test");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("some json test");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("some json test");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("some json test");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("an event outside the root span");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("an event inside the root span");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hello");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hello");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hello");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hello");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(parent: &span2, "hello");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hello");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(parent: &span2, "hello");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hello");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let targets = match env::var("RUST_LOG") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!("no span");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(parent: &parent, "explicit span");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("contextual span");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
ureq
rust dependencyexpand_more 11 low-confidence finding(s)
agent.get("https://httpbin.org/bytes/123").call()?;
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
agent.get("https://httpbin.org/bytes/123").call()?;
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let _response = agent.get("https://httpbin.org/").call();
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let result = agent.get("https://www.google.com/").call();
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let file = std::fs::File::open(args.nth(1).unwrap())?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let response1 = agent1.get("https://httpbin.org/get").call().unwrap();
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let response2 = agent2.get("https://httpbin.org/get").call().unwrap();
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let resp = agent.get("http://www.google.com/").call().unwrap();
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let resp = agent.get("https://www.google.com/").call().unwrap();
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let resp = agent.get("https://www.google.com/").call().unwrap();
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
crate::agent()
.post("http://example.com")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
utoipa-swagger-ui
rust dependencyexpand_more 5 low-confidence finding(s)
let target_dir = env::var("OUT_DIR").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let swagger_ui_zip = File::open(
["res", &format!("{SWAGGER_UI_DIST_ZIP}.zip")]
.iter()
.collect::<PathBuf>(),
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut swagger_initializer = fs::read_to_string(&path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(&path, replaced_swagger_initializer.as_ref()).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(&path, &contents).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Skipped dependencies
Production
- pillow prod — sdist exceeds byte cap
- scipy prod — sdist exceeds byte cap
- bitsandbytes prod — no sdist (wheels only)
- torch prod — no sdist (wheels only)
- torchvision prod — no sdist (wheels only)
- triton prod — no sdist (wheels only)
- text-generation-client prod — cdn 403
- text-generation-router prod — cdn 403
- grpc-metadata prod — cdn 403