Skip to content

Tried splitting code to components to make it easier #94

Closed
ishita230702 wants to merge 0 commit intoRedback-Operations:mainfrom
ishita230702:main
Closed

Tried splitting code to components to make it easier #94
ishita230702 wants to merge 0 commit intoRedback-Operations:mainfrom
ishita230702:main

Conversation

@ishita230702
Copy link
Contributor

@ishita230702 ishita230702 commented Sep 13, 2025

No description provided.

@github-actions
Copy link

github-actions bot commented Sep 13, 2025

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2025-09-13 04:07:42.374151

Test results:
>> Issue: [B403:blacklist] Consider possible security implications associated with load module.
   Severity: Low   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b403-import-pickle
   Location: ./Player_Tracking/DataLogisticsPipeline/Models_analysis/consumer.py:1:0
1	from pickle import load
2	from kafka import KafkaConsumer, KafkaProducer
3	import pandas as pd

--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b110_try_except_pass.html
   Location: ./Player_Tracking/DataLogisticsPipeline/Models_analysis/consumer.py:21:0
20	    admin_client.create_topics(new_topics=topic_list, validate_only=False)
21	except:
22	    pass
23	

--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/detect.py:4:0
3	from sys import platform
4	import subprocess
5	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/detect.py:65:15
64	    classes = load_classes(parse_data_cfg(data_cfg)['names'])
65	    colors = [[random.randint(0, 255) for _ in range(3)] for _ in range(len(classes))]
66	

--------------------------------------------------
>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b607_start_process_with_partial_path.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/detect.py:122:12
121	            # Safer line
122	            subprocess.run(['open', output, save_path])
123	            

--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b603_subprocess_without_shell_equals_true.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/detect.py:122:12
121	            # Safer line
122	            subprocess.run(['open', output, save_path])
123	            

--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/models.py:8:0
7	
8	import subprocess
9	

--------------------------------------------------
>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b607_start_process_with_partial_path.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/models.py:271:12
270	            # Safer
271	            subprocess.run(
272	                ["wget", f"https://pjreddie.com/media/files/{weights_file}", "-O", weights],
273	                check=True
274	            )
275	        # Changed from IOError

--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b603_subprocess_without_shell_equals_true.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/models.py:271:12
270	            # Safer
271	            subprocess.run(
272	                ["wget", f"https://pjreddie.com/media/files/{weights_file}", "-O", weights],
273	                check=True
274	            )
275	        # Changed from IOError

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/train.py:194:26
193	        image_weights = labels_to_image_weights(dataset.labels, nc=nc, class_weights=w)
194	        dataset.indices = random.choices(range(dataset.n), weights=image_weights, k=dataset.n)  # random weighted index
195	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/train.py:245:35
244	            if multi_scale and (i + 1) % 10 == 0:
245	                dataset.img_size = random.choice(range(10, 20)) * 32
246	                print('multi_scale img_size = %g' % dataset.img_size)

--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b110_try_except_pass.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:198:12
197	                    self.labels[i] = np.array([x.split() for x in f.read().splitlines()], dtype=np.float32)
198	            except:
199	                pass  # missing label file
200	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:227:17
226	
227	            a = (random.random() * 2 - 1) * fraction + 1
228	            b = (random.random() * 2 - 1) * fraction + 1

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:228:17
227	            a = (random.random() * 2 - 1) * fraction + 1
228	            b = (random.random() * 2 - 1) * fraction + 1
229	            S *= a

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:274:27
273	            lr_flip = True
274	            if lr_flip and random.random() > 0.5:
275	                img = np.fliplr(img)

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:281:27
280	            ud_flip = False
281	            if ud_flip and random.random() > 0.5:
282	                img = np.flipud(img)

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:346:8
345	    R = np.eye(3)
346	    a = random.random() * (degrees[1] - degrees[0]) + degrees[0]
347	    # a += random.choice([-180, -90, 0, 90])  # 90deg rotations added to small rotations

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:348:8
347	    # a += random.choice([-180, -90, 0, 90])  # 90deg rotations added to small rotations
348	    s = random.random() * (scale[1] - scale[0]) + scale[0]
349	    R[:2] = cv2.getRotationMatrix2D(angle=a, center=(img.shape[1] / 2, img.shape[0] / 2), scale=s)

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:353:15
352	    T = np.eye(3)
353	    T[0, 2] = (random.random() * 2 - 1) * translate[0] * img.shape[0] + border  # x translation (pixels)
354	    T[1, 2] = (random.random() * 2 - 1) * translate[1] * img.shape[1] + border  # y translation (pixels)

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:354:15
353	    T[0, 2] = (random.random() * 2 - 1) * translate[0] * img.shape[0] + border  # x translation (pixels)
354	    T[1, 2] = (random.random() * 2 - 1) * translate[1] * img.shape[1] + border  # y translation (pixels)
355	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:358:24
357	    S = np.eye(3)
358	    S[0, 1] = math.tan((random.random() * (shear[1] - shear[0]) + shear[0]) * math.pi / 180)  # x shear (deg)
359	    S[1, 0] = math.tan((random.random() * (shear[1] - shear[0]) + shear[0]) * math.pi / 180)  # y shear (deg)

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:359:24
358	    S[0, 1] = math.tan((random.random() * (shear[1] - shear[0]) + shear[0]) * math.pi / 180)  # x shear (deg)
359	    S[1, 0] = math.tan((random.random() * (shear[1] - shear[0]) + shear[0]) * math.pi / 180)  # y shear (deg)
360	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/utils.py:468:8
467	    # Strip optimizer from *.pt files for lighter files (reduced by 2/3 size)
468	    a = torch.load(filename, map_location='cpu')
469	    a['optimizer'] = []

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/utils.py:498:22
497	    tl = line_thickness or round(0.002 * max(img.shape[0:2])) + 1  # line thickness
498	    color = color or [random.randint(0, 255) for _ in range(3)]
499	    c1, c2 = (int(x[0]), int(x[1])), (int(x[2]), int(x[3]))

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/tennis_tracking/court_line_detector/court_line_detector.py:10:35
9	        self.model.fc = torch.nn.Linear(self.model.fc.in_features,14*2)
10	        self.model.load_state_dict(torch.load(model_path,map_location='cpu'))
11	

--------------------------------------------------
>> Issue: [B403:blacklist] Consider possible security implications associated with pickle module.
   Severity: Low   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b403-import-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/ball_tracker.py:3:0
2	import cv2
3	import pickle
4	import pandas as pd

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/ball_tracker.py:61:34
60	            with open(stub_path,'rb') as f:
61	                ball_detections = pickle.load(f)
62	            return ball_detections

--------------------------------------------------
>> Issue: [B403:blacklist] Consider possible security implications associated with pickle module.
   Severity: Low   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b403-import-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/player_tracker.py:3:0
2	import cv2
3	import pickle
4	import sys

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/player_tracker.py:53:36
52	            with open(stub_path,'rb') as f:
53	                player_detections = pickle.load(f)
54	            return player_detections

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:44:49
43	    coco_names = os.getenv('COCO_NAMES')
44	    tmp_output_dir = os.getenv('TMP_OUTPUT_DIR', '/tmp')
45	

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:48:12
47	        if not os.path.exists(yolo_config):
48	            urllib.request.urlretrieve("https://raw.githubusercontent.com/AlexeyAB/darknet/master/cfg/yolov4.cfg", yolo_config)
49	        if not os.path.exists(yolo_weights):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:50:12
49	        if not os.path.exists(yolo_weights):
50	            urllib.request.urlretrieve("https://github.com/AlexeyAB/darknet/releases/download/yolov4/yolov4.weights", yolo_weights)
51	        if not os.path.exists(coco_names):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:52:12
51	        if not os.path.exists(coco_names):
52	            urllib.request.urlretrieve("https://raw.githubusercontent.com/pjreddie/darknet/master/data/coco.names", coco_names)
53	    except Exception as e:

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./data_streaming_backend/api.py:216:19
215	        validate_url(health_url)
216	        response = requests.get(health_url)
217	        if response.status_code == 200:

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:16:16
15	    'RESULTS_TOPIC': 'face_results',
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:17:20
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:18:18
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:19:17
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:20:17
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:21:21
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image
32	    from kafka import KafkaConsumer, KafkaProducer

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/detect_faces_and_features.py:36:12
35	        if not os.path.exists(path):
36	            urllib.request.urlretrieve(url, path)
37	

--------------------------------------------------

Code scanned:
	Total lines of code: 8316
	Total lines skipped (#nosec): 4
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 25
		Medium: 16
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 1
		Medium: 7
		High: 33
Files skipped (0):

No critical security issues detected.

The code has passed all critical security checks.

@lperry022
Copy link
Contributor

lperry022 commented Sep 13, 2025

Please hold off on any changes

Reviewing code locally for PR check

lperry022
lperry022 suggested changes Sep 13, 2025
View reviewed changes
Copy link
Contributor

@lperry022 lperry022 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fallback JWT_SECRET is a big security risk where tokens could be forged if the env var isn’t set.

BTW this PR is also huge (142 files / 32k lines)!!! Try breaking it into smaller PRs next time to make reviews easier

Great work, just 1 change and you are all good to go!

Player_Tracking/afl_player_tracking_and_crowd_monitoring/frontend/server/routes/oauth.ts Outdated
Copy link
Contributor

@lperry022 lperry022 Sep 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reject - Hard Coded JWT Secret

const JWT_SECRET = process.env.JWT_SECRET || "your-jwt-secret-key";
  • Using a default hard-coded JWT secret is a major security risk.
  • If process.env.JWT_SECRET is not set in production, the app will fall back to "your-jwt-secret-key", which is guessable and makes all tokens forgeable by attackers.
  • This would let anyone create valid JWTs and impersonate users.

Proposed Fix

Require the secret to be set in production and fail fast if it’s missing:

if (!process.env.JWT_SECRET) {
  throw new Error("JWT_SECRET environment variable is required");
}
const JWT_SECRET = process.env.JWT_SECRET;

@github-actions
Copy link

github-actions bot commented Sep 14, 2025

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2025-09-14 01:15:26.741975

Test results:
>> Issue: [B403:blacklist] Consider possible security implications associated with load module.
   Severity: Low   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b403-import-pickle
   Location: ./Player_Tracking/DataLogisticsPipeline/Models_analysis/consumer.py:1:0
1	from pickle import load
2	from kafka import KafkaConsumer, KafkaProducer
3	import pandas as pd

--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b110_try_except_pass.html
   Location: ./Player_Tracking/DataLogisticsPipeline/Models_analysis/consumer.py:21:0
20	    admin_client.create_topics(new_topics=topic_list, validate_only=False)
21	except:
22	    pass
23	

--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/detect.py:4:0
3	from sys import platform
4	import subprocess
5	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/detect.py:65:15
64	    classes = load_classes(parse_data_cfg(data_cfg)['names'])
65	    colors = [[random.randint(0, 255) for _ in range(3)] for _ in range(len(classes))]
66	

--------------------------------------------------
>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b607_start_process_with_partial_path.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/detect.py:122:12
121	            # Safer line
122	            subprocess.run(['open', output, save_path])
123	            

--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b603_subprocess_without_shell_equals_true.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/detect.py:122:12
121	            # Safer line
122	            subprocess.run(['open', output, save_path])
123	            

--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/models.py:8:0
7	
8	import subprocess
9	

--------------------------------------------------
>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b607_start_process_with_partial_path.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/models.py:271:12
270	            # Safer
271	            subprocess.run(
272	                ["wget", f"https://pjreddie.com/media/files/{weights_file}", "-O", weights],
273	                check=True
274	            )
275	        # Changed from IOError

--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b603_subprocess_without_shell_equals_true.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/models.py:271:12
270	            # Safer
271	            subprocess.run(
272	                ["wget", f"https://pjreddie.com/media/files/{weights_file}", "-O", weights],
273	                check=True
274	            )
275	        # Changed from IOError

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/train.py:194:26
193	        image_weights = labels_to_image_weights(dataset.labels, nc=nc, class_weights=w)
194	        dataset.indices = random.choices(range(dataset.n), weights=image_weights, k=dataset.n)  # random weighted index
195	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/train.py:245:35
244	            if multi_scale and (i + 1) % 10 == 0:
245	                dataset.img_size = random.choice(range(10, 20)) * 32
246	                print('multi_scale img_size = %g' % dataset.img_size)

--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b110_try_except_pass.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:198:12
197	                    self.labels[i] = np.array([x.split() for x in f.read().splitlines()], dtype=np.float32)
198	            except:
199	                pass  # missing label file
200	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:227:17
226	
227	            a = (random.random() * 2 - 1) * fraction + 1
228	            b = (random.random() * 2 - 1) * fraction + 1

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:228:17
227	            a = (random.random() * 2 - 1) * fraction + 1
228	            b = (random.random() * 2 - 1) * fraction + 1
229	            S *= a

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:274:27
273	            lr_flip = True
274	            if lr_flip and random.random() > 0.5:
275	                img = np.fliplr(img)

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:281:27
280	            ud_flip = False
281	            if ud_flip and random.random() > 0.5:
282	                img = np.flipud(img)

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:346:8
345	    R = np.eye(3)
346	    a = random.random() * (degrees[1] - degrees[0]) + degrees[0]
347	    # a += random.choice([-180, -90, 0, 90])  # 90deg rotations added to small rotations

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:348:8
347	    # a += random.choice([-180, -90, 0, 90])  # 90deg rotations added to small rotations
348	    s = random.random() * (scale[1] - scale[0]) + scale[0]
349	    R[:2] = cv2.getRotationMatrix2D(angle=a, center=(img.shape[1] / 2, img.shape[0] / 2), scale=s)

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:353:15
352	    T = np.eye(3)
353	    T[0, 2] = (random.random() * 2 - 1) * translate[0] * img.shape[0] + border  # x translation (pixels)
354	    T[1, 2] = (random.random() * 2 - 1) * translate[1] * img.shape[1] + border  # y translation (pixels)

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:354:15
353	    T[0, 2] = (random.random() * 2 - 1) * translate[0] * img.shape[0] + border  # x translation (pixels)
354	    T[1, 2] = (random.random() * 2 - 1) * translate[1] * img.shape[1] + border  # y translation (pixels)
355	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:358:24
357	    S = np.eye(3)
358	    S[0, 1] = math.tan((random.random() * (shear[1] - shear[0]) + shear[0]) * math.pi / 180)  # x shear (deg)
359	    S[1, 0] = math.tan((random.random() * (shear[1] - shear[0]) + shear[0]) * math.pi / 180)  # y shear (deg)

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:359:24
358	    S[0, 1] = math.tan((random.random() * (shear[1] - shear[0]) + shear[0]) * math.pi / 180)  # x shear (deg)
359	    S[1, 0] = math.tan((random.random() * (shear[1] - shear[0]) + shear[0]) * math.pi / 180)  # y shear (deg)
360	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/utils.py:468:8
467	    # Strip optimizer from *.pt files for lighter files (reduced by 2/3 size)
468	    a = torch.load(filename, map_location='cpu')
469	    a['optimizer'] = []

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/utils.py:498:22
497	    tl = line_thickness or round(0.002 * max(img.shape[0:2])) + 1  # line thickness
498	    color = color or [random.randint(0, 255) for _ in range(3)]
499	    c1, c2 = (int(x[0]), int(x[1])), (int(x[2]), int(x[3]))

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/tennis_tracking/court_line_detector/court_line_detector.py:10:35
9	        self.model.fc = torch.nn.Linear(self.model.fc.in_features,14*2)
10	        self.model.load_state_dict(torch.load(model_path,map_location='cpu'))
11	

--------------------------------------------------
>> Issue: [B403:blacklist] Consider possible security implications associated with pickle module.
   Severity: Low   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b403-import-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/ball_tracker.py:3:0
2	import cv2
3	import pickle
4	import pandas as pd

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/ball_tracker.py:61:34
60	            with open(stub_path,'rb') as f:
61	                ball_detections = pickle.load(f)
62	            return ball_detections

--------------------------------------------------
>> Issue: [B403:blacklist] Consider possible security implications associated with pickle module.
   Severity: Low   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b403-import-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/player_tracker.py:3:0
2	import cv2
3	import pickle
4	import sys

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/player_tracker.py:53:36
52	            with open(stub_path,'rb') as f:
53	                player_detections = pickle.load(f)
54	            return player_detections

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:44:49
43	    coco_names = os.getenv('COCO_NAMES')
44	    tmp_output_dir = os.getenv('TMP_OUTPUT_DIR', '/tmp')
45	

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:48:12
47	        if not os.path.exists(yolo_config):
48	            urllib.request.urlretrieve("https://raw.githubusercontent.com/AlexeyAB/darknet/master/cfg/yolov4.cfg", yolo_config)
49	        if not os.path.exists(yolo_weights):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:50:12
49	        if not os.path.exists(yolo_weights):
50	            urllib.request.urlretrieve("https://github.com/AlexeyAB/darknet/releases/download/yolov4/yolov4.weights", yolo_weights)
51	        if not os.path.exists(coco_names):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:52:12
51	        if not os.path.exists(coco_names):
52	            urllib.request.urlretrieve("https://raw.githubusercontent.com/pjreddie/darknet/master/data/coco.names", coco_names)
53	    except Exception as e:

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./data_streaming_backend/api.py:216:19
215	        validate_url(health_url)
216	        response = requests.get(health_url)
217	        if response.status_code == 200:

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:16:16
15	    'RESULTS_TOPIC': 'face_results',
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:17:20
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:18:18
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:19:17
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:20:17
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:21:21
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image
32	    from kafka import KafkaConsumer, KafkaProducer

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/detect_faces_and_features.py:36:12
35	        if not os.path.exists(path):
36	            urllib.request.urlretrieve(url, path)
37	

--------------------------------------------------

Code scanned:
	Total lines of code: 8316
	Total lines skipped (#nosec): 4
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 25
		Medium: 16
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 1
		Medium: 7
		High: 33
Files skipped (0):

No critical security issues detected.

The code has passed all critical security checks.

lperry022
lperry022 approved these changes Sep 14, 2025
View reviewed changes
Copy link
Contributor

@lperry022 lperry022 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work!!

@github-actions
Copy link

github-actions bot commented Sep 14, 2025

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2025-09-14 01:45:46.917090

Test results:
>> Issue: [B403:blacklist] Consider possible security implications associated with load module.
   Severity: Low   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b403-import-pickle
   Location: ./Player_Tracking/DataLogisticsPipeline/Models_analysis/consumer.py:1:0
1	from pickle import load
2	from kafka import KafkaConsumer, KafkaProducer
3	import pandas as pd

--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b110_try_except_pass.html
   Location: ./Player_Tracking/DataLogisticsPipeline/Models_analysis/consumer.py:21:0
20	    admin_client.create_topics(new_topics=topic_list, validate_only=False)
21	except:
22	    pass
23	

--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/detect.py:4:0
3	from sys import platform
4	import subprocess
5	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/detect.py:65:15
64	    classes = load_classes(parse_data_cfg(data_cfg)['names'])
65	    colors = [[random.randint(0, 255) for _ in range(3)] for _ in range(len(classes))]
66	

--------------------------------------------------
>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b607_start_process_with_partial_path.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/detect.py:122:12
121	            # Safer line
122	            subprocess.run(['open', output, save_path])
123	            

--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b603_subprocess_without_shell_equals_true.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/detect.py:122:12
121	            # Safer line
122	            subprocess.run(['open', output, save_path])
123	            

--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/models.py:8:0
7	
8	import subprocess
9	

--------------------------------------------------
>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b607_start_process_with_partial_path.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/models.py:271:12
270	            # Safer
271	            subprocess.run(
272	                ["wget", f"https://pjreddie.com/media/files/{weights_file}", "-O", weights],
273	                check=True
274	            )
275	        # Changed from IOError

--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b603_subprocess_without_shell_equals_true.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/models.py:271:12
270	            # Safer
271	            subprocess.run(
272	                ["wget", f"https://pjreddie.com/media/files/{weights_file}", "-O", weights],
273	                check=True
274	            )
275	        # Changed from IOError

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/train.py:194:26
193	        image_weights = labels_to_image_weights(dataset.labels, nc=nc, class_weights=w)
194	        dataset.indices = random.choices(range(dataset.n), weights=image_weights, k=dataset.n)  # random weighted index
195	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/train.py:245:35
244	            if multi_scale and (i + 1) % 10 == 0:
245	                dataset.img_size = random.choice(range(10, 20)) * 32
246	                print('multi_scale img_size = %g' % dataset.img_size)

--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b110_try_except_pass.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:198:12
197	                    self.labels[i] = np.array([x.split() for x in f.read().splitlines()], dtype=np.float32)
198	            except:
199	                pass  # missing label file
200	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:227:17
226	
227	            a = (random.random() * 2 - 1) * fraction + 1
228	            b = (random.random() * 2 - 1) * fraction + 1

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:228:17
227	            a = (random.random() * 2 - 1) * fraction + 1
228	            b = (random.random() * 2 - 1) * fraction + 1
229	            S *= a

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:274:27
273	            lr_flip = True
274	            if lr_flip and random.random() > 0.5:
275	                img = np.fliplr(img)

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:281:27
280	            ud_flip = False
281	            if ud_flip and random.random() > 0.5:
282	                img = np.flipud(img)

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:346:8
345	    R = np.eye(3)
346	    a = random.random() * (degrees[1] - degrees[0]) + degrees[0]
347	    # a += random.choice([-180, -90, 0, 90])  # 90deg rotations added to small rotations

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:348:8
347	    # a += random.choice([-180, -90, 0, 90])  # 90deg rotations added to small rotations
348	    s = random.random() * (scale[1] - scale[0]) + scale[0]
349	    R[:2] = cv2.getRotationMatrix2D(angle=a, center=(img.shape[1] / 2, img.shape[0] / 2), scale=s)

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:353:15
352	    T = np.eye(3)
353	    T[0, 2] = (random.random() * 2 - 1) * translate[0] * img.shape[0] + border  # x translation (pixels)
354	    T[1, 2] = (random.random() * 2 - 1) * translate[1] * img.shape[1] + border  # y translation (pixels)

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:354:15
353	    T[0, 2] = (random.random() * 2 - 1) * translate[0] * img.shape[0] + border  # x translation (pixels)
354	    T[1, 2] = (random.random() * 2 - 1) * translate[1] * img.shape[1] + border  # y translation (pixels)
355	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:358:24
357	    S = np.eye(3)
358	    S[0, 1] = math.tan((random.random() * (shear[1] - shear[0]) + shear[0]) * math.pi / 180)  # x shear (deg)
359	    S[1, 0] = math.tan((random.random() * (shear[1] - shear[0]) + shear[0]) * math.pi / 180)  # y shear (deg)

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/datasets.py:359:24
358	    S[0, 1] = math.tan((random.random() * (shear[1] - shear[0]) + shear[0]) * math.pi / 180)  # x shear (deg)
359	    S[1, 0] = math.tan((random.random() * (shear[1] - shear[0]) + shear[0]) * math.pi / 180)  # y shear (deg)
360	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/utils.py:468:8
467	    # Strip optimizer from *.pt files for lighter files (reduced by 2/3 size)
468	    a = torch.load(filename, map_location='cpu')
469	    a['optimizer'] = []

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./Player_Tracking/YOLOV3_Model/YOLOV3/utils/utils.py:498:22
497	    tl = line_thickness or round(0.002 * max(img.shape[0:2])) + 1  # line thickness
498	    color = color or [random.randint(0, 255) for _ in range(3)]
499	    c1, c2 = (int(x[0]), int(x[1])), (int(x[2]), int(x[3]))

--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: ./Player_Tracking/afl_player_tracking_and_crowd_monitoring/backend/pipeline.py:1:0
1	import os, shutil, glob, subprocess, argparse
2	from pathlib import Path
3	from dataclasses import dataclass

--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b603_subprocess_without_shell_equals_true.html
   Location: ./Player_Tracking/afl_player_tracking_and_crowd_monitoring/backend/pipeline.py:133:4
132	    print("Running:", " ".join(cmd))
133	    subprocess.run(cmd, check=True)
134	

--------------------------------------------------
>> Issue: [B614:pytorch_load] Use of unsafe PyTorch load
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b614_pytorch_load.html
   Location: ./Player_Tracking/tennis_tracking/court_line_detector/court_line_detector.py:10:35
9	        self.model.fc = torch.nn.Linear(self.model.fc.in_features,14*2)
10	        self.model.load_state_dict(torch.load(model_path,map_location='cpu'))
11	

--------------------------------------------------
>> Issue: [B403:blacklist] Consider possible security implications associated with pickle module.
   Severity: Low   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b403-import-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/ball_tracker.py:3:0
2	import cv2
3	import pickle
4	import pandas as pd

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/ball_tracker.py:61:34
60	            with open(stub_path,'rb') as f:
61	                ball_detections = pickle.load(f)
62	            return ball_detections

--------------------------------------------------
>> Issue: [B403:blacklist] Consider possible security implications associated with pickle module.
   Severity: Low   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b403-import-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/player_tracker.py:3:0
2	import cv2
3	import pickle
4	import sys

--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
   Severity: Medium   Confidence: High
   CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b301-pickle
   Location: ./Player_Tracking/tennis_tracking/trackers/player_tracker.py:53:36
52	            with open(stub_path,'rb') as f:
53	                player_detections = pickle.load(f)
54	            return player_detections

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:44:49
43	    coco_names = os.getenv('COCO_NAMES')
44	    tmp_output_dir = os.getenv('TMP_OUTPUT_DIR', '/tmp')
45	

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:48:12
47	        if not os.path.exists(yolo_config):
48	            urllib.request.urlretrieve("https://raw.githubusercontent.com/AlexeyAB/darknet/master/cfg/yolov4.cfg", yolo_config)
49	        if not os.path.exists(yolo_weights):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:50:12
49	        if not os.path.exists(yolo_weights):
50	            urllib.request.urlretrieve("https://github.com/AlexeyAB/darknet/releases/download/yolov4/yolov4.weights", yolo_weights)
51	        if not os.path.exists(coco_names):

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/airflow/dags/heatmaps_kafka.py:52:12
51	        if not os.path.exists(coco_names):
52	            urllib.request.urlretrieve("https://raw.githubusercontent.com/pjreddie/darknet/master/data/coco.names", coco_names)
53	    except Exception as e:

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./data_streaming_backend/api.py:216:19
215	        validate_url(health_url)
216	        response = requests.get(health_url)
217	        if response.status_code == 200:

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:16:16
15	    'RESULTS_TOPIC': 'face_results',
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:17:20
16	    'YOLO_CFG': '/tmp/yolov4-face.cfg',
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:18:18
17	    'YOLO_WEIGHTS': '/tmp/yolov4-face.weights',
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:19:17
18	    'MASK_MODEL': '/tmp/mask_detector.model',
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:20:17
19	    'AGE_PROTO': '/tmp/age_deploy.prototxt',
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b108_hardcoded_tmp_directory.html
   Location: ./data_streaming_backend/detect_faces_and_features.py:21:21
20	    'AGE_MODEL': '/tmp/age_net.caffemodel',
21	    'EMOTION_MODEL': '/tmp/emotion-ferplus-8.onnx'
22	}
23	
24	def detect_faces_and_features():
25	    import os
26	    import cv2
27	    import io
28	    import json
29	    import numpy as np
30	    import urllib.request
31	    from PIL import Image
32	    from kafka import KafkaConsumer, KafkaProducer

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./data_streaming_backend/detect_faces_and_features.py:36:12
35	        if not os.path.exists(path):
36	            urllib.request.urlretrieve(url, path)
37	

--------------------------------------------------

Code scanned:
	Total lines of code: 8580
	Total lines skipped (#nosec): 4
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 27
		Medium: 16
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 1
		Medium: 7
		High: 35
Files skipped (0):

No critical security issues detected.

The code has passed all critical security checks.

@ishita230702 ishita230702 deleted the main branch September 14, 2025 01:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@lperry022 lperry022 lperry022 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ishita230702 @lperry022