fix(security): fail closed without attestations#21
QWED Security — NEUTRAL
QWED Security Verification Report
3 files scanned | 0 blocked | 8 warnings | 6 info | 1 verified
Engines: pattern_scan, python_ast, secret_scan, shell_safety, policy_config
Advisory Warnings
| File | Line | Context | Issue |
|---|---|---|---|
src/qwed_a2a/interceptor.py |
L291 | RUNTIME_CODE |
compile() can be part of dynamic code generation. |
src/qwed_a2a/interceptor.py |
L292 | RUNTIME_CODE |
compile() can be part of dynamic code generation. |
src/qwed_a2a/interceptor.py |
L293 | RUNTIME_CODE |
compile() can be part of dynamic code generation. |
src/qwed_a2a/interceptor.py |
L297 | RUNTIME_CODE |
compile() can be part of dynamic code generation. |
src/qwed_a2a/interceptor.py |
L298 | RUNTIME_CODE |
compile() can be part of dynamic code generation. |
src/qwed_a2a/interceptor.py |
L299 | RUNTIME_CODE |
compile() can be part of dynamic code generation. |
src/qwed_a2a/interceptor.py |
L300 | RUNTIME_CODE |
compile() can be part of dynamic code generation. |
src/qwed_a2a/interceptor.py |
L301 | RUNTIME_CODE |
compile() can be part of dynamic code generation. |
Informational Findings
| File | Line | Context | Issue |
|---|---|---|---|
README.md |
L40 | DOCUMENTATION |
os.system() shell execution primitive detected. |
README.md |
L164 | DOCUMENTATION |
Dangerous eval() call can execute untrusted code. |
README.md |
L165 | DOCUMENTATION |
Dangerous exec() call can execute untrusted code. |
README.md |
L167 | DOCUMENTATION |
os.system() shell execution primitive detected. |
README.md |
L173 | DOCUMENTATION |
subprocess invocation detected. |
README.md |
L270 | DOCUMENTATION |
Binding to 0.0.0.0 exposes the service broadly. |
Verified Files
tests/test_interceptor.py
Verified by QWED — deterministic security verification. No LLM used.
Details
Scan completed in 6.1s. Engines: pattern_scan, python_ast, secret_scan, shell_safety, policy_config.
Annotations
Check warning on line 291 in src/qwed_a2a/interceptor.py
qwed-security / QWED Security
QWED: pattern_scan
compile() can be part of dynamic code generation. Context=RUNTIME_CODE. Decision reason: Executable runtime path contains a risky but non-blocking pattern.
Check warning on line 292 in src/qwed_a2a/interceptor.py
qwed-security / QWED Security
QWED: pattern_scan
compile() can be part of dynamic code generation. Context=RUNTIME_CODE. Decision reason: Executable runtime path contains a risky but non-blocking pattern.
Check warning on line 293 in src/qwed_a2a/interceptor.py
qwed-security / QWED Security
QWED: pattern_scan
compile() can be part of dynamic code generation. Context=RUNTIME_CODE. Decision reason: Executable runtime path contains a risky but non-blocking pattern.
Check warning on line 297 in src/qwed_a2a/interceptor.py
qwed-security / QWED Security
QWED: pattern_scan
compile() can be part of dynamic code generation. Context=RUNTIME_CODE. Decision reason: Executable runtime path contains a risky but non-blocking pattern.
Check warning on line 298 in src/qwed_a2a/interceptor.py
qwed-security / QWED Security
QWED: pattern_scan
compile() can be part of dynamic code generation. Context=RUNTIME_CODE. Decision reason: Executable runtime path contains a risky but non-blocking pattern.
Check warning on line 299 in src/qwed_a2a/interceptor.py
qwed-security / QWED Security
QWED: pattern_scan
compile() can be part of dynamic code generation. Context=RUNTIME_CODE. Decision reason: Executable runtime path contains a risky but non-blocking pattern.
Check warning on line 300 in src/qwed_a2a/interceptor.py
qwed-security / QWED Security
QWED: pattern_scan
compile() can be part of dynamic code generation. Context=RUNTIME_CODE. Decision reason: Executable runtime path contains a risky but non-blocking pattern.
Check warning on line 301 in src/qwed_a2a/interceptor.py
qwed-security / QWED Security
QWED: pattern_scan
compile() can be part of dynamic code generation. Context=RUNTIME_CODE. Decision reason: Executable runtime path contains a risky but non-blocking pattern.