sdk/python/Cryptography/PyHvac
Cryptography

PyHvac

hvac is the Python client for HashiCorp Vault. Client.secrets.kv.v2.read_secret_version reads a secret — the returned payload is a source. Client() with verify=False disables TLS verification (major finding).

1 source
Taint flow1 source 0 sinks
Sources — untrusted input
.secrets.kv.v2.read_secret_version()

Sources

.secrets.kv.v2.read_secret_version()Source
#
Signature
Client.secrets.kv.v2.read_secret_version(path, mount_point='secret', version=None, ...) -> dict

Reads a KV secret. Return value carries secret data.

tracks:return

Other Methods

.Client()Neutral
#
Signature
hvac.Client(url='http://localhost:8200', token=None, verify=True, ...) -> Client

Vault client. Finding when verify=False.

Fully-Qualified Names

FQNField
hvacfqns[0]
hvac.Clientfqns[1]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py
from codepathfinder.go_rule import PyHvac
Next →PyJks