Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix various bandit complaints. (#10)
I ignore some, and fix others. Full report before these changes: ``` $ bandit -r . [main] INFO profile include tests: None [main] INFO profile exclude tests: None [main] INFO cli include tests: None [main] INFO cli exclude tests: None [main] INFO running on Python 3.10.9 Run started:2023-01-12 21:41:24.463019 Test results: >> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module. Severity: Low Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) Location: ./locales/update.py:5:0 More Info: https://bandit.readthedocs.io/en/1.7.4/blacklists/blacklist_imports.html#b404-import-subprocess 4 import pkg_resources 5 import subprocess 6 7 8 domain = "pas.plugins.oidc" -------------------------------------------------- >> Issue: [B105:hardcoded_password_string] Possible hardcoded password: '' Severity: Low Confidence: Medium CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html) Location: ./plugins.py:50:20 More Info: https://bandit.readthedocs.io/en/1.7.4/plugins/b105_hardcoded_password_string.html 49 client_id = "" 50 client_secret = "" 51 redirect_uris = () -------------------------------------------------- >> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Severity: Low Confidence: High CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html) Location: ./plugins.py:105:8 More Info: https://bandit.readthedocs.io/en/1.7.4/plugins/b101_assert_used.html 104 def rememberIdentity(self, userinfo): 105 assert isinstance(userinfo, OpenIDSchema) 106 # sub: machine-readable identifier of the user at this server; 107 # this value is guaranteed to be unique per user, stable over time, 108 # and never re-used 109 user_id = userinfo["sub"] -------------------------------------------------- >> Issue: [B110:try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html) Location: ./plugins.py:147:28 More Info: https://bandit.readthedocs.io/en/1.7.4/plugins/b110_try_except_pass.html 146 raise 147 except Exception: 148 pass -------------------------------------------------- >> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes. Severity: Low Confidence: High CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html) Location: ./plugins.py:185:24 More Info: https://bandit.readthedocs.io/en/1.7.4/blacklists/blacklist_calls.html#b311-random 184 """Return a obfuscated password never used for login""" 185 return "".join([choice(PWCHARS) for ii in range(40)]) 186 -------------------------------------------------- Code scanned: Total lines of code: 653 Total lines skipped (#nosec): 3 Run metrics: Total issues (by severity): Undefined: 0 Low: 5 Medium: 0 High: 0 Total issues (by confidence): Undefined: 0 Low: 0 Medium: 1 High: 4 Files skipped (0): ```
- Loading branch information