Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed a flaw regarding temp folders #2350

Merged
merged 1 commit into from
Jan 5, 2022
Merged

Fixed a flaw regarding temp folders #2350

merged 1 commit into from
Jan 5, 2022

Conversation

Kondent
Copy link
Contributor

@Kondent Kondent commented Dec 16, 2021

Related issue
#2330

Description

Under this development, the related possible code flaw is set as solved using Code Analysis Tool.

Tests

  • Proven that tests pass when they have to pass.
  • Proven that tests fail when they have to fail.

@Kondent Kondent self-assigned this Dec 16, 2021
This was referenced Dec 16, 2021
Merged
Closed
@Kondent Kondent changed the title Fixed flaw regarding temp folders Fixed a flaw regarding temp folders Dec 16, 2021
mcarmona99
mcarmona99 approved these changes Dec 17, 2021
View reviewed changes
Copy link
Contributor

@mcarmona99 mcarmona99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Rebits
Copy link
Member

Rebits commented Dec 27, 2021
edited

27/12/21

Report
R1 🔴
R2 🔴
R3 🔴

Where new flaws are

{
    "new_flaws": [
        {
            "code": " from shutil import rmtree\n from subprocess import check_output\n from time import time\n",
            "filename": "framework/wazuh/core/cluster/cluster.py",
            "issue_confidence": "HIGH",
            "issue_severity": "LOW",
            "issue_text": "Consider possible security implications associated with check_output module.",
            "line_number": 15,
            "line_range": [
                15
            ],
            "more_info": "https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess",
            "test_id": "B404",
            "test_name": "blacklist"
        },
        {
            "code": "     \"\"\"\n     return set(str(check_output(['hostname', '--all-ip-addresses']).decode()).split(\" \")[:-1])\n \n",
            "filename": "framework/wazuh/core/cluster/cluster.py",
            "issue_confidence": "HIGH",
            "issue_severity": "LOW",
            "issue_text": "Starting a process with a partial executable path",
            "line_number": 42,
            "line_range": [
                42
            ],
            "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b607_start_process_with_partial_path.html",
            "test_id": "B607",
            "test_name": "start_process_with_partial_path"
        },
        {
            "code": "     \"\"\"\n     return set(str(check_output(['hostname', '--all-ip-addresses']).decode()).split(\" \")[:-1])\n \n",
            "filename": "framework/wazuh/core/cluster/cluster.py",
            "issue_confidence": "HIGH",
            "issue_severity": "LOW",
            "issue_text": "subprocess call - check for execution of untrusted input.",
            "line_number": 42,
            "line_range": [
                42
            ],
            "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html",
            "test_id": "B603",
            "test_name": "subprocess_without_shell_equals_true"
        }
    ]
}

These are solved at wazuh dev-fix-python-code-vulnerabilities branch.

Rebits
Rebits approved these changes Dec 27, 2021
View reviewed changes
Copy link
Member

@Rebits Rebits left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Kondent Kondent force-pushed the feature/2330-framework-tempdirs branch from da19a91 to 9a62a30 Compare January 5, 2022 12:13
@davidjiglesias davidjiglesias merged commit c3c9d70 into dev-fix-python-code-vulnerabilities Jan 5, 2022
@davidjiglesias davidjiglesias deleted the feature/2330-framework-tempdirs branch January 5, 2022 15:47
mcarmona99 pushed a commit that referenced this pull request Feb 4, 2022
@Kondent @mcarmona99
Fix flaw regarding temp folders - wazuh/wazuh#10115 (#2350)
1827128
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rebits Rebits Rebits approved these changes

@mcarmona99 mcarmona99 mcarmona99 approved these changes

@vicferpoy vicferpoy Awaiting requested review from vicferpoy

Assignees

@Kondent Kondent

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Kondent @Rebits @mcarmona99 @davidjiglesias