Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed a flaw regarding subprocess calls #2360

Merged
merged 1 commit into from
Jan 5, 2022
Merged

Fixed a flaw regarding subprocess calls #2360

merged 1 commit into from
Jan 5, 2022

Conversation

Kondent
Copy link
Contributor

@Kondent Kondent commented Dec 17, 2021

Related issue
#2330

Description

Under this development, the related possible code flaw is set as solved using Code Analysis Tool.

Tests

  • Proven that tests pass when they have to pass.
  • Proven that tests fail when they have to fail.

@Kondent Kondent self-assigned this Dec 17, 2021
This was referenced Dec 17, 2021
Merged
Closed
mcarmona99
mcarmona99 approved these changes Dec 22, 2021
View reviewed changes
Copy link
Contributor

@mcarmona99 mcarmona99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Rebits
Rebits requested changes Dec 27, 2021
View reviewed changes
Copy link
Member

@Rebits Rebits left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

27/12/21

Report
R1 🔴
R2 🔴
R3 🔴

Where new flaws are

{
    "new_flaws": [
        {
            "code": " from shutil import rmtree\n from subprocess import check_output\n from time import time\n",
            "filename": "framework/wazuh/core/cluster/cluster.py",
            "issue_confidence": "HIGH",
            "issue_severity": "LOW",
            "issue_text": "Consider possible security implications associated with check_output module.",
            "line_number": 15,
            "line_range": [
                15
            ],
            "more_info": "https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess",
            "test_id": "B404",
            "test_name": "blacklist"
        },
        {
            "code": "     \"\"\"\n     return set(str(check_output(['hostname', '--all-ip-addresses']).decode()).split(\" \")[:-1])\n \n",
            "filename": "framework/wazuh/core/cluster/cluster.py",
            "issue_confidence": "HIGH",
            "issue_severity": "LOW",
            "issue_text": "Starting a process with a partial executable path",
            "line_number": 42,
            "line_range": [
                42
            ],
            "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b607_start_process_with_partial_path.html",
            "test_id": "B607",
            "test_name": "start_process_with_partial_path"
        },
        {
            "code": "     \"\"\"\n     return set(str(check_output(['hostname', '--all-ip-addresses']).decode()).split(\" \")[:-1])\n \n",
            "filename": "framework/wazuh/core/cluster/cluster.py",
            "issue_confidence": "HIGH",
            "issue_severity": "LOW",
            "issue_text": "subprocess call - check for execution of untrusted input.",
            "line_number": 42,
            "line_range": [
                42
            ],
            "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html",
            "test_id": "B603",
            "test_name": "subprocess_without_shell_equals_true"
        }
    ]
}

These are solved at dev-fix-python-code-vulnerabilities branch.

tests/scans/code_analysis/known_flaws/known_flaws_framework.json Show resolved Hide resolved
Rebits
Rebits approved these changes Dec 27, 2021
View reviewed changes
Copy link
Member

@Rebits Rebits left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Kondent Kondent force-pushed the feature/2330-subprocess-flaw branch from 2cc6f2d to 9c42f7c Compare January 3, 2022 13:38
@Kondent Kondent force-pushed the feature/2330-subprocess-flaw branch from 9c42f7c to c50d444 Compare January 3, 2022 13:42
@davidjiglesias davidjiglesias merged commit ced8606 into dev-fix-python-code-vulnerabilities Jan 5, 2022
@davidjiglesias davidjiglesias deleted the feature/2330-subprocess-flaw branch January 5, 2022 10:30
mcarmona99 pushed a commit that referenced this pull request Feb 4, 2022
@Kondent @mcarmona99
Fix flaw regarding subprocess calls - wazuh/wazuh#10144 (#2360)
be555bf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rebits Rebits Rebits approved these changes

@mcarmona99 mcarmona99 mcarmona99 approved these changes

Assignees

@Kondent Kondent

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Kondent @Rebits @mcarmona99 @davidjiglesias