-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed a flaw regarding subprocess calls #2360
Fixed a flaw regarding subprocess calls #2360
Conversation
71dc97d
to
b591639
Compare
b591639
to
2cc6f2d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
27/12/21
Report | |
---|---|
R1 | 🔴 |
R2 | 🔴 |
R3 | 🔴 |
Where new flaws are
{
"new_flaws": [
{
"code": " from shutil import rmtree\n from subprocess import check_output\n from time import time\n",
"filename": "framework/wazuh/core/cluster/cluster.py",
"issue_confidence": "HIGH",
"issue_severity": "LOW",
"issue_text": "Consider possible security implications associated with check_output module.",
"line_number": 15,
"line_range": [
15
],
"more_info": "https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess",
"test_id": "B404",
"test_name": "blacklist"
},
{
"code": " \"\"\"\n return set(str(check_output(['hostname', '--all-ip-addresses']).decode()).split(\" \")[:-1])\n \n",
"filename": "framework/wazuh/core/cluster/cluster.py",
"issue_confidence": "HIGH",
"issue_severity": "LOW",
"issue_text": "Starting a process with a partial executable path",
"line_number": 42,
"line_range": [
42
],
"more_info": "https://bandit.readthedocs.io/en/latest/plugins/b607_start_process_with_partial_path.html",
"test_id": "B607",
"test_name": "start_process_with_partial_path"
},
{
"code": " \"\"\"\n return set(str(check_output(['hostname', '--all-ip-addresses']).decode()).split(\" \")[:-1])\n \n",
"filename": "framework/wazuh/core/cluster/cluster.py",
"issue_confidence": "HIGH",
"issue_severity": "LOW",
"issue_text": "subprocess call - check for execution of untrusted input.",
"line_number": 42,
"line_range": [
42
],
"more_info": "https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html",
"test_id": "B603",
"test_name": "subprocess_without_shell_equals_true"
}
]
}
These are solved at dev-fix-python-code-vulnerabilities
branch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
2cc6f2d
to
9c42f7c
Compare
9c42f7c
to
c50d444
Compare
Description
subprocess
in theframework/
directory wazuh#10144.B603
:wazuh/framework/wazuh/core/cluster/cluster.py
: FALSE POSITIVEwazuh/framework/wazuh/core/common.py
: FALSE POSITIVEwazuh/framework/wazuh/core/configuration.py
: FALSE POSITIVEwazuh/framework/scripts/wazuh-logtest.py
: FALSE POSITIVEwazuh/framework/wazuh/core/utils.py
: FIXEDB404
:wazuh/framework/scripts/wazuh-logtest.py
: FALSE POSITIVEwazuh/framework/wazuh/core/cluster/cluster.py
: FALSE POSITIVEwazuh/framework/wazuh/core/common.py
: FALSE POSITIVEwazuh/framework/wazuh/core/configuration.py
: FALSE POSITIVEUnder this development, the related possible code flaw is set as solved using Code Analysis Tool.
Tests