You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This random number is used to set the name of the compressed data for the integrity synchronization process in cluster. The temporary file is created using the node name, so we can guaranteee that the files will never be overwritten. Despite that, we need to investigate this flaw.
Description
With the test created in the issue wazuh/wazuh-qa#1615, some possible code flaws were found by Bandit.
In this issue we specify flaws when using pseudo-random generators.
Issue text: Standard pseudo-random generators are not suitable for security/cryptographic purposes
framework/wazuh/core/cluster/cluster.py line 306
This random number is used to set the name of the compressed data for the integrity synchronization process in cluster. The temporary file is created using the node name, so we can guaranteee that the files will never be overwritten. Despite that, we need to investigate this flaw.
More info.: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b311-random
We should investigate this result and see if it is a real vulnerability.
Checks
wazuh/wazuh
framework/wazuh/core/cluster/tests/
&framework/wazuh/core/cluster/dapi/tests/
)framework/wazuh/core/tests/
)framework/wazuh/tests/
)framework/wazuh/rbac/tests/
)api/api/tests/
)api/test/integration/
):api/test/integration/mapping/integration_test_api_endpoints.json
)api/api/spec/spec.yaml
)framework/wazuh/core/exception.py
)CHANGELOG.md
)wazuh/wazuh-documentation
source/user-manual/api/equivalence.rst
)source/user-manual/api/rbac/reference.rst
)The text was updated successfully, but these errors were encountered: