You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the wodles code there are some sections of code that can be improved.
First we have a part of the oscap.py module where an agent_id is calculated randomly. Basically it doesn't seem that the module ever enters this part, however, we should investigate it and either fix it or remove it.
The next thing we need to investigate is the use of the eval() functions and the subprocess module as they are being used to check that certain services are installed. This can be done in a better way.
It is true that the oscap module has these vulnerabilities. However, the module was deprecated in 4.0 and replaced by SCA, so we believe there is no reason to spend the time to modify this. The idea is to remove this code from our repository for the future 5.0 release.
The script itself from 4.0 onwards is no longer copied on the system during installation or when upgrading, so it would not pose a security risk either.
Hi team,
In the wodles code there are some sections of code that can be improved.
First we have a part of the
oscap.py
module where an agent_id is calculated randomly. Basically it doesn't seem that the module ever enters this part, however, we should investigate it and either fix it or remove it.The next thing we need to investigate is the use of the eval() functions and the subprocess module as they are being used to check that certain services are installed. This can be done in a better way.
More information here: #7998 (comment) and here: wazuh/wazuh-qa#1615 (comment)
ToDo
Regards
The text was updated successfully, but these errors were encountered: