Sign upLogin

avocado-framework/avocado

View on GitHub
Star

Showing 885 of 902 total issues

Probable insecure usage of temp file/directory.
Open

def make_dir_and_populate(basedir="/tmp"):
Severity: Minor
Found in avocado/utils/data_factory.py by bandit

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

    assert os.path.isdir(tmp_dir), msg
Severity: Info
Found in avocado/core/data_dir.py by bandit

Probable insecure usage of temp file/directory.
Open

        mounted_status_server_socket = "/tmp/.status_server.sock"
Severity: Minor
Found in avocado/plugins/spawners/podman.py by bandit

Probable insecure usage of temp file/directory.
Open

                        runtime_task.task.runnable.uri = os.path.join(
                            "/tmp", runtime_task.task.runnable.uri
Severity: Minor
Found in avocado/plugins/spawners/podman.py by bandit

Probable insecure usage of temp file/directory.
Open

        "/tmp/creat_partition" + process.run("date '+%d-%m-%y_%T'").stdout_text.strip()
Severity: Minor
Found in avocado/utils/disk.py by bandit

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

        assert 0
Severity: Info
Found in avocado/utils/external/spark.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

    out = process.run(cmd, ignore_status=True, sudo=True, shell=True).stdout_text
Severity: Minor
Found in avocado/utils/multipath.py by bandit

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

        assert self.tmpdir is None, "Job.setup() already called"
Severity: Info
Found in avocado/core/job.py by bandit

Probable insecure usage of temp file/directory.
Open

                        to = os.path.join("/tmp", asset)
Severity: Minor
Found in avocado/plugins/spawners/podman.py by bandit

The input method in Python 2 will read from standard input, evaluate and run the resulting string as python source code. This is similar, though in many ways worse, then using eval. On Python 2, use raw_input instead, input is safe in Python 3.
Open

    return input(f"{question} (y/n) ")
Severity: Major
Found in avocado/utils/genio.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

        mpaths = process.run(cmd, ignore_status=True, sudo=True, shell=True).stdout_text
Severity: Minor
Found in avocado/utils/multipath.py by bandit

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

        return random.choice([True, True, True, True, False])
Severity: Info
Found in avocado/core/spawners/mock.py by bandit

subprocess call - check for execution of untrusted input.
Open

        return subprocess.Popen(
            [runnable.uri] + list(runnable.args),
            stdin=subprocess.DEVNULL,
            stdout=stdout,
            stderr=stderr,
Severity: Info
Found in avocado/plugins/runners/exec_test.py by bandit

subprocess call - check for execution of untrusted input.
Open

        process = subprocess.Popen(
            cmd,
            stdin=subprocess.DEVNULL,
            stdout=subprocess.PIPE,
            stderr=subprocess.DEVNULL,
Severity: Info
Found in avocado/plugins/spawners/podman.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

    if not process.run(cmd, shell=True, ignore_status=True):
Severity: Minor
Found in avocado/utils/nvme.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

    out = process.run(cmd, ignore_status=True, sudo=True, shell=True).stdout_text
Severity: Minor
Found in avocado/utils/nvme.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

    output = process.run(cmd, ignore_status=True, shell=True).stdout_text
Severity: Minor
Found in avocado/utils/pci.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

        if process.system(
            f"{self.ndctl} disable-region {name}", shell=True, ignore_status=True
Severity: Minor
Found in avocado/utils/pmem.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

        if process.system(
            f"{self.ndctl} enable-region {name}", shell=True, ignore_status=True
Severity: Minor
Found in avocado/utils/pmem.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

            process.system(add_cmd, shell=True, sudo=True)
Severity: Minor
Found in avocado/utils/software_manager/backends/apt.py by bandit
Severity
Category
Status
Source
Language