Issues - avocado-framework/avocado

Probable insecure usage of temp file/directory.
Open

        if os.path.exists("/var/tmp"):

Found in avocado/core/main.py by bandit

Exclude checks
- Disable engine
- Disable check

Starting a process with a shell, possible injection detected, security issue.
Open

        self.pipe = os.popen(paginator, "w")

Found in avocado/core/output.py by bandit

Exclude checks
- Disable engine
- Disable check

Try, Except, Pass detected.
Open

            except Exception:  # pylint: disable=W0703

Found in avocado/plugins/teststmpdir.py by bandit

Exclude checks
- Disable engine
- Disable check

subprocess call - check for execution of untrusted input.
Open

            self.process = subprocess.Popen(
                args,
                stdin=subprocess.PIPE,
                stdout=subprocess.PIPE,
                stderr=subprocess.PIPE,

Found in avocado/utils/gdb.py by bandit

Exclude checks
- Disable engine
- Disable check

Function call with shell=True parameter identified, possible security issue.
Open

    wwids = process.run(cmd, ignore_status=True, sudo=True, shell=True).stdout_text

Found in avocado/utils/multipath.py by bandit

Exclude checks
- Disable engine
- Disable check

Probable insecure usage of temp file/directory.
Open

            os.environ["TMP"] = "/var/tmp"

Found in avocado/core/main.py by bandit

Exclude checks
- Disable engine
- Disable check

Function call with shell=True parameter identified, possible security issue.
Open

        wwids = process.run(cmd, ignore_status=True, sudo=True, shell=True).stdout_text

Found in avocado/utils/multipath.py by bandit

Exclude checks
- Disable engine
- Disable check

Function call with shell=True parameter identified, possible security issue.
Open

    output = process.run(cmd, ignore_status=True, shell=True).stdout_text

Found in avocado/utils/pci.py by bandit

Exclude checks
- Disable engine
- Disable check

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

    return random.choice(choices)

Found in contrib/scripts/task-state-machine.py by bandit

Exclude checks
- Disable engine
- Disable check

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

        combination_parameters_index = random.randint(0, len(possible_parameters) - 1)

Found in optional_plugins/varianter_cit/avocado_varianter_cit/Cit.py by bandit

Exclude checks
- Disable engine
- Disable check

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

            column_index = random.randint(0, len(row) - 1)

Found in optional_plugins/varianter_cit/avocado_varianter_cit/Cit.py by bandit

Exclude checks
- Disable engine
- Disable check

subprocess call - check for execution of untrusted input.
Open

        proc = subprocess.Popen(
            cmd.split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT

Found in selftests/functional/interrupt.py by bandit

Exclude checks
- Disable engine
- Disable check

Try, Except, Pass detected.
Open

        except Exception:

Found in selftests/unit/utils/cloudinit.py by bandit

Exclude checks
- Disable engine
- Disable check

Function call with shell=True parameter identified, possible security issue.
Open

            interface_type = process.system_output(
                cmd, shell=True, ignore_status=True

Found in avocado/utils/network/interfaces.py by bandit

Exclude checks
- Disable engine
- Disable check

Function call with shell=True parameter identified, possible security issue.
Open

    output = process.run(cmd, shell=True, sudo=True, ignore_status=True).stdout_text

Found in avocado/utils/nvme.py by bandit

Exclude checks
- Disable engine
- Disable check

Function call with shell=True parameter identified, possible security issue.
Open

    if process.system(cmd, shell=True, ignore_status=True):

Found in avocado/utils/nvme.py by bandit

Exclude checks
- Disable engine
- Disable check

Function call with shell=True parameter identified, possible security issue.
Open

        process.run(cmd, shell=True, ignore_status=True)

Found in avocado/utils/nvme.py by bandit

Exclude checks
- Disable engine
- Disable check

Use of insecure MD2, MD4, MD5, or SHA1 hash function.
Open

        device_hash = hashlib.sha1(self.device.encode("utf-8")).hexdigest()

Found in avocado/utils/partition.py by bandit

Exclude checks
- Disable engine
- Disable check

Function call with shell=True parameter identified, possible security issue.
Open

    output = process.run(cmd, ignore_status=True, shell=True).stdout_text

Found in avocado/utils/pci.py by bandit

Exclude checks
- Disable engine
- Disable check

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

    assert total_time >= 10

    # check of timeout enforcement

Found in examples/apis/utils/ssh_timeout.py by bandit

Exclude checks
- Disable engine
- Disable check

avocado-framework/avocado

Showing 885 of 902 total issues

Probable insecure usage of temp file/directory.
Open

Starting a process with a shell, possible injection detected, security issue.
Open

Try, Except, Pass detected.
Open

subprocess call - check for execution of untrusted input.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Probable insecure usage of temp file/directory.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

subprocess call - check for execution of untrusted input.
Open

Try, Except, Pass detected.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Use of insecure MD2, MD4, MD5, or SHA1 hash function.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Severity

Category

Status

Source

Language

avocado-framework/avocado

Showing 885 of 902 total issues

Probable insecure usage of temp file/directory. Open

Starting a process with a shell, possible injection detected, security issue. Open

Try, Except, Pass detected. Open

subprocess call - check for execution of untrusted input. Open

Function call with shell=True parameter identified, possible security issue. Open

Probable insecure usage of temp file/directory. Open

Function call with shell=True parameter identified, possible security issue. Open

Function call with shell=True parameter identified, possible security issue. Open

Standard pseudo-random generators are not suitable for security/cryptographic purposes. Open

Standard pseudo-random generators are not suitable for security/cryptographic purposes. Open

Standard pseudo-random generators are not suitable for security/cryptographic purposes. Open

subprocess call - check for execution of untrusted input. Open

Try, Except, Pass detected. Open

Function call with shell=True parameter identified, possible security issue. Open

Function call with shell=True parameter identified, possible security issue. Open

Function call with shell=True parameter identified, possible security issue. Open

Function call with shell=True parameter identified, possible security issue. Open

Use of insecure MD2, MD4, MD5, or SHA1 hash function. Open

Function call with shell=True parameter identified, possible security issue. Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open

Severity

Category

Status

Source

Language

Probable insecure usage of temp file/directory.
Open

Starting a process with a shell, possible injection detected, security issue.
Open

Try, Except, Pass detected.
Open

subprocess call - check for execution of untrusted input.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Probable insecure usage of temp file/directory.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

subprocess call - check for execution of untrusted input.
Open

Try, Except, Pass detected.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Use of insecure MD2, MD4, MD5, or SHA1 hash function.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open