Showing 885 of 902 total issues
Function call with shell=True parameter identified, possible security issue. Open
Open
if process.system(cmd, shell=True, ignore_status=True):
- Exclude checks
Function call with shell=True parameter identified, possible security issue. Open
Open
if not process.run(cmd, shell=True, ignore_status=True):
- Exclude checks
Function call with shell=True parameter identified, possible security issue. Open
Open
if process.system(cmd, shell=True, ignore_status=True):
- Exclude checks
subprocess call with shell=True identified, security issue. Open
Open
self._popen = subprocess.Popen(
cmd,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
shell=self.shell,
- Exclude checks
Function call with shell=True parameter identified, possible security issue. Open
Open
cmd_result = run(
cmd=cmd,
timeout=timeout,
verbose=verbose,
ignore_status=ignore_status,
- Exclude checks
Function call with shell=True parameter identified, possible security issue. Open
Open
cmd_result = process.run(
"apt-get -v | head -1", ignore_status=True, verbose=False, shell=True
- Exclude checks
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open
Open
assert len(j.result.tests) == 1
- Exclude checks
Standard pseudo-random generators are not suitable for security/cryptographic purposes. Open
Open
column_index = random.randint(0, len(self.data) - 1)
- Exclude checks
Standard pseudo-random generators are not suitable for security/cryptographic purposes. Open
Open
row[column_index] = random.choice(possible_numbers)
- Exclude checks
Standard pseudo-random generators are not suitable for security/cryptographic purposes. Open
Open
row[column_index] = random.choice(possible_numbers)
- Exclude checks
Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Open
Open
minidom.parseString(result.stdout_text)
- Exclude checks
Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Open
Open
dom = minidom.parseString(xml)
- Exclude checks
Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Open
Open
dom = minidom.parseString(xml)
- Exclude checks
Function call with shell=True parameter identified, possible security issue. Open
Open
output = process.run(cmd, ignore_status=True, shell=True).stdout_text
- Exclude checks
Function call with shell=True parameter identified, possible security issue. Open
Open
output = process.run(cmd, ignore_status=True, shell=True).stdout_text
- Exclude checks
Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Open
Open
xunit_doc = xml.dom.minidom.parseString(xml_output)
- Exclude checks
Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Open
Open
minidom.parse(xunit_output_path)
- Exclude checks
Function call with shell=True parameter identified, possible security issue. Open
Open
p = process.SubProcess(cmd="ls -l", sudo=True, shell=True)
- Exclude checks
Probable insecure usage of temp file/directory. Open
Open
cleaning_list += list(Path("/var/tmp/").glob(".avocado-*"))
- Exclude checks
Probable insecure usage of temp file/directory. Open
Open
if os.path.exists("/var/tmp"):
- Exclude checks