Sign upLogin

avocado-framework/avocado

View on GitHub
Star

Showing 885 of 902 total issues

Function call with shell=True parameter identified, possible security issue.
Open

    if process.system(cmd, shell=True, ignore_status=True):
Severity: Minor
Found in avocado/utils/nvme.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

    if not process.run(cmd, shell=True, ignore_status=True):
Severity: Minor
Found in avocado/utils/nvme.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

        if process.system(cmd, shell=True, ignore_status=True):
Severity: Minor
Found in avocado/utils/pmem.py by bandit

subprocess call with shell=True identified, security issue.
Open

            self._popen = subprocess.Popen(
                cmd,
                stdout=subprocess.PIPE,
                stderr=subprocess.PIPE,
                shell=self.shell,
Severity: Major
Found in avocado/utils/process.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

    cmd_result = run(
        cmd=cmd,
        timeout=timeout,
        verbose=verbose,
        ignore_status=ignore_status,
Severity: Minor
Found in avocado/utils/process.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

        cmd_result = process.run(
            "apt-get -v | head -1", ignore_status=True, verbose=False, shell=True
Severity: Minor
Found in avocado/utils/software_manager/backends/apt.py by bandit

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

assert len(j.result.tests) == 1
Severity: Info
Found in examples/jobs/unix_status_server.py by bandit

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

        column_index = random.randint(0, len(self.data) - 1)
Severity: Info
Found in optional_plugins/varianter_cit/avocado_varianter_cit/Cit.py by bandit

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

        row[column_index] = random.choice(possible_numbers)
Severity: Info
Found in optional_plugins/varianter_cit/avocado_varianter_cit/Cit.py by bandit

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

            row[column_index] = random.choice(possible_numbers)
Severity: Info
Found in optional_plugins/varianter_cit/avocado_varianter_cit/Cit.py by bandit

Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Open

        minidom.parseString(result.stdout_text)
Severity: Minor
Found in selftests/functional/output.py by bandit

Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Open

            dom = minidom.parseString(xml)
Severity: Minor
Found in selftests/functional/plugin/xunit.py by bandit

Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Open

            dom = minidom.parseString(xml)
Severity: Minor
Found in selftests/unit/plugin/xunit.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

    output = process.run(cmd, ignore_status=True, shell=True).stdout_text
Severity: Minor
Found in avocado/utils/pci.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

    output = process.run(cmd, ignore_status=True, shell=True).stdout_text
Severity: Minor
Found in avocado/utils/pci.py by bandit

Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Open

            xunit_doc = xml.dom.minidom.parseString(xml_output)
Severity: Minor
Found in selftests/functional/basic.py by bandit

Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Open

            minidom.parse(xunit_output_path)
Severity: Minor
Found in selftests/functional/output.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

        p = process.SubProcess(cmd="ls -l", sudo=True, shell=True)
Severity: Minor
Found in selftests/unit/utils/process.py by bandit

Probable insecure usage of temp file/directory.
Open

        cleaning_list += list(Path("/var/tmp/").glob(".avocado-*"))
Severity: Minor
Found in setup.py by bandit

Probable insecure usage of temp file/directory.
Open

        if os.path.exists("/var/tmp"):
Severity: Minor
Found in avocado/core/main.py by bandit
Severity
Category
Status
Source
Language