Issues - avocado-framework/avocado

Function call with shell=True parameter identified, possible security issue.
Open

    return process.run(cmd, shell=True).stdout_text

Found in optional_plugins/varianter_pict/avocado_varianter_pict/varianter_pict.py by bandit

Exclude checks
- Disable engine
- Disable check

Function call with shell=True parameter identified, possible security issue.
Open

    output = process.run(cmd, ignore_status=True, shell=True).stdout_text

Found in avocado/utils/pci.py by bandit

Exclude checks
- Disable engine
- Disable check

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

            line = "".join(random.choice(string.ascii_letters + string.digits + "\n"))

Found in selftests/unit/utils/genio.py by bandit

Exclude checks
- Disable engine
- Disable check

Function call with shell=True parameter identified, possible security issue.
Open

        if process.system(cmd, shell=True, ignore_status=True):

Found in avocado/utils/pmem.py by bandit

Exclude checks
- Disable engine
- Disable check

Consider possible security implications associated with CalledProcessError module.
Open

from subprocess import CalledProcessError, run

Found in setup.py by bandit

Exclude checks
- Disable engine
- Disable check

subprocess call - check for execution of untrusted input.
Open

        run([sys.executable, "setup.py"] + action, cwd=parent_dir, check=True)

Found in setup.py by bandit

Exclude checks
- Disable engine
- Disable check

Function call with shell=True parameter identified, possible security issue.
Open

        if process.system(
            f"{self.ndctl} disable-region {name}", shell=True, ignore_status=True

Found in avocado/utils/pmem.py by bandit

Exclude checks
- Disable engine
- Disable check

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

        combination_index = random.randint(0, len(possible_combinations) - 1)

Found in optional_plugins/varianter_cit/avocado_varianter_cit/Cit.py by bandit

Exclude checks
- Disable engine
- Disable check

Consider possible security implications associated with subprocess module.
Open

import subprocess

Found in selftests/functional/interrupt.py by bandit

Exclude checks
- Disable engine
- Disable check

Try, Except, Pass detected.
Open

        except Exception:

Found in selftests/unit/utils/cloudinit.py by bandit

Exclude checks
- Disable engine
- Disable check

Possible hardcoded password: 'PASSWORD'
Open

        session = ssh.Session("hostname", user="user", password="PASSWORD")

Found in selftests/unit/utils/ssh.py by bandit

Exclude checks
- Disable engine
- Disable check

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

        assert self.tmpdir is not None, "Job.setup() not called"

Found in avocado/core/job.py by bandit

Exclude checks
- Disable engine
- Disable check

Probable insecure usage of temp file/directory.
Open

        output_lxc_path = "/tmp/.avocado_task_output_dir"

Found in avocado/plugins/spawners/lxc.py by bandit

Exclude checks
- Disable engine
- Disable check

Consider possible security implications associated with subprocess module.
Open

import subprocess

Found in avocado/plugins/spawners/podman.py by bandit

Exclude checks
- Disable engine
- Disable check

subprocess call - check for execution of untrusted input.
Open

        process = subprocess.Popen(
            cmd,
            stdin=subprocess.DEVNULL,
            stdout=subprocess.PIPE,
            stderr=subprocess.DEVNULL,

Found in avocado/plugins/spawners/podman.py by bandit

Exclude checks
- Disable engine
- Disable check

Probable insecure usage of temp file/directory.
Open

                        to = os.path.join("/tmp", asset)

Found in avocado/plugins/spawners/podman.py by bandit

Exclude checks
- Disable engine
- Disable check

Try, Except, Pass detected.
Open

            except Exception:  # pylint: disable=W0703

Found in avocado/plugins/teststmpdir.py by bandit

Exclude checks
- Disable engine
- Disable check

Function call with shell=True parameter identified, possible security issue.
Open

    status = process.system(
        cmd, timeout=30, ignore_status=True, verbose=False, shell=True, sudo=True

Found in avocado/utils/dmesg.py by bandit

Exclude checks
- Disable engine
- Disable check

Use of possibly insecure function - consider using safer ast.literal_eval.
Open

            if eval(f"{_} {chunk_sizes}")

Found in avocado/utils/memory.py by bandit

Exclude checks
- Disable engine
- Disable check

Function call with shell=True parameter identified, possible security issue.
Open

    out = process.run(cmd, ignore_status=True, sudo=True, shell=True).stdout_text

Found in avocado/utils/nvme.py by bandit

Exclude checks
- Disable engine
- Disable check

avocado-framework/avocado

Showing 884 of 901 total issues

Function call with shell=True parameter identified, possible security issue.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Consider possible security implications associated with CalledProcessError module.
Open

subprocess call - check for execution of untrusted input.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

Consider possible security implications associated with subprocess module.
Open

Try, Except, Pass detected.
Open

Possible hardcoded password: 'PASSWORD'
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Probable insecure usage of temp file/directory.
Open

Consider possible security implications associated with subprocess module.
Open

subprocess call - check for execution of untrusted input.
Open

Probable insecure usage of temp file/directory.
Open

Try, Except, Pass detected.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Use of possibly insecure function - consider using safer ast.literal_eval.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Severity

Category

Status

Source

Language

avocado-framework/avocado

Showing 884 of 901 total issues

Function call with shell=True parameter identified, possible security issue. Open

Function call with shell=True parameter identified, possible security issue. Open

Standard pseudo-random generators are not suitable for security/cryptographic purposes. Open

Function call with shell=True parameter identified, possible security issue. Open

Consider possible security implications associated with CalledProcessError module. Open

subprocess call - check for execution of untrusted input. Open

Function call with shell=True parameter identified, possible security issue. Open

Standard pseudo-random generators are not suitable for security/cryptographic purposes. Open

Consider possible security implications associated with subprocess module. Open

Try, Except, Pass detected. Open

Possible hardcoded password: 'PASSWORD' Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open

Probable insecure usage of temp file/directory. Open

Consider possible security implications associated with subprocess module. Open

subprocess call - check for execution of untrusted input. Open

Probable insecure usage of temp file/directory. Open

Try, Except, Pass detected. Open

Function call with shell=True parameter identified, possible security issue. Open

Use of possibly insecure function - consider using safer ast.literal_eval. Open

Function call with shell=True parameter identified, possible security issue. Open

Severity

Category

Status

Source

Language

Function call with shell=True parameter identified, possible security issue.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Consider possible security implications associated with CalledProcessError module.
Open

subprocess call - check for execution of untrusted input.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

Consider possible security implications associated with subprocess module.
Open

Try, Except, Pass detected.
Open

Possible hardcoded password: 'PASSWORD'
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Probable insecure usage of temp file/directory.
Open

Consider possible security implications associated with subprocess module.
Open

subprocess call - check for execution of untrusted input.
Open

Probable insecure usage of temp file/directory.
Open

Try, Except, Pass detected.
Open

Function call with shell=True parameter identified, possible security issue.
Open

Use of possibly insecure function - consider using safer ast.literal_eval.
Open

Function call with shell=True parameter identified, possible security issue.
Open