Showing 885 of 902 total issues
Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Open
Open
xunit_doc = xml.dom.minidom.parse(xml_output)
- Exclude checks
Function call with shell=True parameter identified, possible security issue. Open
Open
process.system("modinfo scsi_debug", shell=True, ignore_status=True),
- Exclude checks
Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Open
Open
minidom.parse(tmpfile)
- Exclude checks
Probable insecure usage of temp file/directory. Open
Open
to = os.path.join("/tmp/", os.path.basename(path))
- Exclude checks
subprocess call - check for execution of untrusted input. Open
Open
proc = subprocess.run(
[zstd_cmd, "-d", path, "-o", output_path],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
check=False,
- Exclude checks
Function call with shell=True parameter identified, possible security issue. Open
Open
out = process.run(cmd, timeout=30, ignore_status=True, verbose=False, shell=True)
- Exclude checks
Function call with shell=True parameter identified, possible security issue. Open
Open
process.run(" ".join(cmd), shell=True)
- Exclude checks
Function call with shell=True parameter identified, possible security issue. Open
Open
process.run(f"dpkg -i {self.work_dir}/*.deb", shell=True, sudo=True)
- Exclude checks
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open
Open
assert os_version > version, "Old kernel"
- Exclude checks
Function call with shell=True parameter identified, possible security issue. Open
Open
process.run(cmd, shell=True, ignore_status=True)
- Exclude checks
Function call with shell=True parameter identified, possible security issue. Open
Open
cmd_result = process.run("rpm -qa | sort", verbose=False, shell=True)
- Exclude checks
Function call with shell=True parameter identified, possible security issue. Open
Open
if process.system(cmd, ignore_status=True, shell=True) != 0:
- Exclude checks
subprocess call - check for execution of untrusted input. Open
Open
self.daemon_process = subprocess.Popen(
shlex.split(self.cmd),
stdin=stdin,
stdout=stdout,
stderr=subprocess.STDOUT,
- Exclude checks
Standard pseudo-random generators are not suitable for security/cryptographic purposes. Open
Open
delete_row = matrix.pop(random.randint(0, len(matrix) - 1))
- Exclude checks
Use of insecure MD2, MD4, MD5, or SHA1 hash function. Open
Open
base_id + "-" + hashlib.sha1(base_id.encode()).hexdigest()[:4]
- Exclude checks
Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Open
Open
import xml.dom.minidom
- Exclude checks
Function call with shell=True parameter identified, possible security issue. Open
Open
if process.system(
f"{self.ndctl} create-namespace {args}", shell=True, ignore_status=True
- Exclude checks
Consider possible security implications associated with subprocess module. Open
Open
import subprocess
- Exclude checks
Function call with shell=True parameter identified, possible security issue. Open
Open
return getstatusoutput(
cmd=cmd,
timeout=timeout,
verbose=verbose,
ignore_status=ignore_status,
- Exclude checks
subprocess call - check for execution of untrusted input. Open
Open
proc = subprocess.Popen(
cmd.split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT
- Exclude checks