Sign upLogin

avocado-framework/avocado

View on GitHub
Star

Showing 885 of 902 total issues

Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Open

            xunit_doc = xml.dom.minidom.parse(xml_output)
Severity: Minor
Found in selftests/functional/job_timeout.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

        process.system("modinfo scsi_debug", shell=True, ignore_status=True),
Severity: Minor
Found in selftests/functional/lv_utils.py by bandit

Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Open

        minidom.parse(tmpfile)
Severity: Minor
Found in selftests/functional/output.py by bandit

Probable insecure usage of temp file/directory.
Open

            to = os.path.join("/tmp/", os.path.basename(path))
Severity: Minor
Found in avocado/plugins/spawners/podman.py by bandit

subprocess call - check for execution of untrusted input.
Open

    proc = subprocess.run(
        [zstd_cmd, "-d", path, "-o", output_path],
        stdout=subprocess.PIPE,
        stderr=subprocess.PIPE,
        check=False,
Severity: Info
Found in avocado/utils/archive.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

    out = process.run(cmd, timeout=30, ignore_status=True, verbose=False, shell=True)
Severity: Minor
Found in avocado/utils/dmesg.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

                process.run(" ".join(cmd), shell=True)
Severity: Minor
Found in avocado/utils/kernel.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

            process.run(f"dpkg -i {self.work_dir}/*.deb", shell=True, sudo=True)
Severity: Minor
Found in avocado/utils/kernel.py by bandit

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

    assert os_version > version, "Old kernel"
Severity: Info
Found in avocado/utils/kernel.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

        process.run(cmd, shell=True, ignore_status=True)
Severity: Minor
Found in avocado/utils/nvme.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

            cmd_result = process.run("rpm -qa | sort", verbose=False, shell=True)
Severity: Minor
Found in avocado/utils/software_manager/backends/rpm.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

        if process.system(cmd, ignore_status=True, shell=True) != 0:
Severity: Minor
Found in avocado/utils/softwareraid.py by bandit

subprocess call - check for execution of untrusted input.
Open

            self.daemon_process = subprocess.Popen(
                shlex.split(self.cmd),
                stdin=stdin,
                stdout=stdout,
                stderr=subprocess.STDOUT,
Severity: Info
Found in avocado/utils/sysinfo.py by bandit

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

                delete_row = matrix.pop(random.randint(0, len(matrix) - 1))
Severity: Info
Found in optional_plugins/varianter_cit/avocado_varianter_cit/Cit.py by bandit

Use of insecure MD2, MD4, MD5, or SHA1 hash function.
Open

                base_id + "-" + hashlib.sha1(base_id.encode()).hexdigest()[:4]
Severity: Minor
Found in optional_plugins/varianter_pict/avocado_varianter_pict/varianter_pict.py by bandit

Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Open

import xml.dom.minidom
Severity: Info
Found in selftests/functional/job_timeout.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

        if process.system(
            f"{self.ndctl} create-namespace {args}", shell=True, ignore_status=True
Severity: Minor
Found in avocado/utils/pmem.py by bandit

Consider possible security implications associated with subprocess module.
Open

import subprocess
Severity: Info
Found in avocado/utils/podman.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

    return getstatusoutput(
        cmd=cmd,
        timeout=timeout,
        verbose=verbose,
        ignore_status=ignore_status,
Severity: Minor
Found in avocado/utils/process.py by bandit

subprocess call - check for execution of untrusted input.
Open

        proc = subprocess.Popen(
            cmd.split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT
Severity: Info
Found in selftests/functional/interrupt.py by bandit
Severity
Category
Status
Source
Language