Sign upLogin

avocado-framework/avocado

View on GitHub
Star

Showing 885 of 902 total issues

Starting a process with a partial executable path
Open

    return os.system("perl -e 'use TAP::Parser;'") != 0
Severity: Info
Found in selftests/functional/output.py by bandit

Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Open

from xml.dom import minidom
Severity: Info
Found in selftests/unit/plugin/xunit.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

        p = process.run(cmd="ls -l", sudo=True, shell=True, ignore_status=True)
Severity: Minor
Found in selftests/unit/utils/process.py by bandit

Probable insecure usage of temp file/directory.
Open

        output_podman_path = "/tmp/.avocado_task_output_dir"
Severity: Minor
Found in avocado/plugins/spawners/podman.py by bandit

Consider possible security implications associated with subprocess module.
Open

import subprocess
Severity: Info
Found in avocado/utils/archive.py by bandit

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

        assert sym is not None
        #
        #  Compute \epsilon-kernel state's core and see if
        #  it exists already.
        #
Severity: Info
Found in avocado/utils/external/spark.py by bandit

subprocess call - check for execution of untrusted input.
Open

            self.process = subprocess.Popen(
                args,
                stdin=subprocess.PIPE,
                stdout=self.stdout,
                stderr=self.stderr,
Severity: Info
Found in avocado/utils/gdb.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

        mpaths = process.run(cmd, ignore_status=True, sudo=True, shell=True).stdout_text
Severity: Minor
Found in avocado/utils/multipath.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

        wwids = process.run(cmd, ignore_status=True, sudo=True, shell=True).stdout_text
Severity: Minor
Found in avocado/utils/multipath.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

    data = process.run(cmd, ignore_status=True, sudo=True, shell=True).stdout_text
Severity: Minor
Found in avocado/utils/nvme.py by bandit

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

        assert maximum > minimum
Severity: Info
Found in avocado/utils/output.py by bandit

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Open

                        row[index] = random.randint(0, self.data[index] - 1)
Severity: Info
Found in optional_plugins/varianter_cit/avocado_varianter_cit/Cit.py by bandit

subprocess call - check for execution of untrusted input.
Open

        proc = subprocess.Popen(
            cmd.split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT
Severity: Info
Found in selftests/functional/interrupt.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

        result = process.run(cmd_line, ignore_status=True, shell=True)
Severity: Minor
Found in selftests/functional/output.py by bandit

Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Open

            dom = minidom.parseString(xml)
Severity: Minor
Found in selftests/functional/plugin/xunit.py by bandit

subprocess call - check for execution of untrusted input.
Open

        run([sys.executable, "setup.py"] + action, cwd=parent_dir, check=True)
Severity: Info
Found in setup.py by bandit

Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
Open

        result = urlopen(url, data=data, timeout=timeout)
Severity: Minor
Found in avocado/utils/download.py by bandit

Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
Open

        input_file = urlopen(url)
Severity: Minor
Found in avocado/utils/download.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

    out = process.run(cmd, ignore_status=True, sudo=True, shell=True).stdout_text
Severity: Minor
Found in avocado/utils/nvme.py by bandit

Function call with shell=True parameter identified, possible security issue.
Open

    output = process.run(cmd, ignore_status=True, shell=True).stdout_text
Severity: Minor
Found in avocado/utils/pci.py by bandit
Severity
Category
Status
Source
Language