datalad/datalad-container

View on GitHub

Showing 28 of 30 total issues

subprocess call - check for execution of untrusted input.
Open

        sp.check_call(["docker", "save", "-o", stream.name, image])

Probable insecure usage of temp file/directory.
Open

    prefix = ["docker", "run",
              # FIXME: The -v/-w settings are convenient for testing, but they
              # should be configurable.
              "-v", "{}:/tmp".format(os.getcwd()),
              "-w", "/tmp",
Severity: Minor
Found in datalad_container/adapters/docker.py by bandit

Try, Except, Pass detected.
Open

        except:
Severity: Info
Found in docs/source/conf.py by bandit

subprocess call - check for execution of untrusted input.
Open

        p = sp.Popen(cmd, stdin=sp.PIPE, stdout=sp.PIPE, stderr=sp.PIPE)

Starting a process with a shell, possible injection detected, security issue.
Open

                os.system(
                    '{} build_{} --cmdsuite {} --manpath {} --rstpath {}'.format(
                        setup_py_path,
                        cmd,
                        'datalad_container:command_suite',
Severity: Major
Found in docs/source/conf.py by bandit

Consider possible security implications associated with subprocess module.
Open

import subprocess

subprocess call - check for execution of untrusted input.
Open

        data = subprocess.run(
            [command, "inspect", "--json", path],
            check=True,
            stdout=subprocess.PIPE).stdout.decode()

Starting a process with a partial executable path
Open

    out = sp.check_output(
        ["docker", "images", "--all", "--quiet", "--no-trunc"])
Severity
Category
Status
Source
Language