Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate Python Bandit #252

Closed
wants to merge 6 commits into from
Closed

Integrate Python Bandit #252

wants to merge 6 commits into from

Conversation

sbreker
Copy link
Member

@sbreker sbreker commented Apr 20, 2022
edited
Loading

Integrate Bandit for static security scanning of the a3m codebase. Run
using tox.

e.g. make tox ARG=bandit

connected to #44

@sbreker
Integrate Python Bandit
9dbcbd0 
Integrate Bandit for static security scanning of the a3m codebase. Run
using tox.

e.g. make tox ARG=bandit
@codecov-commenter
Copy link

codecov-commenter commented Apr 20, 2022
edited
Loading

Codecov Report

Merging #252 (a379e29) into main (515959f) will increase coverage by 0.01%.
The diff coverage is 36.36%.

@@            Coverage Diff             @@
##             main     #252      +/-   ##
==========================================
+ Coverage   46.59%   46.61%   +0.01%     
==========================================
  Files         107      107              
  Lines        7774     7775       +1     
  Branches     1180     1180              
==========================================
+ Hits         3622     3624       +2     
+ Misses       3973     3972       -1     
  Partials      179      179
Impacted Files Coverage Δ
...lientScripts/check_for_submission_documentation.py 0.00% <0.00%> (ø)
a3m/databaseFunctions.py 60.91% <0.00%> (ø)
a3m/main/models.py 87.22% <0.00%> (ø)
a3m/server/tasks/task.py 62.74% <0.00%> (ø)
a3m/executeOrRunSubProcess.py 41.17% <36.36%> (+0.59%) ⬆️
a3m/client/clientScripts/verify_checksum.py 64.33% <66.66%> (+0.25%) ⬆️
a3m/client/clientScripts/virus_scan.py 76.00% <66.66%> (+0.12%) ⬆️

📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more

@sbreker
Adjust tmp file access permissions
d12aa9e 
Remove execution permission when opening files during the check for
submission documentation and in the server task class.

Refactor executeOrRunSubProcess.py to use the Python tempfile module.
@sbreker sbreker force-pushed the dev/issue-bandit branch 5 times, most recently from 654b313 to 3279992 Compare May 12, 2022 00:06
sbreker added 4 commits May 11, 2022 17:17
@sbreker
Random.uniform() triggering Bandit warning
8f04e07 
Bandit warning B311 is being triggered by the use of random.uniform().
Since this is safe to use for non-security purposes I am flagging with
nosec.

B311: "Standard pseudo-random generators are not suitable for
security/cryptographic purposes."
@sbreker
Use specific error type
d499575 
Update try-catch blocks to react to specific re.error type instead of
all exeception types. This change should cause Bandit error B110
"try_except_pass" to not be triggered in models.py.
@sbreker
Use shlex.split() with subprocess
f954889 
Added call to shlex.split() to tokenize the command args avoiding the
possibily of injecting additional commands with a semicolon.

Ignore B404, B603 warnings regarding the use of subprocess. Use of
subprocess should be reevaluated.
@sbreker
Add .bandit ini file
a379e29 
Add .bandit ini file. Set to skip running Bandit check B410 which
recommends the use of the deprecated defusedxml package.
@sbreker sbreker force-pushed the dev/issue-bandit branch from 3279992 to a379e29 Compare May 12, 2022 01:01
@sbreker sbreker closed this May 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sbreker @codecov-commenter