StarlingX

ha repo: Bandit code scan report of high severity security vulnerability

Bug #1875554 reported by sharath kumar on 2020-04-28

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Triaged	Low	Unassigned

Bug Description

Issue: [B411:blacklist] Using xmlrpclib to parse untrusted XML data is known to be vulnerable to XML attacks. Use defused.xmlrpc.monkey_patch() function to monkey-patch xmlrpclib and mitigate XML vulnerabilities.
   Severity: High Confidence: High
   Location: ./ha/service-mgmt-api/sm-api/sm_api/openstack/common/jsonutils.py:45
   More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b411-import-xmlrpclib
import json
import xmlrpclib

import six

Tags:

sharath kumar (sharathshetty) on 2020-04-28

tags:

added: stx.security

sharath kumar (sharathshetty) on 2020-04-28

summary:

- HA repo: Bandit code scan report of high severity security
+ ha repo: Bandit code scan report of high severity security
vulnerability

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2020-05-09:

The priority of addressing bandit findings need to be discussed with the TSC. At this time, this work is unplanned.

Changed in starlingx:
status:	New → Triaged
importance:	Undecided → Low
tags:	added: stx.tools

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.