StarlingX

oidc-auth-armada-app repo: Bandit code scan report of high severity security vulnerability

Bug #1875559 reported by sharath kumar on 2020-04-28

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Triaged	Low	Unassigned

Bug Description

Issue: [B605:start_process_with_a_shell] Starting a process with a shell, possible injection detected, security issue.
   Severity: High Confidence: High
   Location: ./oidc-auth-armada-app/oidc-auth-tools/oidcauthtools/oidcauthtools/oidc_auth.py:113
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b605_start_process_with_a_shell.html
     import os
     result = os.system(updateCredsCmd)

Tags:

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2020-05-09:

The priority of addressing bandit findings need to be discussed with the TSC. At this time, this work is unplanned.

tags:	added: stx.tools
Changed in starlingx:
status:	New → Triaged
importance:	Undecided → Low

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.