test repo: Bandit code scan report of high severity security vulnerabilit
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Triaged
|
Low
|
Unassigned |
Bug Description
>> Issue: [B401:blacklist] A telnet-related module is being imported. Telnet is considered insecure. Use SSH or some other encrypted protocol.
Severity: High Confidence: High
Location: ./test/
More Info: https:/
import time
from telnetlib import Telnet, theNULL, DO, DONT, WILL, WONT, NOOPT, IAC, \
SGA, ECHO, SE, SB
from consts.auth import HostLinuxUser
-------
>> Issue: [B605:start_
Severity: High Confidence: High
Location: ./test/
More Info: https:/
-------
>> Issue: [B602:subproces
Severity: High Confidence: High
Location: ./test/
More Info: https:/
proc = subprocess.Popen(
command, stdout=
output, error = proc.communicate()
output = output.strip() if output else output
The priority of addressing bandit findings need to be discussed with the TSC. At this time, this work is unplanned.