update repo: Bandit code scan report of high severity security vulnerability
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Triaged
|
Low
|
Unassigned |
Bug Description
>> Issue: [B602:subproces
Severity: High Confidence: High
Location: ./update/
More Info: https:/
print("CMD: %s" % cmd)
rc = subprocess.
if rc != 0:
-------
>> Issue: [B602:subproces
Severity: High Confidence: High
Location: ./update/
More Info: https:/
print("CMD: %s" % cmd)
rc = subprocess.
if rc != 0:
-------
>> Issue: [B602:subproces
Severity: High Confidence: High
Location: ./update/
More Info: https:/
print("CMD: %s" % cmd)
rc = subprocess.
return rc
-------
>> Issue: [B602:subproces
Severity: High Confidence: High
Location: ./update/
More Info: https:/
try:
result = subprocess.
-------
>> Issue: [B413:blacklist] The pyCrypto library and its module PKCS1_PSS are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
Severity: High Confidence: High
Location: ./update/
More Info: https:/
import os
from Crypto.Signature import PKCS1_PSS
from Crypto.Hash import SHA256
-------
>> Issue: [B413:blacklist] The pyCrypto library and its module SHA256 are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
Severity: High Confidence: High
Location: ./update/
More Info: https:/
from Crypto.Signature import PKCS1_PSS
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA # pylint: disable=
-------
>> Issue: [B413:blacklist] The pyCrypto library and its module RSA are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
Severity: High Confidence: High
Location: ./update/
More Info: https:/
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA # pylint: disable=
from Crypto.Util.asn1 import DerSequence # pylint: disable=
-------
>> Issue: [B413:blacklist] The pyCrypto library and its module DerSequence are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
Severity: High Confidence: High
Location: ./update/
More Info: https:/
from Crypto.PublicKey import RSA # pylint: disable=
from Crypto.Util.asn1 import DerSequence # pylint: disable=
from binascii import a2b_base64 # pylint: disable=
-------
>> Issue: [B413:blacklist] The pyCrypto library and its module PKCS1_v1_5 are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
Severity: High Confidence: High
Location: ./update/
More Info: https:/
from Crypto.Signature import PKCS1_v1_5
from Crypto.Signature import PKCS1_PSS
-------
>> Issue: [B413:blacklist] The pyCrypto library and its module PKCS1_PSS are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
Severity: High Confidence: High
Location: ./update/
More Info: https:/
from Crypto.Signature import PKCS1_v1_5
from Crypto.Signature import PKCS1_PSS
from Crypto.Hash import SHA256
-------
>> Issue: [B413:blacklist] The pyCrypto library and its module SHA256 are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
Severity: High Confidence: High
Location: ./update/
More Info: https:/
from Crypto.Signature import PKCS1_PSS
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
-------
>> Issue: [B413:blacklist] The pyCrypto library and its module RSA are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
Severity: High Confidence: High
Location: ./update/
More Info: https:/
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
from Crypto.Util.asn1 import DerSequence
-------
>> Issue: [B413:blacklist] The pyCrypto library and its module DerSequence are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
Severity: High Confidence: High
Location: ./update/
More Info: https:/
from Crypto.PublicKey import RSA
from Crypto.Util.asn1 import DerSequence
from binascii import a2b_base64
The priority of addressing bandit findings need to be discussed with the TSC. At this time, this work is unplanned.