I reviewed python-tabulate 0.8.6-0ubuntu2 as checked into focal. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
python-tabulate is both a library and command-line utility that pretty-prints
tabular data. It is written in Python and can create tables in a wide variety
of formats.
- CVE History:
None
- Build-Depends?
- dh-python
- python3-all
- python3-nose
- python3-setuptools
- python3-wcwidth
- pre/post inst/rm scripts?
None
- init scripts?
None
- systemd units?
None
- dbus services?
None
- setuid binaries?
None
- binaries in PATH?
/usr/bin/tabulate
- sudo fragments?
None
- polkit files?
None
- udev rules?
None
- unit tests / autopkgtests?
python-tabulate provides a test suite with 83% code coverage. This test suite runs during the build.
- cron jobs?
None
- Build logs:
- Lintian
W: python-tabulate source: ancient-standards-version 3.9.8 (released 2016-04-06) (current is 4.5.0)
- Build Errors
/usr/lib/python3.8/subprocess.py:838: RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used
subprocess.py is used by the test suite
- Processes spawned?
The test suite invokes `python tabulate.py` using the subprocess module. The test suite is run during build and does not get included in the .deb.
- Memory management?
All code is written in python.
- File IO?
- Input and output files are specified by the user.
- It may be possible to provide input that causes tabulate.py or the tabulate() function to crash. Code that calls tabulate() should use try/except to avoid crashes.
- Logging?
None
- Environment variable usage?
None
- Use of privileged functions?
None
- Use of cryptography / random number sources etc?
None
- Use of temp files?
None
- Use of networking?
None
- Use of WebKit?
None
- Use of PolicyKit?
None
- Any significant bandit results?
tabulate.py:1457: B101[bandit]: LOW: Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
- Any significant Coverity results?
Coverity was not run.
In general, the mission of python-tabulate is straight forward: take input, create table. It therefore has a very limited attack surface. The pace of development seems reasonable and, coupled with the test suite that covers 83% of the code, python-tabulate should be fairly maintainable.
Security team ACK for promoting python-tabulate to main.
I reviewed python-tabulate 0.8.6-0ubuntu2 as checked into focal. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
python-tabulate is both a library and command-line utility that pretty-prints
tabular data. It is written in Python and can create tables in a wide variety
of formats.
- CVE History: standards- version 3.9.8 (released 2016-04-06) (current is 4.5.0) python3. 8/subprocess. py:838: RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used
None
- Build-Depends?
- dh-python
- python3-all
- python3-nose
- python3-setuptools
- python3-wcwidth
- pre/post inst/rm scripts?
None
- init scripts?
None
- systemd units?
None
- dbus services?
None
- setuid binaries?
None
- binaries in PATH?
/usr/bin/tabulate
- sudo fragments?
None
- polkit files?
None
- udev rules?
None
- unit tests / autopkgtests?
python-tabulate provides a test suite with 83% code coverage. This test suite runs during the build.
- cron jobs?
None
- Build logs:
- Lintian
W: python-tabulate source: ancient-
- Build Errors
/usr/lib/
subprocess.py is used by the test suite
- Processes spawned?
The test suite invokes `python tabulate.py` using the subprocess module. The test suite is run during build and does not get included in the .deb.
- Memory management?
All code is written in python.
- File IO?
- Input and output files are specified by the user.
- It may be possible to provide input that causes tabulate.py or the tabulate() function to crash. Code that calls tabulate() should use try/except to avoid crashes.
- Logging?
None
- Environment variable usage?
None
- Use of privileged functions?
None
- Use of cryptography / random number sources etc?
None
- Use of temp files?
None
- Use of networking?
None
- Use of WebKit?
None
- Use of PolicyKit?
None
- Any significant bandit results?
tabulate.py:1457: B101[bandit]: LOW: Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
- Any significant Coverity results?
Coverity was not run.
In general, the mission of python-tabulate is straight forward: take input, create table. It therefore has a very limited attack surface. The pace of development seems reasonable and, coupled with the test suite that covers 83% of the code, python-tabulate should be fairly maintainable.
Security team ACK for promoting python-tabulate to main.