API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 18th, 2014
279
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.65 KB | None | 0 0
raw download clone embed print report
  1. >> Possible SQL injection vector through string-based query construction, without SQLALCHEMY use
  2. - ./../OpenStack_projects/cinder/cinder/api/xmlutil.py::75
  3. 75 """
  4. >> Consider possible security implications associated with subprocess module.
  5. - ./../OpenStack_projects/cinder/cinder/backup/drivers/ceph.py::48
  6. 48 import subprocess
  7. >> Use of possibly insecure system call function (subprocess.Popen).
  8. - ./../OpenStack_projects/cinder/cinder/backup/drivers/ceph.py::491
  9. 491 p1 = subprocess.Popen(cmd1, stdout=subprocess.PIPE,
  10. >> Use of possibly insecure system call function (subprocess.Popen).
  11. - ./../OpenStack_projects/cinder/cinder/backup/drivers/ceph.py::504
  12. 504 p2 = subprocess.Popen(cmd2, stdin=p1.stdout,
  13. >> Use of insecure MD5 hash function.
  14. - ./../OpenStack_projects/cinder/cinder/backup/drivers/swift.py::236
  15. 236 md5 = hashlib.md5(metadata_json).hexdigest()
  16. >> Use of insecure MD5 hash function.
  17. - ./../OpenStack_projects/cinder/cinder/backup/drivers/swift.py::329
  18. 329 md5 = hashlib.md5(data).hexdigest()
  19. >> Use of insecure MD5 hash function.
  20. - ./../OpenStack_projects/cinder/cinder/brick/remotefs/remotefs.py::63
  21. 63 return hashlib.md5(base_str).hexdigest()
  22. >> Random library should not be used for any security or cryptographic purposes
  23. - ./../OpenStack_projects/cinder/cinder/image/glance.py::24
  24. 24 import random
  25. >> Use of random is not suitable for security/cryptographic purposes.
  26. - ./../OpenStack_projects/cinder/cinder/image/glance.py::112
  27. 112 random.shuffle(api_servers)
  28. >> Random library should not be used for any security or cryptographic purposes
  29. - ./../OpenStack_projects/cinder/cinder/openstack/common/periodic_task.py::14
  30. 14 import random
  31. >> Use of random is not suitable for security/cryptographic purposes.
  32. - ./../OpenStack_projects/cinder/cinder/openstack/common/periodic_task.py::163
  33. 163 jitter = int(spacing * (random.random() / 20))
  34. >> Random library should not be used for any security or cryptographic purposes
  35. - ./../OpenStack_projects/cinder/cinder/openstack/common/processutils.py::24
  36. 24 import random
  37. >> Use of possibly insecure system call function (subprocess.Popen).
  38. - ./../OpenStack_projects/cinder/cinder/openstack/common/processutils.py::168
  39. 168 obj = subprocess.Popen(cmd,
  40. >> Use of random is not suitable for security/cryptographic purposes.
  41. - ./../OpenStack_projects/cinder/cinder/openstack/common/processutils.py::208
  42. 208 greenthread.sleep(random.randint(20, 200) / 100.0)
  43. >> Random library should not be used for any security or cryptographic purposes
  44. - ./../OpenStack_projects/cinder/cinder/openstack/common/service.py::23
  45. 23 import random
  46. >> Use of random is not suitable for security/cryptographic purposes.
  47. - ./../OpenStack_projects/cinder/cinder/openstack/common/service.py::295
  48. 295 random.seed()
  49. >> Random library should not be used for any security or cryptographic purposes
  50. - ./../OpenStack_projects/cinder/cinder/scheduler/weights/chance.py::21
  51. 21 import random
  52. >> Use of random is not suitable for security/cryptographic purposes.
  53. - ./../OpenStack_projects/cinder/cinder/scheduler/weights/chance.py::28
  54. 28 return random.random()
  55. >> Random library should not be used for any security or cryptographic purposes
  56. - ./../OpenStack_projects/cinder/cinder/service.py::23
  57. 23 import random
  58. >> Possible binding to all interfaces
  59. - ./../OpenStack_projects/cinder/cinder/service.py::61
  60. 61 default="0.0.0.0",
  61. >> Use of random is not suitable for security/cryptographic purposes.
  62. - ./../OpenStack_projects/cinder/cinder/service.py::168
  63. 168 initial_delay = random.randint(0, self.periodic_fuzzy_delay)
  64. >> Possible binding to all interfaces
  65. - ./../OpenStack_projects/cinder/cinder/service.py::329
  66. 329 self.host = getattr(CONF, '%s_listen' % name, "0.0.0.0")
  67. >> Probable insecure usage of temp file/directory
  68. - ./../OpenStack_projects/cinder/cinder/tests/brick/test_brick_connector.py::601
  69. 601 'device_path': '/tmp/bar'}
  70. >> Random library should not be used for any security or cryptographic purposes
  71. - ./../OpenStack_projects/cinder/cinder/tests/integrated/integrated_helpers.py::20
  72. 20 import random
  73. >> Use of random is not suitable for security/cryptographic purposes.
  74. - ./../OpenStack_projects/cinder/cinder/tests/integrated/integrated_helpers.py::37
  75. 37 return ''.join(random.choice(string.ascii_uppercase + string.digits)
  76. >> Use of random is not suitable for security/cryptographic purposes.
  77. - ./../OpenStack_projects/cinder/cinder/tests/integrated/integrated_helpers.py::43
  78. 43 return ''.join(random.choice(string.digits)
  79. >> Probable insecure usage of temp file/directory
  80. - ./../OpenStack_projects/cinder/cinder/tests/test_db_api.py::272
  81. 272 42, 'invalid-uuid', None, '/tmp')
  82. >> Probable insecure usage of temp file/directory
  83. - ./../OpenStack_projects/cinder/cinder/tests/test_db_api.py::278
  84. 278 instance_uuid, None, '/tmp')
  85. >> Probable insecure usage of temp file/directory
  86. - ./../OpenStack_projects/cinder/cinder/tests/test_db_api.py::281
  87. 281 self.assertEqual(volume['mountpoint'], '/tmp')
  88. >> Probable insecure usage of temp file/directory
  89. - ./../OpenStack_projects/cinder/cinder/tests/test_db_api.py::290
  90. 290 None, host_name, '/tmp')
  91. >> Probable insecure usage of temp file/directory
  92. - ./../OpenStack_projects/cinder/cinder/tests/test_db_api.py::293
  93. 293 self.assertEqual(volume['mountpoint'], '/tmp')
  94. >> Probable insecure usage of temp file/directory
  95. - ./../OpenStack_projects/cinder/cinder/tests/test_db_api.py::323
  96. 323 None, '/tmp')
  97. >> Probable insecure usage of temp file/directory
  98. - ./../OpenStack_projects/cinder/cinder/tests/test_db_api.py::335
  99. 335 None, 'fake_host', '/tmp')
  100. >> Probable insecure usage of temp file/directory
  101. - ./../OpenStack_projects/cinder/cinder/tests/test_glusterfs.py::84
  102. 84 TEST_TMP_FILE = '/tmp/tempfile'
  103. >> Possible binding to all interfaces
  104. - ./../OpenStack_projects/cinder/cinder/tests/test_hitachi_hbsd_snm2_iscsi.py::251
  105. 251 return_value={'ip': '0.0.0.0',
  106. >> Possible binding to all interfaces
  107. - ./../OpenStack_projects/cinder/cinder/tests/test_hitachi_hbsd_snm2_iscsi.py::458
  108. 458 'wwpns': '0x100000', 'ip': '0.0.0.0', 'initiator':
  109. >> Possible binding to all interfaces
  110. - ./../OpenStack_projects/cinder/cinder/tests/test_hitachi_hbsd_snm2_iscsi.py::471
  111. 471 'wwpns': '0x100000', 'ip': '0.0.0.0', 'initiator':
  112. >> Possible binding to all interfaces
  113. - ./../OpenStack_projects/cinder/cinder/tests/test_hitachi_hbsd_snm2_iscsi.py::482
  114. 482 'wwpns': '0x100000', 'ip': '0.0.0.0', 'initiator':
  115. >> Possible binding to all interfaces
  116. - ./../OpenStack_projects/cinder/cinder/tests/test_hitachi_hbsd_snm2_iscsi.py::490
  117. 490 connector = {'ip': '0.0.0.0'}
  118. >> Consider possible security implications associated with subprocess module.
  119. - ./../OpenStack_projects/cinder/cinder/tests/test_migrations.py::27
  120. 27 import subprocess
  121. >> Popen call with shell=True identified, security issue.
  122. - ./../OpenStack_projects/cinder/cinder/tests/test_migrations.py::166
  123. 166 proc = subprocess.Popen(cmd, stdout=subprocess.PIPE,
  124. >> Use of possibly insecure system call function (subprocess.Popen).
  125. - ./../OpenStack_projects/cinder/cinder/tests/test_migrations.py::166
  126. 166 proc = subprocess.Popen(cmd, stdout=subprocess.PIPE,
  127. >> Possible SQL injection vector through string-based query construction
  128. - ./../OpenStack_projects/cinder/cinder/tests/test_migrations.py::270
  129. 270 total = connection.execute("SELECT count(*) "
  130. >> Possible SQL injection vector through string-based query construction
  131. - ./../OpenStack_projects/cinder/cinder/tests/test_migrations.py::276
  132. 276 noninnodb = connection.execute("SELECT count(*) "
  133. >> Probable insecure usage of temp file/directory
  134. - ./../OpenStack_projects/cinder/cinder/tests/test_nexenta.py::582
  135. 582 self.nms_mock.appliance.execute('truncate --size 1G /tmp/path')
  136. >> Probable insecure usage of temp file/directory
  137. - ./../OpenStack_projects/cinder/cinder/tests/test_nexenta.py::585
  138. 585 self.drv._create_sparsed_file(self.nms_mock, '/tmp/path', 1)
  139. >> Probable insecure usage of temp file/directory
  140. - ./../OpenStack_projects/cinder/cinder/tests/test_nexenta.py::588
  141. 588 self.nms_mock.appliance.execute('dd if=/dev/zero of=/tmp/path bs=1M '
  142. >> Probable insecure usage of temp file/directory
  143. - ./../OpenStack_projects/cinder/cinder/tests/test_nexenta.py::592
  144. 592 self.drv._create_regular_file(self.nms_mock, '/tmp/path', 1)
  145. >> Probable insecure usage of temp file/directory
  146. - ./../OpenStack_projects/cinder/cinder/tests/test_nexenta.py::595
  147. 595 path = '/tmp/path'
  148. >> Probable insecure usage of temp file/directory
  149. - ./../OpenStack_projects/cinder/cinder/tests/test_rbd.py::615
  150. 615 self.cfg.volume_tmp_dir = '/var/run/cinder/tmp'
  151. >> Probable insecure usage of temp file/directory
  152. - ./../OpenStack_projects/cinder/cinder/tests/test_scality.py::38
  153. 38 TEST_MOUNT = '/tmp/fake_mount'
  154. >> Probable insecure usage of temp file/directory
  155. - ./../OpenStack_projects/cinder/cinder/tests/test_scality.py::39
  156. 39 TEST_CONFIG = '/tmp/fake_config'
  157. >> Random library should not be used for any security or cryptographic purposes
  158. - ./../OpenStack_projects/cinder/cinder/tests/test_storwize_svc.py::21
  159. 21 import random
  160. >> Use of random is not suitable for security/cryptographic purposes.
  161. - ./../OpenStack_projects/cinder/cinder/tests/test_storwize_svc.py::1517
  162. 1517 wwpns = [str(random.randint(0, 9999999999999999)).zfill(16),
  163. >> Use of random is not suitable for security/cryptographic purposes.
  164. - ./../OpenStack_projects/cinder/cinder/tests/test_storwize_svc.py::1518
  165. 1518 str(random.randint(0, 9999999999999999)).zfill(16)]
  166. >> Use of random is not suitable for security/cryptographic purposes.
  167. - ./../OpenStack_projects/cinder/cinder/tests/test_storwize_svc.py::1519
  168. 1519 initiator = 'test.initiator.%s' % str(random.randint(10000, 99999))
  169. >> Use of random is not suitable for security/cryptographic purposes.
  170. - ./../OpenStack_projects/cinder/cinder/tests/test_storwize_svc.py::1569
  171. 1569 no_exist_pool = 'i-dont-exist-%s' % random.randint(10000, 99999)
  172. >> Use of random is not suitable for security/cryptographic purposes.
  173. - ./../OpenStack_projects/cinder/cinder/tests/test_storwize_svc.py::1651
  174. 1651 rand_id = str(random.randint(10000, 99999))
  175. >> Use of random is not suitable for security/cryptographic purposes.
  176. - ./../OpenStack_projects/cinder/cinder/tests/test_storwize_svc.py::1988
  177. 1988 rand_id = random.randint(10000, 99999)
  178. >> Use of random is not suitable for security/cryptographic purposes.
  179. - ./../OpenStack_projects/cinder/cinder/tests/test_storwize_svc.py::2170
  180. 2170 random.randint(10000, 99999),
  181. >> Use of random is not suitable for security/cryptographic purposes.
  182. - ./../OpenStack_projects/cinder/cinder/tests/test_storwize_svc.py::2280
  183. 2280 wwpns = [str(random.randint(0, 9999999999999999)).zfill(16),
  184. >> Use of random is not suitable for security/cryptographic purposes.
  185. - ./../OpenStack_projects/cinder/cinder/tests/test_storwize_svc.py::2281
  186. 2281 str(random.randint(0, 9999999999999999)).zfill(16)]
  187. >> Use of random is not suitable for security/cryptographic purposes.
  188. - ./../OpenStack_projects/cinder/cinder/tests/test_storwize_svc.py::2282
  189. 2282 initiator = 'test.initiator.%s' % str(random.randint(10000, 99999))
  190. >> Chmod setting a permissive mask 0755 on file (tmpfilename).
  191. - ./../OpenStack_projects/cinder/cinder/tests/test_utils.py::77
  192. 77 os.chmod(tmpfilename, 0o755)
  193. >> Chmod setting a permissive mask 0755 on file (tmpfilename).
  194. - ./../OpenStack_projects/cinder/cinder/tests/test_utils.py::121
  195. 121 os.chmod(tmpfilename, 0o755)
  196. >> Probable insecure usage of temp file/directory
  197. - ./../OpenStack_projects/cinder/cinder/tests/test_utils.py::525
  198. 525 test_file = '/var/tmp/made_up_file'
  199. >> Probable insecure usage of temp file/directory
  200. - ./../OpenStack_projects/cinder/cinder/tests/test_utils.py::538
  201. 538 test_file = '/var/tmp/made_up_file'
  202. >> Probable insecure usage of temp file/directory
  203. - ./../OpenStack_projects/cinder/cinder/tests/test_utils.py::562
  204. 562 'Filesystem Size Used Avail Use%% Mounted on\n'
  205. >> Probable insecure usage of temp file/directory
  206. - ./../OpenStack_projects/cinder/cinder/tests/test_utils.py::565
  207. 565 test_file = '/tmp/file'
  208. >> Use of possibly insecure function - consider using safer ast.literal_eval.
  209. - ./../OpenStack_projects/cinder/cinder/tests/test_utils.py::940
  210. 940 mock_sshclient.return_value = eval('FakeSSHClient')()
  211. >> Probable insecure usage of temp file/directory
  212. - ./../OpenStack_projects/cinder/cinder/tests/test_utils.py::1005
  213. 1005 CONF.ssh_hosts_key_file = '/tmp/blah'
  214. >> Possible binding to all interfaces
  215. - ./../OpenStack_projects/cinder/cinder/tests/test_volume.py::3775
  216. 3775 self.configuration.iscsi_ip_address = '0.0.0.0'
  217. >> Possible binding to all interfaces
  218. - ./../OpenStack_projects/cinder/cinder/tests/test_volume.py::3803
  219. 3803 "host": "0.0.0.0"}
  220. >> Possible binding to all interfaces
  221. - ./../OpenStack_projects/cinder/cinder/tests/test_volume.py::3875
  222. 3875 self.configuration.iser_ip_address = '0.0.0.0'
  223. >> Probable insecure usage of temp file/directory
  224. - ./../OpenStack_projects/cinder/cinder/tests/test_wsgi.py::68
  225. 68 """
  226. >> Probable insecure usage of temp file/directory
  227. - ./../OpenStack_projects/cinder/cinder/tests/test_wsgi.py::91
  228. 91 self.assertEqual("/tmp", url_parser.directory)
  229. >> Probable insecure usage of temp file/directory
  230. - ./../OpenStack_projects/cinder/cinder/volume/driver.py::1142
  231. 1142 return '/tmp/volume-%s' % volume.id
  232. >> Use of possibly insecure function - consider using safer ast.literal_eval.
  233. - ./../OpenStack_projects/cinder/cinder/volume/drivers/emc/emc_vmax_common.py::1277
  234. 1277 name = eval(loc)
  235. >> Use of possibly insecure function - consider using safer ast.literal_eval.
  236. - ./../OpenStack_projects/cinder/cinder/volume/drivers/emc/emc_vmax_fc.py::185
  237. 185 name = eval(loc)
  238. >> Random library should not be used for any security or cryptographic purposes
  239. - ./../OpenStack_projects/cinder/cinder/volume/drivers/emc/emc_vmax_utils.py::16
  240. 16 import random
  241. >> Use of random is not suitable for security/cryptographic purposes.
  242. - ./../OpenStack_projects/cinder/cinder/volume/drivers/emc/emc_vmax_utils.py::634
  243. 634 portGroupNames[random.randint(0, numPortGroups - 1)])
  244. >> Random library should not be used for any security or cryptographic purposes
  245. - ./../OpenStack_projects/cinder/cinder/volume/drivers/emc/emc_vnx_cli.py::20
  246. 20 import random
  247. >> Use of random is not suitable for security/cryptographic purposes.
  248. - ./../OpenStack_projects/cinder/cinder/volume/drivers/emc/emc_vnx_cli.py::1103
  249. 1103 random.shuffle(iscsi_initiator_ips)
  250. >> Use of random is not suitable for security/cryptographic purposes.
  251. - ./../OpenStack_projects/cinder/cinder/volume/drivers/emc/emc_vnx_cli.py::1115
  252. 1115 random.shuffle(target_portals)
  253. >> Use of random is not suitable for security/cryptographic purposes.
  254. - ./../OpenStack_projects/cinder/cinder/volume/drivers/emc/emc_vnx_cli.py::2049
  255. 2049 random.shuffle(candidate_hlus)
  256. >> Random library should not be used for any security or cryptographic purposes
  257. - ./../OpenStack_projects/cinder/cinder/volume/drivers/emc/xtremio.py::28
  258. 28 import random
  259. >> Use of random is not suitable for security/cryptographic purposes.
  260. - ./../OpenStack_projects/cinder/cinder/volume/drivers/emc/xtremio.py::52
  261. 52 random = random.Random()
  262. >> Random library should not be used for any security or cryptographic purposes
  263. - ./../OpenStack_projects/cinder/cinder/volume/drivers/eqlx.py::19
  264. 19 import random
  265. >> Use of random is not suitable for security/cryptographic purposes.
  266. - ./../OpenStack_projects/cinder/cinder/volume/drivers/eqlx.py::210
  267. 210 greenthread.sleep(random.randint(20, 500) / 100.0)
  268. >> Use of possibly insecure function - consider using safer ast.literal_eval.
  269. - ./../OpenStack_projects/cinder/cinder/volume/drivers/fujitsu_eternus_dx_common.py::1324
  270. 1324 name = eval(loc)
  271. >> Use of insecure MD5 hash function.
  272. - ./../OpenStack_projects/cinder/cinder/volume/drivers/fujitsu_eternus_dx_common.py::1774
  273. 1774 m = hashlib.md5()
  274. >> Use of possibly insecure function - consider using safer ast.literal_eval.
  275. - ./../OpenStack_projects/cinder/cinder/volume/drivers/fujitsu_eternus_dx_fc.py::180
  276. 180 name = eval(loc)
  277. >> Random library should not be used for any security or cryptographic purposes
  278. - ./../OpenStack_projects/cinder/cinder/volume/drivers/fusionio/ioControl.py::23
  279. 23 import random
  280. >> Use of insecure MD5 hash function.
  281. - ./../OpenStack_projects/cinder/cinder/volume/drivers/fusionio/ioControl.py::76
  282. 76 self.hashpass = hashlib.md5()
  283. >> Use of random is not suitable for security/cryptographic purposes.
  284. - ./../OpenStack_projects/cinder/cinder/volume/drivers/fusionio/ioControl.py::409
  285. 409 ipaddr = (networksinfo[random.randint(0, len(networksinfo) - 1)]
  286. >> Random library should not be used for any security or cryptographic purposes
  287. - ./../OpenStack_projects/cinder/cinder/volume/drivers/ibm/storwize_svc/helpers.py::17
  288. 17 import random
  289. >> Use of random is not suitable for security/cryptographic purposes.
  290. - ./../OpenStack_projects/cinder/cinder/volume/drivers/ibm/storwize_svc/helpers.py::274
  291. 274 rand_id = str(random.randint(0, 99999999)).zfill(8)
  292. >> Use of insecure MD5 hash function.
  293. - ./../OpenStack_projects/cinder/cinder/volume/drivers/nexenta/nfs.py::336
  294. 336 hashlib.md5(nfs_share).hexdigest())
  295. >> Random library should not be used for any security or cryptographic purposes
  296. - ./../OpenStack_projects/cinder/cinder/volume/drivers/nimble.py::22
  297. 22 import random
  298. >> Use of random is not suitable for security/cryptographic purposes.
  299. - ./../OpenStack_projects/cinder/cinder/volume/drivers/nimble.py::182
  300. 182 return ''.join(random.sample(char_set, length))
  301. >> Random library should not be used for any security or cryptographic purposes
  302. - ./../OpenStack_projects/cinder/cinder/volume/drivers/prophetstor/dplcommon.py::23
  303. 23 import random
  304. >> Use of random is not suitable for security/cryptographic purposes.
  305. - ./../OpenStack_projects/cinder/cinder/volume/drivers/prophetstor/dplcommon.py::652
  306. 652 nsleep = random.randint(0, 10)
  307. >> Probable insecure usage of temp file/directory
  308. - ./../OpenStack_projects/cinder/cinder/volume/drivers/rbd.py::822
  309. 822 tmp_dir = self.configuration.volume_tmp_dir or '/tmp'
  310. >> Use of insecure MD5 hash function.
  311. - ./../OpenStack_projects/cinder/cinder/volume/drivers/remotefs.py::480
  312. 480 return hashlib.md5(base_str).hexdigest()
  313. >> Random library should not be used for any security or cryptographic purposes
  314. - ./../OpenStack_projects/cinder/cinder/volume/drivers/san/san.py::22
  315. 22 import random
  316. >> Use of random is not suitable for security/cryptographic purposes.
  317. - ./../OpenStack_projects/cinder/cinder/volume/drivers/san/san.py::135
  318. 135 greenthread.sleep(random.randint(20, 500) / 100.0)
  319. >> Chmod setting a permissive mask 0666 on file (path).
  320. - ./../OpenStack_projects/cinder/cinder/volume/drivers/scality.py::118
  321. 118 os.chmod(path, 0o666)
  322. >> Random library should not be used for any security or cryptographic purposes
  323. - ./../OpenStack_projects/cinder/cinder/volume/drivers/solidfire.py::19
  324. 19 import random
  325. >> Use of random is not suitable for security/cryptographic purposes.
  326. - ./../OpenStack_projects/cinder/cinder/volume/drivers/solidfire.py::293
  327. 293 return ''.join(random.sample(char_set, length))
  328. >> Possible SQL injection vector through string-based query construction, without SQLALCHEMY use
  329. - ./../OpenStack_projects/cinder/cinder/volume/drivers/windows/windows_utils.py::185
  330. 185 "Select * from CIM_DataFile where Name = '" +
  331. >> Possible SQL injection vector through string-based query construction, without SQLALCHEMY use
  332. - ./../OpenStack_projects/cinder/cinder/volume/drivers/windows/windows_utils.py::316
  333. 316 "Select * from CIM_DataFile where Name = '" +
  334. >> Consider possible security implications associated with pickle module.
  335. - ./../OpenStack_projects/cinder/cinder/volume/drivers/xenapi/lib.py::19
  336. 19 import pickle
  337. >> Pickle library appears to be in use, possible security issue.
  338. - ./../OpenStack_projects/cinder/cinder/volume/drivers/xenapi/lib.py::370
  339. 370 args = dict(params=pickle.dumps(plugin_params))
  340. >> Pickle library appears to be in use, possible security issue.
  341. - ./../OpenStack_projects/cinder/cinder/volume/drivers/xenapi/lib.py::377
  342. 377 return pickle.loads(result)
  343. >> Use of random is not suitable for security/cryptographic purposes.
  344. - ./../OpenStack_projects/cinder/cinder/volume/utils.py::424
  345. 424 password = [random.choice(s) for s in symbolgroups]
  346. >> Use of random is not suitable for security/cryptographic purposes.
  347. - ./../OpenStack_projects/cinder/cinder/volume/utils.py::428
  348. 428 random.shuffle(password)
  349. >> Use of random is not suitable for security/cryptographic purposes.
  350. - ./../OpenStack_projects/cinder/cinder/volume/utils.py::434
  351. 434 password.extend([random.choice(symbols) for _i in xrange(length)])
  352. >> Use of random is not suitable for security/cryptographic purposes.
  353. - ./../OpenStack_projects/cinder/cinder/volume/utils.py::438
  354. 438 random.shuffle(password)
  355. >> Possible binding to all interfaces
  356. - ./../OpenStack_projects/cinder/cinder/wsgi.py::111
  357. 111 self._host = host or "0.0.0.0"
  358. >> Random library should not be used for any security or cryptographic purposes
  359. - ./../OpenStack_projects/cinder/cinder/zonemanager/drivers/brocade/brcd_fc_zone_client_cli.py::24
  360. 24 import random
  361. >> Use of random is not suitable for security/cryptographic purposes.
  362. - ./../OpenStack_projects/cinder/cinder/zonemanager/drivers/brocade/brcd_fc_zone_client_cli.py::402
  363. 402 greenthread.sleep(random.randint(20, 500) / 100.0)
  364. >> Use of random is not suitable for security/cryptographic purposes.
  365. - ./../OpenStack_projects/cinder/cinder/zonemanager/drivers/brocade/brcd_fc_zone_client_cli.py::444
  366. 444 greenthread.sleep(random.randint(20, 500) / 100.0)
  367. >> Use of random is not suitable for security/cryptographic purposes.
  368. - ./../OpenStack_projects/cinder/cinder/zonemanager/drivers/brocade/brcd_fc_zone_client_cli.py::465
  369. 465 greenthread.sleep(random.randint(20, 500) / 100.0)
  370. >> Random library should not be used for any security or cryptographic purposes
  371. - ./../OpenStack_projects/cinder/cinder/zonemanager/drivers/cisco/cisco_fc_san_lookup_service.py::18
  372. 18 import random
  373. >> Use of random is not suitable for security/cryptographic purposes.
  374. - ./../OpenStack_projects/cinder/cinder/zonemanager/drivers/cisco/cisco_fc_san_lookup_service.py::256
  375. 256 greenthread.sleep(random.randint(20, 500) / 100.0)
  376. >> Use of random is not suitable for security/cryptographic purposes.
  377. - ./../OpenStack_projects/cinder/cinder/zonemanager/drivers/cisco/cisco_fc_san_lookup_service.py::307
  378. 307 greenthread.sleep(random.randint(20, 500) / 100.0)
  379. >> Use of random is not suitable for security/cryptographic purposes.
  380. - ./../OpenStack_projects/cinder/cinder/zonemanager/drivers/cisco/cisco_fc_san_lookup_service.py::328
  381. 328 greenthread.sleep(random.randint(20, 500) / 100.0)
  382. >> Random library should not be used for any security or cryptographic purposes
  383. - ./../OpenStack_projects/cinder/cinder/zonemanager/drivers/cisco/cisco_fc_zone_client_cli.py::21
  384. 21 import random
  385. >> Use of random is not suitable for security/cryptographic purposes.
  386. - ./../OpenStack_projects/cinder/cinder/zonemanager/drivers/cisco/cisco_fc_zone_client_cli.py::382
  387. 382 greenthread.sleep(random.randint(20, 500) / 100.0)
  388. >> Use of random is not suitable for security/cryptographic purposes.
  389. - ./../OpenStack_projects/cinder/cinder/zonemanager/drivers/cisco/cisco_fc_zone_client_cli.py::433
  390. 433 greenthread.sleep(random.randint(20, 500) / 100.0)
  391. >> Use of random is not suitable for security/cryptographic purposes.
  392. - ./../OpenStack_projects/cinder/cinder/zonemanager/drivers/cisco/cisco_fc_zone_client_cli.py::454
  393. 454 greenthread.sleep(random.randint(20, 500) / 100.0)
  394. >> Use of insecure / deprecated system call function (os.popen).
  395. - ./../OpenStack_projects/cinder/doc/source/conf.py::171
  396. 171 html_last_updated_fmt = os.popen(git_cmd).read()
  397. >> Consider possible security implications associated with subprocess module.
  398. - ./../OpenStack_projects/cinder/tools/install_venv.py::26
  399. 26 import subprocess
  400. >> Consider possible security implications associated with subprocess module.
  401. - ./../OpenStack_projects/cinder/tools/install_venv_common.py::29
  402. 29 import subprocess
  403. >> Use of possibly insecure system call function (subprocess.Popen).
  404. - ./../OpenStack_projects/cinder/tools/install_venv_common.py::64
  405. 64 proc = subprocess.Popen(cmd, cwd=self.root, stdout=stdout)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!