Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "errors": [],
- "generated_at": "2023-01-12T07:40:38Z",
- "metrics": {
- "_totals": {
- "CONFIDENCE.HIGH": 6,
- "CONFIDENCE.LOW": 1,
- "CONFIDENCE.MEDIUM": 1,
- "CONFIDENCE.UNDEFINED": 0,
- "SEVERITY.HIGH": 3,
- "SEVERITY.LOW": 3,
- "SEVERITY.MEDIUM": 2,
- "SEVERITY.UNDEFINED": 0,
- "loc": 19,
- "nosec": 0,
- "skipped_tests": 0
- },
- "issues.py": {
- "CONFIDENCE.HIGH": 6,
- "CONFIDENCE.LOW": 1,
- "CONFIDENCE.MEDIUM": 1,
- "CONFIDENCE.UNDEFINED": 0,
- "SEVERITY.HIGH": 3,
- "SEVERITY.LOW": 3,
- "SEVERITY.MEDIUM": 2,
- "SEVERITY.UNDEFINED": 0,
- "loc": 19,
- "nosec": 0,
- "skipped_tests": 0
- }
- },
- "results": [
- {
- "code": "1 import subprocess\n2 import os\n3 import sys\n",
- "col_offset": 0,
- "filename": "issues.py",
- "issue_confidence": "HIGH",
- "issue_cwe": {
- "id": 78,
- "link": "https://cwe.mitre.org/data/definitions/78.html"
- },
- "issue_severity": "LOW",
- "issue_text": "Consider possible security implications associated with the subprocess module.",
- "line_number": 1,
- "line_range": [
- 1
- ],
- "more_info": "https://bandit.readthedocs.io/en/1.7.4/blacklists/blacklist_imports.html#b404-import-subprocess",
- "test_id": "B404",
- "test_name": "blacklist"
- },
- {
- "code": "7 # This code uses a command injection vulnerability\n8 subprocess.call(\"touch \" + sys.argv[1], shell=True)\n9 \n",
- "col_offset": 4,
- "filename": "issues.py",
- "issue_confidence": "HIGH",
- "issue_cwe": {
- "id": 78,
- "link": "https://cwe.mitre.org/data/definitions/78.html"
- },
- "issue_severity": "HIGH",
- "issue_text": "subprocess call with shell=True identified, security issue.",
- "line_number": 8,
- "line_range": [
- 8
- ],
- "more_info": "https://bandit.readthedocs.io/en/1.7.4/plugins/b602_subprocess_popen_with_shell_equals_true.html",
- "test_id": "B602",
- "test_name": "subprocess_popen_with_shell_equals_true"
- },
- {
- "code": "10 # This code uses a hardcoded password\n11 password = \"secretpassword\"\n12 os.system(\"echo \" + password + \" | sudo -S apt-get update\")\n",
- "col_offset": 15,
- "filename": "issues.py",
- "issue_confidence": "MEDIUM",
- "issue_cwe": {
- "id": 259,
- "link": "https://cwe.mitre.org/data/definitions/259.html"
- },
- "issue_severity": "LOW",
- "issue_text": "Possible hardcoded password: 'secretpassword'",
- "line_number": 11,
- "line_range": [
- 11
- ],
- "more_info": "https://bandit.readthedocs.io/en/1.7.4/plugins/b105_hardcoded_password_string.html",
- "test_id": "B105",
- "test_name": "hardcoded_password_string"
- },
- {
- "code": "11 password = \"secretpassword\"\n12 os.system(\"echo \" + password + \" | sudo -S apt-get update\")\n13 \n",
- "col_offset": 4,
- "filename": "issues.py",
- "issue_confidence": "HIGH",
- "issue_cwe": {
- "id": 78,
- "link": "https://cwe.mitre.org/data/definitions/78.html"
- },
- "issue_severity": "HIGH",
- "issue_text": "Starting a process with a shell, possible injection detected, security issue.",
- "line_number": 12,
- "line_range": [
- 12
- ],
- "more_info": "https://bandit.readthedocs.io/en/1.7.4/plugins/b605_start_process_with_a_shell.html",
- "test_id": "B605",
- "test_name": "start_process_with_a_shell"
- },
- {
- "code": "15 user_input = input(\"Enter a value:\")\n16 sql_query = \"SELECT * FROM users WHERE name='\" + user_input + \"';\"\n17 os.system(\"mysql -e '\" + sql_query + \"'\")\n",
- "col_offset": 16,
- "filename": "issues.py",
- "issue_confidence": "LOW",
- "issue_cwe": {
- "id": 89,
- "link": "https://cwe.mitre.org/data/definitions/89.html"
- },
- "issue_severity": "MEDIUM",
- "issue_text": "Possible SQL injection vector through string-based query construction.",
- "line_number": 16,
- "line_range": [
- 16
- ],
- "more_info": "https://bandit.readthedocs.io/en/1.7.4/plugins/b608_hardcoded_sql_expressions.html",
- "test_id": "B608",
- "test_name": "hardcoded_sql_expressions"
- },
- {
- "code": "16 sql_query = \"SELECT * FROM users WHERE name='\" + user_input + \"';\"\n17 os.system(\"mysql -e '\" + sql_query + \"'\")\n18 \n",
- "col_offset": 4,
- "filename": "issues.py",
- "issue_confidence": "HIGH",
- "issue_cwe": {
- "id": 78,
- "link": "https://cwe.mitre.org/data/definitions/78.html"
- },
- "issue_severity": "HIGH",
- "issue_text": "Starting a process with a shell, possible injection detected, security issue.",
- "line_number": 17,
- "line_range": [
- 17
- ],
- "more_info": "https://bandit.readthedocs.io/en/1.7.4/plugins/b605_start_process_with_a_shell.html",
- "test_id": "B605",
- "test_name": "start_process_with_a_shell"
- },
- {
- "code": "25 # This code uses a XML External Entity (XXE) vulnerability\n26 import xml.etree.ElementTree as ET\n27 xtree = ET.parse(input(\"Enter the xml file:\"))\n",
- "col_offset": 4,
- "filename": "issues.py",
- "issue_confidence": "HIGH",
- "issue_cwe": {
- "id": 20,
- "link": "https://cwe.mitre.org/data/definitions/20.html"
- },
- "issue_severity": "LOW",
- "issue_text": "Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.",
- "line_number": 26,
- "line_range": [
- 26
- ],
- "more_info": "https://bandit.readthedocs.io/en/1.7.4/blacklists/blacklist_imports.html#b405-import-xml-etree",
- "test_id": "B405",
- "test_name": "blacklist"
- },
- {
- "code": "26 import xml.etree.ElementTree as ET\n27 xtree = ET.parse(input(\"Enter the xml file:\"))\n28 xroot = xtree.getroot()\n",
- "col_offset": 12,
- "filename": "issues.py",
- "issue_confidence": "HIGH",
- "issue_cwe": {
- "id": 20,
- "link": "https://cwe.mitre.org/data/definitions/20.html"
- },
- "issue_severity": "MEDIUM",
- "issue_text": "Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called",
- "line_number": 27,
- "line_range": [
- 27
- ],
- "more_info": "https://bandit.readthedocs.io/en/1.7.4/blacklists/blacklist_calls.html#b313-b320-xml-bad-elementtree",
- "test_id": "B314",
- "test_name": "blacklist"
- }
- ]
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement