From 6c82aed2870d869aa56b5bdcde580b97a44cc348 Mon Sep 17 00:00:00 2001 From: Dave Miner Date: Mon, 22 Jul 2024 01:41:34 -0700 Subject: [PATCH 01/10] 36846294 pkg/server ends up in maintenance due to stop timeouts --- src/svc/pkg-server.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/svc/pkg-server.xml b/src/svc/pkg-server.xml index 64f83872b..fd9d908b3 100644 --- a/src/svc/pkg-server.xml +++ b/src/svc/pkg-server.xml @@ -19,7 +19,7 @@ CDDL HEADER END - Copyright (c) 2009, 2013 Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2009, 2024, Oracle and/or its affiliates. NOTE: This service manifest is not editable; its contents will be overwritten by package or patch operations, including @@ -97,7 +97,7 @@ type='method' name='stop' exec='%{pkg/pkg_root}/lib/svc/method/svc-pkg-server %m %{restarter/contract}' - timeout_seconds='30' /> + timeout_seconds='60' /> From 2d40ce7a162b3fd739e6c699d1518676f4e84b5e Mon Sep 17 00:00:00 2001 From: Jakub Kulik Date: Mon, 22 Jul 2024 05:44:07 -0700 Subject: [PATCH 02/10] 36851534 fix more issues reported by pylint --- src/modules/actions/depend.py | 2 +- src/modules/client/api_errors.py | 7 +------ src/modules/client/linkedimage/common.py | 3 ++- src/modules/client/publisher.py | 2 +- src/modules/config.py | 8 +++----- src/modules/flavor/__init__.py | 15 ++++++++++----- src/modules/server/__init__.py | 9 +++------ src/modules/server/api.py | 2 +- src/modules/version.py | 2 +- src/pull.py | 2 +- src/tests/api/t_config.py | 2 +- src/util/apache2/depot/depot_index.py | 2 +- src/util/log-scripts/translate.py | 4 ++-- src/util/publish/pkgdiff.py | 2 +- src/util/publish/pkgfmt.py | 2 +- src/util/publish/pkgmerge.py | 2 +- 16 files changed, 31 insertions(+), 35 deletions(-) diff --git a/src/modules/actions/depend.py b/src/modules/actions/depend.py index 723caa06b..335431eb4 100644 --- a/src/modules/actions/depend.py +++ b/src/modules/actions/depend.py @@ -471,7 +471,7 @@ def astr(aout): for k, v in sorted(act.attrs.items(), key=key_func): # Newline breaks are only forced when there is # more than one value for an attribute. - if not (isinstance(v, list) or isinstance(v, set)): + if not isinstance(v, (list, set)): nv = [v] use_force_nl = False else: diff --git a/src/modules/client/api_errors.py b/src/modules/client/api_errors.py index b867a6ee1..fec640356 100644 --- a/src/modules/client/api_errors.py +++ b/src/modules/client/api_errors.py @@ -3885,12 +3885,7 @@ class InvalidOptionErrors(ApiException): def __init__(self, errors): self.errors = [] - assert ( - isinstance(errors, list) - or isinstance(errors, tuple) - or isinstance(errors, set) - or isinstance(errors, InvalidOptionError) - ) + assert isinstance(errors, (list, tuple, set, InvalidOptionError)) if isinstance(errors, InvalidOptionError): self.errors.append(errors) diff --git a/src/modules/client/linkedimage/common.py b/src/modules/client/linkedimage/common.py index 743e819ba..5c30b3784 100644 --- a/src/modules/client/linkedimage/common.py +++ b/src/modules/client/linkedimage/common.py @@ -2318,7 +2318,8 @@ def __child_op_finish( # keep going as long as there are children to process progtrack_update = False - while len(lic_setup) or len(lic_running): + while lic_setup or lic_running: + while lic_setup and ( concurrency > len(lic_running) or concurrency <= 0 ): diff --git a/src/modules/client/publisher.py b/src/modules/client/publisher.py index 488e2c9eb..aebc26b7e 100644 --- a/src/modules/client/publisher.py +++ b/src/modules/client/publisher.py @@ -333,7 +333,7 @@ def __set_proxies(self, proxies): "proxies", scheme=self.scheme ) - if not (isinstance(proxies, list) or isinstance(proxies, tuple)): + if not isinstance(proxies, (list, tuple)): raise api_errors.BadRepositoryAttributeValue( "proxies", value=proxies ) diff --git a/src/modules/config.py b/src/modules/config.py index 89366dbfa..4ce54e501 100644 --- a/src/modules/config.py +++ b/src/modules/config.py @@ -599,7 +599,7 @@ def value(self, value): self._is_allowed(v) nvalue.append(v) - if self.allowed and "" not in self.allowed and not len(nvalue): + if self.allowed and "" not in self.allowed and not nvalue: raise InvalidPropertyValueError(prop=self.name, value=nvalue) self._value = nvalue @@ -645,7 +645,7 @@ def value(self, value): nvalue.append(v) # if we don't allow an empty list, raise an error - if self.allowed and "" not in self.allowed and not len(nvalue): + if self.allowed and "" not in self.allowed and not nvalue: raise InvalidPropertyValueError(prop=self.name, value=nvalue) self._value = nvalue @@ -728,9 +728,7 @@ def _parse_str(self, value): return result def __str__(self): - if self.value and len(self.value): - # Performing the join using a unicode string results in - # a single unicode string object. + if self.value: return ",".join(self.value) return "" diff --git a/src/modules/flavor/__init__.py b/src/modules/flavor/__init__.py index 0e27dffa7..718a61e37 100644 --- a/src/modules/flavor/__init__.py +++ b/src/modules/flavor/__init__.py @@ -21,10 +21,15 @@ # # -# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2009, 2024, Oracle and/or its affiliates. # -__all__ = ["base" "elf" "hardlink" "pound_bang" "python" "smf_manifest"] - -# Vim hints -# vim:ts=4:sw=4:et:fdm=marker +__all__ = [ + "base", + "depthlimitedmf", + "elf", + "hardlink", + "python", + "script", + "smf_manifest", +] diff --git a/src/modules/server/__init__.py b/src/modules/server/__init__.py index 890d2bb75..f0ffb208d 100644 --- a/src/modules/server/__init__.py +++ b/src/modules/server/__init__.py @@ -24,16 +24,13 @@ # Copyright (c) 2007, 2024, Oracle and/or its affiliates. # - __all__ = [ - "catalog", - "config", + "api", + "api_errors", "depot", "face", "feed", + "query_parser", "repository", "transaction", ] - -# Vim hints -# vim:ts=4:sw=4:et:fdm=marker diff --git a/src/modules/server/api.py b/src/modules/server/api.py index 98dfd5c61..72cf22fd6 100644 --- a/src/modules/server/api.py +++ b/src/modules/server/api.py @@ -828,7 +828,7 @@ def get_accepted_languages(self): """ alist = [] for entry in self._request.headers.elements("Accept-Language"): - alist.append(str(entry).split(";")[0]) + alist.append(str(entry).split(";", maxsplit=0)[0]) return alist diff --git a/src/modules/version.py b/src/modules/version.py index 402d8d986..9df923f79 100644 --- a/src/modules/version.py +++ b/src/modules/version.py @@ -649,7 +649,7 @@ class MatchingVersion(Version): __slots__ = ["match_latest", "__original"] def __init__(self, version_string, build_string=None): - if version_string is None or not len(version_string): + if not version_string: raise IllegalVersion("Version cannot be empty") if version_string == "latest": diff --git a/src/pull.py b/src/pull.py index 8aae9279b..14ebecd2b 100755 --- a/src/pull.py +++ b/src/pull.py @@ -1192,7 +1192,7 @@ def copy_catalog(src_cat_root, pub): # We only print warning if the user didn't specify any valid publishers # to add/sync. - if len(unknown_pubs): + if unknown_pubs: txt = _( "\nThe following publishers are present in the " "source repository but not in the target repository.\n" diff --git a/src/tests/api/t_config.py b/src/tests/api/t_config.py index ffd731468..367b2d0f1 100644 --- a/src/tests/api/t_config.py +++ b/src/tests/api/t_config.py @@ -1367,7 +1367,7 @@ class TestConfig(_TestConfigBase): str_allowed = builtin str_noneallowed = list_basic = [] -list_default = [u'{uni_escape}', 'bob cat', 'profit'] +list_default = ['{uni_escape}', 'bob cat', 'profit'] list_allowed = ['builtin'] list_noneallowed = [] diff --git a/src/util/apache2/depot/depot_index.py b/src/util/apache2/depot/depot_index.py index 6001eb65c..8165934ac 100755 --- a/src/util/apache2/depot/depot_index.py +++ b/src/util/apache2/depot/depot_index.py @@ -372,7 +372,7 @@ def get_accept_lang(self, request, depot_bui): rlangs = [] for entry in request.headers.elements("Accept-Language"): - rlangs.append(str(entry).split(";")[0]) + rlangs.append(str(entry).split(";", maxsplit=1)[0]) for rl in rlangs: if os.path.exists(os.path.join(depot_bui.web_root, rl)): return rl diff --git a/src/util/log-scripts/translate.py b/src/util/log-scripts/translate.py index fa51f05f3..5528e5f06 100644 --- a/src/util/log-scripts/translate.py +++ b/src/util/log-scripts/translate.py @@ -21,7 +21,7 @@ # # -# Copyright (c) 2008, 2015, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2008, 2024, Oracle and/or its affiliates. # import GeoIP @@ -68,7 +68,7 @@ # Goofy date -> UTS d = time.mktime(time.strptime(d[1:], "%d/%b/%Y:%H:%M:%S")) - d = str(d).split(".")[0] + d = str(d).split(".", maxsplit=1)[0] # Figure out op and opargs opflds = fullop.split("/") diff --git a/src/util/publish/pkgdiff.py b/src/util/publish/pkgdiff.py index 28e347ca8..55cd36f0b 100755 --- a/src/util/publish/pkgdiff.py +++ b/src/util/publish/pkgdiff.py @@ -319,7 +319,7 @@ def q(s): return s v = attrs[k] - if isinstance(v, list) or isinstance(v, set): + if isinstance(v, (list, set)): out = " ".join( [ "{0}={1}".format(k, q(lmt)) diff --git a/src/util/publish/pkgfmt.py b/src/util/publish/pkgfmt.py index cf56d792c..255d964e1 100755 --- a/src/util/publish/pkgfmt.py +++ b/src/util/publish/pkgfmt.py @@ -499,7 +499,7 @@ def astr(aout): for k, v in sorted(sattrs.items(), key=key_func): # Newline breaks are only forced when there is more than # one value for an attribute. - if not (isinstance(v, list) or isinstance(v, set)): + if not isinstance(v, (list, set)): nv = [v] use_force_nl = False else: diff --git a/src/util/publish/pkgmerge.py b/src/util/publish/pkgmerge.py index 65737247b..3d60e352f 100755 --- a/src/util/publish/pkgmerge.py +++ b/src/util/publish/pkgmerge.py @@ -416,7 +416,7 @@ def main_func(): len( set( [ - str(a).rsplit(":")[0] + str(a).rsplit(":", maxsplit=1)[0] for a in processdict[entry] if a is not None ] From 3b5bd8e619a877ce947c9f307ea479d432de079a Mon Sep 17 00:00:00 2001 From: Andy Fiddaman Date: Thu, 22 Aug 2024 17:21:54 +0000 Subject: [PATCH 03/10] 36779395 move web installation from setup.py to its own Makefile --- src/Makefile | 2 +- src/setup.py | 14 +-------- src/web/Makefile | 82 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 84 insertions(+), 14 deletions(-) create mode 100644 src/web/Makefile diff --git a/src/Makefile b/src/Makefile index 2eb8ed19a..d41368e9c 100644 --- a/src/Makefile +++ b/src/Makefile @@ -42,7 +42,7 @@ clobber := TARGET = clobber check := TARGET = check packages := TARGET = install -SUBDIRS=brand util/mkcert man po +SUBDIRS=brand util/mkcert man po web all: $(SUBDIRS) diff --git a/src/setup.py b/src/setup.py index c4b19c142..f3d043515 100755 --- a/src/setup.py +++ b/src/setup.py @@ -255,18 +255,6 @@ "pkg.pipeutils", ] -web_files = [] -for entry in os.walk("web"): - web_dir, dirs, files = entry - if not files: - continue - web_files.append( - ( - os.path.join(resource_dir, web_dir), - [os.path.join(web_dir, f) for f in files if f != "Makefile"], - ) - ) - smf_app_files = [ #'svc/pkg-depot.xml', "svc/pkg-mdns.xml", @@ -1348,7 +1336,7 @@ def __init__(self, name, sources, build_64=False, **kwargs): elf_libraries = None sysattr_libraries = None sha512_t_libraries = None -data_files = web_files +data_files = [] cmdclasses = { "install": install_func, "install_data": install_data_func, diff --git a/src/web/Makefile b/src/web/Makefile new file mode 100644 index 000000000..8be4ca2ba --- /dev/null +++ b/src/web/Makefile @@ -0,0 +1,82 @@ +# +# This file and its contents are supplied under the terms of the +# Common Development and Distribution License ("CDDL"), version 1.0. +# You may only use this file in accordance with the terms of version +# 1.0 of the CDDL. +# +# A full copy of the text of the CDDL should have accompanied this +# source. A copy of the CDDL is also available via the Internet at +# http://www.illumos.org/license/CDDL. +# + +# Copyright 2024 OmniOS Community Edition (OmniOSce) Association. + +include ../Makefile.com + +ROOTUSRSHARELIB = $(ROOTUSRSHARE)/lib +ROOTPKGWEB = $(ROOTUSRSHARELIB)/pkg/web + +THEMESDIR = $(ROOTPKGWEB)/_themes +THEMES = default omnios.org + +DIRS = \ + $(ROOTPKGWEB) \ + $(ROOTPKGWEB)/en \ + $(THEMESDIR) \ + $(THEMES:%=$(THEMESDIR)/%) \ + $(THEMES:%=$(THEMESDIR)/%/en) + +THEME_DEFAULT = \ + en/base.css \ + en/body_end.shtml \ + en/footer.shtml \ + en/head_end.shtml \ + en/header.shtml \ + feed-icon-14x14.png + +THEME_OOCE = \ + en/base.css \ + en/body_end.shtml \ + en/footer.shtml \ + en/head_end.shtml \ + en/header.shtml \ + feed-icon-14x14.png \ + logo_ban0.png \ + logo_ban0.svg + +THEME_SHARED = \ + p5i-link.png \ + pkg-block-icon.png \ + pkg-block-logo.png \ + pkg-block-logo.svg \ + yui-reset-font-grids_base-min.css + +FILES = \ + en/advanced_search.shtml \ + en/base.shtml \ + en/catalog.shtml \ + en/index.shtml \ + en/layout.shtml \ + en/search.shtml \ + en/stats.shtml \ + config.shtml \ + index.shtml \ + robots.txt \ + shared.shtml + +all: + +install: $(DIRS) \ + $(FILES:%=$(ROOTPKGWEB)/%) \ + $(THEME_SHARED:%=$(THEMESDIR)/%) \ + $(THEME_DEFAULT:%=$(THEMESDIR)/default/%) \ + $(THEME_OOCE:%=$(THEMESDIR)/omnios.org/%) + +check clean clobber: + +$(DIRS): + $(MKDIR) $@ + +$(ROOTPKGWEB)/%: % + $(RM) $@; $(INSTALL) -f $(@D) -m 0444 $< + From 99a797931616f4e221f827d18734c1952f8ca43b Mon Sep 17 00:00:00 2001 From: Andy Fiddaman Date: Thu, 22 Aug 2024 17:24:37 +0000 Subject: [PATCH 04/10] 36709307 move svc related code from setup.py to its own Makefile --- src/Makefile | 2 +- src/setup.py | 42 --------------------------------- src/svc/Makefile | 60 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+), 43 deletions(-) create mode 100644 src/svc/Makefile diff --git a/src/Makefile b/src/Makefile index d41368e9c..9f690b853 100644 --- a/src/Makefile +++ b/src/Makefile @@ -42,7 +42,7 @@ clobber := TARGET = clobber check := TARGET = check packages := TARGET = install -SUBDIRS=brand util/mkcert man po web +SUBDIRS=brand util/mkcert man po svc web all: $(SUBDIRS) diff --git a/src/setup.py b/src/setup.py index f3d043515..2d5bc8e52 100755 --- a/src/setup.py +++ b/src/setup.py @@ -119,13 +119,10 @@ scripts_dir = "usr/bin" lib_dir = "usr/lib" -svc_method_dir = "lib/svc/method" -svc_share_dir = "lib/svc/share" ignored_deps_dir = "usr/share/pkg/ignored_deps" resource_dir = "usr/share/lib/pkg" transform_dir = "usr/share/pkg/transforms" -smf_app_dir = "lib/svc/manifest/application/pkg" execattrd_dir = "etc/security/exec_attr.d" authattrd_dir = "etc/security/auth_attr.d" userattrd_dir = "etc/user_attr.d" @@ -166,17 +163,6 @@ # ['sysrepo.py', 'pkg.sysrepo'], # ['depot-config.py', "pkg.depot-config"] ], - svc_method_dir: [ - # ['svc/svc-pkg-depot', 'svc-pkg-depot'], - ["svc/svc-pkg-mdns", "svc-pkg-mdns"], - ["svc/svc-pkg-mirror", "svc-pkg-mirror"], - ["svc/svc-pkg-repositories-setup", "svc-pkg-repositories-setup"], - ["svc/svc-pkg-server", "svc-pkg-server"], - # ['svc/svc-pkg-sysrepo', 'svc-pkg-sysrepo'], - ], - svc_share_dir: [ - ["svc/pkg5_include.sh", "pkg5_include.sh"], - ], } scripts_windows = { @@ -255,16 +241,6 @@ "pkg.pipeutils", ] -smf_app_files = [ - #'svc/pkg-depot.xml', - "svc/pkg-mdns.xml", - "svc/pkg-mirror.xml", - "svc/pkg-repositories-setup.xml", - "svc/pkg-server.xml", - #'svc/pkg-system-repository.xml', - #'svc/zoneproxy-client.xml', - #'svc/zoneproxyd.xml' -] resource_files = [ "util/opensolaris.org.sections", "util/pkglintrc", @@ -569,22 +545,6 @@ def run(self): os.system(" ".join(sha512_tcmd)) -class smflint_func(Command): - description = "Validate SMF manifests" - user_options = [] - - def initialize_options(self): - pass - - def finalize_options(self): - pass - - def run(self): - for manifest in smf_app_files: - args = ["/usr/sbin/svccfg", "validate", manifest] - print(f"SMF manifest validate: {manifest}") - run_cmd(args, os.getcwd()) - # Runs both C and Python lint class lint_func(Command): @@ -603,7 +563,6 @@ def escape(astring): return astring.replace(" ", "\\ ") def run(self): - smflint_func(Distribution()).run() clint_func(Distribution()).run() pylint_func(Distribution()).run() @@ -1368,7 +1327,6 @@ def __init__(self, name, sources, build_64=False, **kwargs): if osname == "sunos": # Solaris-specific extensions are added here data_files += [ - (smf_app_dir, smf_app_files), (execattrd_dir, execattrd_files), (authattrd_dir, authattrd_files), (userattrd_dir, userattrd_files), diff --git a/src/svc/Makefile b/src/svc/Makefile new file mode 100644 index 000000000..eb768411a --- /dev/null +++ b/src/svc/Makefile @@ -0,0 +1,60 @@ +# +# This file and its contents are supplied under the terms of the +# Common Development and Distribution License ("CDDL"), version 1.0. +# You may only use this file in accordance with the terms of version +# 1.0 of the CDDL. +# +# A full copy of the text of the CDDL should have accompanied this +# source. A copy of the CDDL is also available via the Internet at +# http://www.illumos.org/license/CDDL. +# + +# Copyright 2024 OmniOS Community Edition (OmniOSce) Association. + +include ../Makefile.com + +SVCCFG = /usr/sbin/svccfg + +ROOTLIBSVC = $(ROOT)/lib/svc + +ROOTMANIFESTDIR = $(ROOTLIBSVC)/manifest/application/pkg +ROOTMETHODDIR = $(ROOTLIBSVC)/method +ROOTSHAREDIR = $(ROOTLIBSVC)/share + +DIRS = $(ROOTMANIFESTDIR) $(ROOTMETHODDIR) $(ROOTSHAREDIR) + +MANIFESTS = \ + pkg-mdns.xml \ + pkg-mirror.xml \ + pkg-repositories-setup.xml \ + pkg-server.xml + +METHODS = \ + svc-pkg-mdns \ + svc-pkg-mirror \ + svc-pkg-repositories-setup \ + svc-pkg-server + +SHARED = \ + pkg5_include.sh + +all: + +install: $(DIRS) \ + $(MANIFESTS:%=$(ROOTMANIFESTDIR)/%) \ + $(METHODS:%=$(ROOTMETHODDIR)/%) \ + $(SHARED:%=$(ROOTSHAREDIR)/%) + +clean clobber: + +check: $(MANIFESTS:%=check-%) + +check-%: % + $(SVCCFG) validate $< + +$(DIRS): + $(MKDIR) $@ + +$(ROOTMANIFESTDIR)/% $(ROOTMETHODDIR)/% $(ROOTSHAREDIR)/%: % + $(RM) $@; $(INSTALL) -f $(@D) -m 0444 $< + From 5db6f42731787b7db392ae3e4e09f23f896ecd63 Mon Sep 17 00:00:00 2001 From: Jakub Kulik Date: Fri, 2 Aug 2024 02:42:30 -0700 Subject: [PATCH 05/10] 32645035 Multiple done lines output when installing packages --- src/modules/client/progress.py | 14 +++++++------- src/setup.py | 1 - 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/src/modules/client/progress.py b/src/modules/client/progress.py index 95c65b029..7fd543691 100644 --- a/src/modules/client/progress.py +++ b/src/modules/client/progress.py @@ -1569,11 +1569,11 @@ def actions_all_done(self): def job_start(self, jobid, goal=None): jobitem = self._jobitems[jobid] jobitem.reset() - outspec = OutSpec() if goal: if not isinstance(jobitem, GoalTrackerItem): raise RuntimeError("can't set goal on non-goal tracker") jobitem.goalitems = goal + outspec = OutSpec(first=True) jobitem.printed = True self._job_output(outspec, jobitem) @@ -2187,7 +2187,7 @@ def _republish_output(self, outspec): if "startpkg" in outspec.changed: pkgfmri = self.repub_pkgs.curinfo self.__generic_start( - _("Republish: {0} ... ").format(pkgfmri.get_fmri(anarchy=True)) + _("Republish: {0} ...").format(pkgfmri.get_fmri(anarchy=True)) ) if "endpkg" in outspec.changed: self.__generic_done() @@ -2259,14 +2259,14 @@ def _act_output_all_done(self): def _job_output(self, outspec, jobitem): if outspec.first: - self.__generic_start("{0} ... ".format(jobitem.name)) + self.__generic_start("{0} ...".format(jobitem.name)) if outspec.last: self.__generic_done_item(jobitem) def _lint_output(self, outspec): if outspec.first: if self.lint_phasetype == self.LINT_PHASETYPE_SETUP: - self._pe.cprint("{0} ... ".format(self.lintitems.name), end="") + self._pe.cprint("{0} ...".format(self.lintitems.name), end="") elif self.lint_phasetype == self.LINT_PHASETYPE_EXECUTE: self._pe.cprint("# --- {0} ---".format(self.lintitems.name)) if outspec.last: @@ -2602,7 +2602,7 @@ def _republish_output(self, outspec): if "startpkg" in outspec.changed: pkgfmri = self.repub_pkgs.curinfo self.__generic_start( - _("Republish: {0} ... ").format(pkgfmri.get_fmri(anarchy=True)) + _("Republish: {0} ...").format(pkgfmri.get_fmri(anarchy=True)) ) if "endpkg" in outspec.changed: self.__generic_done() @@ -2677,14 +2677,14 @@ def _act_output_all_done(self): def _job_output(self, outspec, jobitem): if outspec.first: - self.__generic_start("{0} ... ".format(jobitem.name)) + self.__generic_start("{0} ...".format(jobitem.name)) if outspec.last: self.__generic_done_item(jobitem) def _lint_output(self, outspec): if outspec.first: if self.lint_phasetype == self.LINT_PHASETYPE_SETUP: - msg = "{0} ... ".format(self.lintitems.name) + msg = "{0} ...".format(self.lintitems.name) prog_json = {self.O_PHASE: _("Setup"), self.O_MESSAGE: msg} self.__handle_prog_output(prog_json) elif self.lint_phasetype == self.LINT_PHASETYPE_EXECUTE: diff --git a/src/setup.py b/src/setup.py index 2d5bc8e52..38aa9f648 100755 --- a/src/setup.py +++ b/src/setup.py @@ -545,7 +545,6 @@ def run(self): os.system(" ".join(sha512_tcmd)) - # Runs both C and Python lint class lint_func(Command): description = "Runs C and Python lint checkers" From c3529d0e236759683b94f4f39004942c19231c60 Mon Sep 17 00:00:00 2001 From: Konrad Karczewski Date: Fri, 2 Aug 2024 05:41:28 -0700 Subject: [PATCH 06/10] 36716400 'pkg update -n' returns false return code in dry-run if insufficient disk space --- src/modules/client/client_api.py | 10 ++++++++-- src/modules/client/imageplan.py | 6 ++---- src/tests/cli/t_fix.py | 2 +- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/modules/client/client_api.py b/src/modules/client/client_api.py index 595dcb105..34dfac3d0 100644 --- a/src/modules/client/client_api.py +++ b/src/modules/client/client_api.py @@ -1720,14 +1720,20 @@ def __api_op( # consumer from creating a noop plan and then # preparing and executing it.) __api_plan_save(_api_inst, logger=logger) - # for pkg verify or fix. + # The branch for fix and verify has to be handled first, to + # return the exit code from the run instead of the generic + # EXIT_NOP. When there is nothing to do we consider this a + # success for verification. if _op in [PKG_OP_FIX, PKG_OP_VERIFY] and _noexecute and _quiet_plan: exit_code = __verify_exit_status(_api_inst) return __prepare_json(exit_code, data=data) if _api_inst.planned_nothingtodo(): return __prepare_json(EXIT_NOP, data=data) - if _noexecute or _stage == API_STAGE_PLAN: + if _stage == API_STAGE_PLAN: return __prepare_json(EXIT_OK, data=data) + if _noexecute: + exit_code = __verify_exit_status(_api_inst) + return __prepare_json(exit_code, data=data) else: assert _stage in [API_STAGE_PREPARE, API_STAGE_EXECUTE] __api_plan_load(_api_inst, _stage, _origins, logger=logger) diff --git a/src/modules/client/imageplan.py b/src/modules/client/imageplan.py index 3ca1fac10..e31a99b03 100644 --- a/src/modules/client/imageplan.py +++ b/src/modules/client/imageplan.py @@ -4172,9 +4172,7 @@ def __evaluate_pkg_downloads(self): _("Root filesystem"), ) timestamp = misc.time_to_timestamp(time.time()) - self.pd.add_item_message( - "warning", timestamp, MSG_WARNING, _(msg) - ) + self.pd.add_item_message("errors", timestamp, MSG_ERROR, _(msg)) else: raise api_errors.ImageInsufficentSpace( self.pd._bytes_added, @@ -4238,7 +4236,7 @@ def evaluate(self): medmsg = self.__make_med_msg() timestamp = misc.time_to_timestamp(time.time()) self.pd.add_item_message( - "warning", timestamp, MSG_WARNING, medmsg + "warnings", timestamp, MSG_WARNING, medmsg ) def __update_avail_space(self): diff --git a/src/tests/cli/t_fix.py b/src/tests/cli/t_fix.py index 630ca226b..36ad687ab 100644 --- a/src/tests/cli/t_fix.py +++ b/src/tests/cli/t_fix.py @@ -333,7 +333,7 @@ def test_01_basics(self): # Verify that unprivileged users are handled by fix. self.pkg("fix amber", exit=1, su_wrap=True) - self.pkg("fix --unpackaged -nv amber") + self.pkg("fix --unpackaged -nv amber", exit=1) self.assertTrue("----" in self.output and "UNPACKAGED" in self.output) # Fix the package From e8e75ee6344462ddaf5e9df40ca0bd462747beef Mon Sep 17 00:00:00 2001 From: Jakub Kulik Date: Mon, 5 Aug 2024 01:41:28 -0700 Subject: [PATCH 07/10] 36878489 remove unused pspawn module --- src/cffi_src/Makefile | 2 +- src/cffi_src/build_pspawn.py | 90 ------------- src/modules/pspawn.py | 199 ---------------------------- src/pkg/manifests/package:pkg.p5m | 2 - src/setup.py | 20 --- src/tests/pycodestyle-whitelist.txt | 1 - 6 files changed, 1 insertion(+), 313 deletions(-) delete mode 100755 src/cffi_src/build_pspawn.py delete mode 100644 src/modules/pspawn.py diff --git a/src/cffi_src/Makefile b/src/cffi_src/Makefile index eb2e52066..eb929e8cb 100644 --- a/src/cffi_src/Makefile +++ b/src/cffi_src/Makefile @@ -13,7 +13,7 @@ # Copyright 2023 OmniOS Community Edition (OmniOSce) Association. # -EXTENSIONS= arch pspawn sha512_t sysattr syscallat +EXTENSIONS= arch sha512_t sysattr syscallat SOURCES= $(EXTENSIONS:%=_%.c) OUTDIR= cffi_src diff --git a/src/cffi_src/build_pspawn.py b/src/cffi_src/build_pspawn.py deleted file mode 100755 index c7496129a..000000000 --- a/src/cffi_src/build_pspawn.py +++ /dev/null @@ -1,90 +0,0 @@ -#!/usr/bin/python3 -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# - -# -# Copyright (c) 2015, 2024, Oracle and/or its affiliates. -# - -from cffi import FFI - -ffi = FFI() - -ffi.set_source( - "_pspawn", - """ -/* Includes */ -#include -#include - -/* Custom Types */ -typedef struct { - int skip_fd; - int start_fd; - posix_spawn_file_actions_t *fap; -} walk_data; -""", -) - -ffi.cdef( - """ -/* Types */ -typedef int... mode_t; /* file attribute type */ -typedef int... pid_t; /* process id type */ - -typedef struct { - void *__file_attrp; /* implementation-private */ -} posix_spawn_file_actions_t; - -typedef struct { - void *__spawn_attrp; /* implementation-private */ -} posix_spawnattr_t; - -typedef struct { - int skip_fd; - int start_fd; - posix_spawn_file_actions_t *fap; -} walk_data; - -/* Functions */ -int fdwalk(int (*)(void *, int), void *); -int posix_spawn_file_actions_init(posix_spawn_file_actions_t *); -int posix_spawn_file_actions_destroy(posix_spawn_file_actions_t *); -int posix_spawn_file_actions_addclose(posix_spawn_file_actions_t *, int); -int posix_spawn_file_actions_adddup2(posix_spawn_file_actions_t *, int, int); -int posix_spawn_file_actions_addopen(posix_spawn_file_actions_t *, int, - const char *, int, mode_t); - -int posix_spawnp( - pid_t *, - const char *, - const posix_spawn_file_actions_t *, - const posix_spawnattr_t *, - char *const [], - char *const []); -""" -) - -if __name__ == "__main__": - ffi.emit_c_code("cffi_src/_pspawn.c") - -# Vim hints -# vim:ts=4:sw=4:et:fdm=marker diff --git a/src/modules/pspawn.py b/src/modules/pspawn.py deleted file mode 100644 index 500b98dcf..000000000 --- a/src/modules/pspawn.py +++ /dev/null @@ -1,199 +0,0 @@ -#!/usr/bin/python3 -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# - -# -# Copyright 2020 OmniOS Community Edition (OmniOSce) Association. -# Copyright (c) 2015, 2024, Oracle and/or its affiliates. -# - -import os -from pkg._pspawn import lib, ffi - - -def _check_error(rc): - if rc != 0: - raise OSError(rc, os.strerror(rc)) - - -@ffi.callback("int (*)(void *, int)", error=-1) -def walk_func(data, fd): - wd = ffi.cast("walk_data *", data) - if fd >= wd.start_fd and fd != wd.skip_fd: - rc = lib.posix_spawn_file_actions_addclose(wd.fap, fd) - _check_error(rc) - return 0 - - -class SpawnFileAction(object): - """SpawnFileAction() -> spawn file action object - - Creates a Python object that encapsulates the posix_spawn_file_action_t - type. This is used by the posix_spawn(3C) interface to control actions - on file descriptors in the new process. This object implements the - following methods. - - add_close(fd) -- Add the file descriptor fd to the list of fds to be - closed in the new process. - add_open(fd, path, oflag, mode) -- Open the file at path with flags - oflags and mode, assign it to the file descriptor numbered fd in the new - process. - add_dup2(fd, newfd) -- Take the file descriptor in fd and dup2 it to newfd - in the newly created process. - add_close_childfds(fd) -- Add all file descriptors above 2 except fd - (optionally) to list of fds to be closed in the new process. - - Information about the underlying C interfaces can be found in the - following man pages: - - posix_spawn(3C) - posix_spawn_file_actions_addclose(3C) - posix_spawn_file_actions_addopen(3C) - posix_spawn_file_actions_adddup2(3C) - """ - - def __init__(self): - self.fa = ffi.new("posix_spawn_file_actions_t *") - rc = lib.posix_spawn_file_actions_init(self.fa) - self.fa = ffi.gc(self.fa, lib.posix_spawn_file_actions_destroy) - # The file_actions routines don't set errno, so we have to create - # the exception tuple by hand. - _check_error(rc) - - def add_close(self, fd): - """Add the file descriptor fd to the list of descriptors to be closed - in the new process.""" - - if not isinstance(fd, int): - raise TypeError("fd must be int type") - - rc = lib.posix_spawn_file_actions_addclose(self.fa, fd) - _check_error(rc) - - def add_open(self, fd, path, oflag, mode): - """Open the file at path with flags oflags and mode, assign it to - the file descriptor numbered fd in the new process.""" - - if not isinstance(fd, int): - raise TypeError("fd must be int type") - if not isinstance(path, str): - raise TypeError("path must be a string") - if not isinstance(oflag, int): - raise TypeError("oflag must be int type") - if not isinstance(path, mode): - raise TypeError("path must be int type") - - rc = lib.posix_spawn_file_actions_addopen( - self.fa, fd, path, oflag, mode - ) - _check_error(rc) - - def add_dup2(self, fd, newfd): - """Take the file descriptor in fd and dup2 it to newfd in the newly - created process.""" - - if not isinstance(fd, int): - raise TypeError("fd must be int type") - if not isinstance(newfd, int): - raise TypeError("newfd must be int type") - - rc = lib.posix_spawn_file_actions_adddup2(self.fa, fd, newfd) - _check_error(rc) - - def add_close_childfds(self, start_fd, except_fd=-1): - """Add to a SpawnFileAction a series of 'closes' that will close all of - the fds >= startfd in the child process. A single fd may be skipped, - provided that it is given as the optional except argument.""" - - if not isinstance(start_fd, int): - raise TypeError("start_fd must be int type") - if not isinstance(except_fd, int): - raise TypeError("except_fd must be int type") - - # Set up walk_data for fdwalk. - wd = ffi.new("walk_data *", [0]) - wd.skip_fd = ffi.cast("int", except_fd) - wd.start_fd = ffi.cast("int", start_fd) - wd.fap = self.fa - - # Perform the walk. - lib.fdwalk(walk_func, wd) - - -def posix_spawnp(filename, args, fileactions=None, env=None): - """Invoke posix_spawnp(3C). - - 'filename' is the name of the executeable file. - - 'args' is a sequence of arguments supplied to the newly executed program. - - 'fileactions' defines what actions will be performed upon the file - descriptors of the spawned executable. If defined, it must be a - SpawnFileAction object. - - 'env', the enviroment, if provided, it must be a sequence object.""" - - if not isinstance(filename, str): - raise TypeError("filename must be a string") - - pid = ffi.new("pid_t *") - - spawn_args = [] - # This essentially does force_bytes in pkg.misc, but importing pkg.misc has - # a circular import issue, so we implement the conversion here. - for arg in args: - if isinstance(arg, str): - arg = arg.encode() - spawn_args.append(ffi.new("char []", arg)) - spawn_args.append(ffi.NULL) - - # Process env, if supplied by caller - spawn_env = [] - if env: - for arg in env: - try: - if isinstance(arg, str): - arg = arg.encode() - spawn_env.append(ffi.new("char []", arg)) - except: - # If an environment variable cannot be added for any reason, - # just continue. (Most likely is UnicodeEncodeError) - pass - spawn_env.append(ffi.NULL) - - # setup file actions, if passed by caller - s_action = ffi.NULL - if fileactions: - if not isinstance(fileactions, SpawnFileAction): - raise TypeError("fileact must be a SpawnFileAction object.") - s_action = fileactions.fa - - # Now do the actual spawn - rc = lib.posix_spawnp( - pid, filename.encode(), s_action, ffi.NULL, spawn_args, spawn_env - ) - _check_error(rc) - - return pid[0] - - -# Vim hints -# vim:ts=4:sw=4:et:fdm=marker diff --git a/src/pkg/manifests/package:pkg.p5m b/src/pkg/manifests/package:pkg.p5m index 92e80ac70..a05767771 100644 --- a/src/pkg/manifests/package:pkg.p5m +++ b/src/pkg/manifests/package:pkg.p5m @@ -49,7 +49,6 @@ file path=$(PYDIRVP)/pkg-0.1-py$(PYVERS).egg-info/top_level.txt file path=$(PYDIRVP)/pkg/__init__.py file path=$(PYDIRVP)/pkg/_arch.cpython$(PYPKGVERS)-$(TRIPLE).so file path=$(PYDIRVP)/pkg/_misc.cpython$(PYPKGVERS)-$(TRIPLE).so -file path=$(PYDIRVP)/pkg/_pspawn.cpython$(PYPKGVERS)-$(TRIPLE).so file path=$(PYDIRVP)/pkg/_sha512_t.cpython$(PYPKGVERS)-$(TRIPLE).so file path=$(PYDIRVP)/pkg/_sysattr.cpython$(PYPKGVERS)-$(TRIPLE).so file path=$(PYDIRVP)/pkg/_syscallat.cpython$(PYPKGVERS)-$(TRIPLE).so @@ -178,7 +177,6 @@ file path=$(PYDIRVP)/pkg/portable/os_unix.py file path=$(PYDIRVP)/pkg/portable/os_windows.py \ pkg.depend.bypass-generate=.*win32api.* file path=$(PYDIRVP)/pkg/portable/util.py -file path=$(PYDIRVP)/pkg/pspawn.py dir path=$(PYDIRVP)/pkg/publish file path=$(PYDIRVP)/pkg/publish/__init__.py file path=$(PYDIRVP)/pkg/publish/dependencies.py diff --git a/src/setup.py b/src/setup.py index 38aa9f648..0c5ad3ebc 100755 --- a/src/setup.py +++ b/src/setup.py @@ -281,7 +281,6 @@ sha512_t_srcs = ["cffi_src/_sha512_t.c"] sysattr_srcs = ["cffi_src/_sysattr.c"] syscallat_srcs = ["cffi_src/_syscallat.c"] -pspawn_srcs = ["cffi_src/_pspawn.c"] elf_srcs = [ "modules/elf.c", "modules/elfextract.c", @@ -488,14 +487,6 @@ def run(self): + ["-I" + self.escape(get_python_inc())] + _misc_srcs ) - pspawncmd = ( - lint - + lint_flags - + ["-D_FILE_OFFSET_BITS=64"] - + ["{0}{1}".format("-I", k) for k in include_dirs] - + ["-I" + self.escape(get_python_inc())] - + pspawn_srcs - ) syscallatcmd = ( lint + lint_flags @@ -535,8 +526,6 @@ def run(self): os.system(" ".join(_varcetcmd)) print(" ".join(_misccmd)) os.system(" ".join(_misccmd)) - print(" ".join(pspawncmd)) - os.system(" ".join(pspawncmd)) print(" ".join(syscallatcmd)) os.system(" ".join(syscallatcmd)) print(" ".join(sysattrcmd)) @@ -1372,15 +1361,6 @@ def __init__(self, name, sources, build_64=False, **kwargs): define_macros=[("_FILE_OFFSET_BITS", "64")], build_64=True, ), - Extension( - "_pspawn", - pspawn_srcs, - include_dirs=include_dirs, - extra_compile_args=compile_args, - extra_link_args=link_args, - define_macros=[("_FILE_OFFSET_BITS", "64")], - build_64=True, - ), Extension( "_syscallat", syscallat_srcs, diff --git a/src/tests/pycodestyle-whitelist.txt b/src/tests/pycodestyle-whitelist.txt index 64460fb48..a9b581484 100644 --- a/src/tests/pycodestyle-whitelist.txt +++ b/src/tests/pycodestyle-whitelist.txt @@ -1,7 +1,6 @@ cffi_src modules/actions/depend.py modules/arch.py -modules/pspawn.py modules/sysattr.py modules/syscallat.py modules/sha512_t.py From 9951c1fee9bdf15f8dabd7f62d3790586fbeea2c Mon Sep 17 00:00:00 2001 From: Andy Fiddaman Date: Thu, 22 Aug 2024 18:11:18 +0000 Subject: [PATCH 08/10] Update bandit baseline --- src/tests/bandit-baseline.json | 1138 +++++++++++++++++++++----------- 1 file changed, 738 insertions(+), 400 deletions(-) diff --git a/src/tests/bandit-baseline.json b/src/tests/bandit-baseline.json index d1505d94d..dcd795afe 100644 --- a/src/tests/bandit-baseline.json +++ b/src/tests/bandit-baseline.json @@ -1,6 +1,6 @@ { "errors": [], - "generated_at": "2024-05-23T18:10:58Z", + "generated_at": "2024-08-22T18:05:28Z", "metrics": { "./brand/bhyve/boot.py": { "CONFIDENCE.HIGH": 7, @@ -11,7 +11,7 @@ "SEVERITY.LOW": 7, "SEVERITY.MEDIUM": 1, "SEVERITY.UNDEFINED": 0, - "loc": 560, + "loc": 568, "nosec": 0, "skipped_tests": 0 }, @@ -132,19 +132,6 @@ "nosec": 0, "skipped_tests": 0 }, - "./cffi_src/build_pspawn.py": { - "CONFIDENCE.HIGH": 0, - "CONFIDENCE.LOW": 0, - "CONFIDENCE.MEDIUM": 0, - "CONFIDENCE.UNDEFINED": 0, - "SEVERITY.HIGH": 0, - "SEVERITY.LOW": 0, - "SEVERITY.MEDIUM": 0, - "SEVERITY.UNDEFINED": 0, - "loc": 49, - "nosec": 0, - "skipped_tests": 0 - }, "./cffi_src/build_sha512_t.py": { "CONFIDENCE.HIGH": 0, "CONFIDENCE.LOW": 0, @@ -289,12 +276,12 @@ "skipped_tests": 0 }, "./modules/actions/driver.py": { - "CONFIDENCE.HIGH": 0, + "CONFIDENCE.HIGH": 2, "CONFIDENCE.LOW": 0, "CONFIDENCE.MEDIUM": 0, "CONFIDENCE.UNDEFINED": 0, "SEVERITY.HIGH": 0, - "SEVERITY.LOW": 0, + "SEVERITY.LOW": 2, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, "loc": 868, @@ -622,17 +609,17 @@ "SEVERITY.LOW": 0, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, - "loc": 3125, + "loc": 3120, "nosec": 0, "skipped_tests": 0 }, "./modules/client/bootenv.py": { - "CONFIDENCE.HIGH": 1, + "CONFIDENCE.HIGH": 3, "CONFIDENCE.LOW": 0, "CONFIDENCE.MEDIUM": 0, "CONFIDENCE.UNDEFINED": 0, "SEVERITY.HIGH": 0, - "SEVERITY.LOW": 1, + "SEVERITY.LOW": 3, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, "loc": 626, @@ -648,7 +635,7 @@ "SEVERITY.LOW": 1, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, - "loc": 3421, + "loc": 3424, "nosec": 0, "skipped_tests": 0 }, @@ -666,12 +653,12 @@ "skipped_tests": 0 }, "./modules/client/firmware.py": { - "CONFIDENCE.HIGH": 0, + "CONFIDENCE.HIGH": 2, "CONFIDENCE.LOW": 0, "CONFIDENCE.MEDIUM": 0, "CONFIDENCE.UNDEFINED": 0, "SEVERITY.HIGH": 0, - "SEVERITY.LOW": 0, + "SEVERITY.LOW": 2, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, "loc": 105, @@ -692,12 +679,12 @@ "skipped_tests": 0 }, "./modules/client/image.py": { - "CONFIDENCE.HIGH": 4, + "CONFIDENCE.HIGH": 6, "CONFIDENCE.LOW": 0, "CONFIDENCE.MEDIUM": 0, "CONFIDENCE.UNDEFINED": 0, "SEVERITY.HIGH": 0, - "SEVERITY.LOW": 4, + "SEVERITY.LOW": 6, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, "loc": 3770, @@ -713,7 +700,7 @@ "SEVERITY.LOW": 1, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, - "loc": 1313, + "loc": 1312, "nosec": 0, "skipped_tests": 0 }, @@ -726,7 +713,7 @@ "SEVERITY.LOW": 1, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, - "loc": 4854, + "loc": 4852, "nosec": 0, "skipped_tests": 0 }, @@ -778,7 +765,7 @@ "SEVERITY.LOW": 0, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, - "loc": 2717, + "loc": 2716, "nosec": 0, "skipped_tests": 0 }, @@ -796,12 +783,12 @@ "skipped_tests": 0 }, "./modules/client/linkedimage/zone.py": { - "CONFIDENCE.HIGH": 0, + "CONFIDENCE.HIGH": 3, "CONFIDENCE.LOW": 0, "CONFIDENCE.MEDIUM": 0, "CONFIDENCE.UNDEFINED": 0, "SEVERITY.HIGH": 0, - "SEVERITY.LOW": 0, + "SEVERITY.LOW": 3, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, "loc": 295, @@ -1069,12 +1056,12 @@ "skipped_tests": 0 }, "./modules/cpiofile.py": { - "CONFIDENCE.HIGH": 0, + "CONFIDENCE.HIGH": 2, "CONFIDENCE.LOW": 0, "CONFIDENCE.MEDIUM": 0, "CONFIDENCE.UNDEFINED": 0, "SEVERITY.HIGH": 0, - "SEVERITY.LOW": 0, + "SEVERITY.LOW": 2, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, "loc": 789, @@ -1095,12 +1082,12 @@ "skipped_tests": 0 }, "./modules/depotcontroller.py": { - "CONFIDENCE.HIGH": 4, + "CONFIDENCE.HIGH": 6, "CONFIDENCE.LOW": 0, "CONFIDENCE.MEDIUM": 3, "CONFIDENCE.UNDEFINED": 0, "SEVERITY.HIGH": 1, - "SEVERITY.LOW": 0, + "SEVERITY.LOW": 2, "SEVERITY.MEDIUM": 6, "SEVERITY.UNDEFINED": 0, "loc": 465, @@ -1181,7 +1168,7 @@ "SEVERITY.LOW": 0, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, - "loc": 1, + "loc": 9, "nosec": 0, "skipped_tests": 0 }, @@ -1575,19 +1562,6 @@ "nosec": 0, "skipped_tests": 0 }, - "./modules/pkgsubprocess.py": { - "CONFIDENCE.HIGH": 1, - "CONFIDENCE.LOW": 0, - "CONFIDENCE.MEDIUM": 0, - "CONFIDENCE.UNDEFINED": 0, - "SEVERITY.HIGH": 0, - "SEVERITY.LOW": 1, - "SEVERITY.MEDIUM": 0, - "SEVERITY.UNDEFINED": 0, - "loc": 216, - "nosec": 0, - "skipped_tests": 0 - }, "./modules/pkgtarfile.py": { "CONFIDENCE.HIGH": 0, "CONFIDENCE.LOW": 0, @@ -1692,19 +1666,6 @@ "nosec": 0, "skipped_tests": 0 }, - "./modules/pspawn.py": { - "CONFIDENCE.HIGH": 1, - "CONFIDENCE.LOW": 0, - "CONFIDENCE.MEDIUM": 0, - "CONFIDENCE.UNDEFINED": 0, - "SEVERITY.HIGH": 0, - "SEVERITY.LOW": 1, - "SEVERITY.MEDIUM": 0, - "SEVERITY.UNDEFINED": 0, - "loc": 120, - "nosec": 0, - "skipped_tests": 0 - }, "./modules/publish/__init__.py": { "CONFIDENCE.HIGH": 0, "CONFIDENCE.LOW": 0, @@ -1792,7 +1753,7 @@ "SEVERITY.LOW": 0, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, - "loc": 9, + "loc": 10, "nosec": 0, "skipped_tests": 0 }, @@ -1888,12 +1849,12 @@ "skipped_tests": 0 }, "./modules/server/repository.py": { - "CONFIDENCE.HIGH": 3, + "CONFIDENCE.HIGH": 5, "CONFIDENCE.LOW": 0, "CONFIDENCE.MEDIUM": 0, "CONFIDENCE.UNDEFINED": 0, "SEVERITY.HIGH": 0, - "SEVERITY.LOW": 3, + "SEVERITY.LOW": 5, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, "loc": 3463, @@ -1940,12 +1901,12 @@ "skipped_tests": 0 }, "./modules/smf.py": { - "CONFIDENCE.HIGH": 0, + "CONFIDENCE.HIGH": 2, "CONFIDENCE.LOW": 0, "CONFIDENCE.MEDIUM": 0, "CONFIDENCE.UNDEFINED": 0, "SEVERITY.HIGH": 0, - "SEVERITY.LOW": 0, + "SEVERITY.LOW": 2, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, "loc": 181, @@ -2070,12 +2031,12 @@ "skipped_tests": 0 }, "./pull.py": { - "CONFIDENCE.HIGH": 2, + "CONFIDENCE.HIGH": 4, "CONFIDENCE.LOW": 0, "CONFIDENCE.MEDIUM": 0, "CONFIDENCE.UNDEFINED": 0, "SEVERITY.HIGH": 0, - "SEVERITY.LOW": 2, + "SEVERITY.LOW": 4, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, "loc": 1537, @@ -2083,15 +2044,15 @@ "skipped_tests": 0 }, "./setup.py": { - "CONFIDENCE.HIGH": 17, + "CONFIDENCE.HIGH": 16, "CONFIDENCE.LOW": 0, "CONFIDENCE.MEDIUM": 0, "CONFIDENCE.UNDEFINED": 0, - "SEVERITY.HIGH": 10, + "SEVERITY.HIGH": 9, "SEVERITY.LOW": 7, "SEVERITY.MEDIUM": 0, "SEVERITY.UNDEFINED": 0, - "loc": 1172, + "loc": 1074, "nosec": 0, "skipped_tests": 0 }, @@ -2447,15 +2408,15 @@ "skipped_tests": 0 }, "_totals": { - "CONFIDENCE.HIGH": 149, + "CONFIDENCE.HIGH": 167, "CONFIDENCE.LOW": 0, "CONFIDENCE.MEDIUM": 19, "CONFIDENCE.UNDEFINED": 0, - "SEVERITY.HIGH": 31, - "SEVERITY.LOW": 105, + "SEVERITY.HIGH": 30, + "SEVERITY.LOW": 124, "SEVERITY.MEDIUM": 32, "SEVERITY.UNDEFINED": 0, - "loc": 112526, + "loc": 112054, "nosec": 0, "skipped_tests": 0 } @@ -2477,12 +2438,12 @@ "line_range": [ 37 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b404-import-subprocess", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", "test_id": "B404", "test_name": "blacklist" }, { - "code": "206 try:\n207 os.unlink(f'{z.zoneroot}/tmp/init.log')\n208 except:\n", + "code": "207 try:\n208 os.unlink(f'{z.zoneroot}/tmp/init.log')\n209 except:\n", "col_offset": 32, "end_col_offset": 45, "filename": "./brand/bhyve/boot.py", @@ -2493,16 +2454,16 @@ }, "issue_severity": "MEDIUM", "issue_text": "Probable insecure usage of temp file/directory.", - "line_number": 207, + "line_number": 208, "line_range": [ - 207 + 208 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b108_hardcoded_tmp_directory.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b108_hardcoded_tmp_directory.html", "test_id": "B108", "test_name": "hardcoded_tmp_directory" }, { - "code": "207 os.unlink(f'{z.zoneroot}/tmp/init.log')\n208 except:\n209 pass\n210 bootlib.log_file(f'{z.zonepath}/log/zone.log', logging.DEBUG)\n", + "code": "208 os.unlink(f'{z.zoneroot}/tmp/init.log')\n209 except:\n210 pass\n211 bootlib.log_file(f'{z.zonepath}/log/zone.log', logging.DEBUG)\n", "col_offset": 4, "end_col_offset": 12, "filename": "./brand/bhyve/boot.py", @@ -2513,17 +2474,17 @@ }, "issue_severity": "LOW", "issue_text": "Try, Except, Pass detected.", - "line_number": 208, + "line_number": 209, "line_range": [ - 208, - 209 + 209, + 210 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, { - "code": "302 \n303 subprocess.run(['/usr/sbin/zonecfg', '-z', zone,\n304 'remove attr name=bootnext'])\n305 \n", + "code": "303 \n304 subprocess.run(['/usr/sbin/zonecfg', '-z', zone,\n305 'remove attr name=bootnext'])\n306 \n", "col_offset": 4, "end_col_offset": 37, "filename": "./brand/bhyve/boot.py", @@ -2534,17 +2495,17 @@ }, "issue_severity": "LOW", "issue_text": "subprocess call - check for execution of untrusted input.", - "line_number": 303, + "line_number": 304, "line_range": [ - 303, - 304 + 304, + 305 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b603_subprocess_without_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", "test_id": "B603", "test_name": "subprocess_without_shell_equals_true" }, { - "code": "335 debug(f'RAM change from {oldmem} to {mem} - {op} {delta}')\n336 ret = subprocess.run([RSRVRCTL, op, str(delta)],\n337 text=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)\n338 for l in ret.stdout.splitlines():\n", + "code": "336 debug(f'RAM change from {oldmem} to {mem} - {op} {delta}')\n337 ret = subprocess.run([RSRVRCTL, op, str(delta)],\n338 text=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)\n339 for l in ret.stdout.splitlines():\n", "col_offset": 14, "end_col_offset": 72, "filename": "./brand/bhyve/boot.py", @@ -2555,17 +2516,17 @@ }, "issue_severity": "LOW", "issue_text": "subprocess call - check for execution of untrusted input.", - "line_number": 336, + "line_number": 337, "line_range": [ - 336, - 337 + 337, + 338 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b603_subprocess_without_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", "test_id": "B603", "test_name": "subprocess_without_shell_equals_true" }, { - "code": "472 add_bootoption('bootdisk', None, ('pci', f'{BOOTDISK_SLOT}.0'))\n473 except:\n474 pass\n475 \n", + "code": "473 add_bootoption('bootdisk', None, ('pci', f'{BOOTDISK_SLOT}.0'))\n474 except:\n475 pass\n476 \n", "col_offset": 0, "end_col_offset": 8, "filename": "./brand/bhyve/boot.py", @@ -2576,17 +2537,17 @@ }, "issue_severity": "LOW", "issue_text": "Try, Except, Pass detected.", - "line_number": 473, + "line_number": 474, "line_range": [ - 473, - 474 + 474, + 475 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, { - "code": "535 debug(f'Setting promisc-filtered for {nic} to {promisc}')\n536 p = subprocess.run(dladm_args, capture_output=True, text=True)\n537 if p.returncode > 0:\n", + "code": "543 debug(f'Setting promisc-filtered for {nic} to {promisc}')\n544 p = subprocess.run(dladm_args, capture_output=True, text=True)\n545 if p.returncode > 0:\n", "col_offset": 8, "end_col_offset": 66, "filename": "./brand/bhyve/boot.py", @@ -2597,16 +2558,16 @@ }, "issue_severity": "LOW", "issue_text": "subprocess call - check for execution of untrusted input.", - "line_number": 536, + "line_number": 544, "line_range": [ - 536 + 544 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b603_subprocess_without_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", "test_id": "B603", "test_name": "subprocess_without_shell_equals_true" }, { - "code": "671 \n672 p = subprocess.run(args, capture_output=True, text=True)\n673 # config.dump exits with a status code of 1. Other errors indicate a problem.\n", + "code": "679 \n680 p = subprocess.run(args, capture_output=True, text=True)\n681 # config.dump exits with a status code of 1. Other errors indicate a problem.\n", "col_offset": 4, "end_col_offset": 56, "filename": "./brand/bhyve/boot.py", @@ -2617,11 +2578,11 @@ }, "issue_severity": "LOW", "issue_text": "subprocess call - check for execution of untrusted input.", - "line_number": 672, + "line_number": 680, "line_range": [ - 672 + 680 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b603_subprocess_without_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", "test_id": "B603", "test_name": "subprocess_without_shell_equals_true" }, @@ -2641,7 +2602,7 @@ "line_range": [ 22 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b404-import-subprocess", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", "test_id": "B404", "test_name": "blacklist" }, @@ -2661,7 +2622,7 @@ "line_range": [ 25 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b405-import-xml-etree", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b405-import-xml-etree", "test_id": "B405", "test_name": "blacklist" }, @@ -2681,7 +2642,7 @@ "line_range": [ 85 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b313-b320-xml-bad-elementtree", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b313-b320-xml-bad-elementtree", "test_id": "B314", "test_name": "blacklist" }, @@ -2702,7 +2663,7 @@ 132, 133 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -2737,7 +2698,7 @@ 303, 304 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b603_subprocess_without_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", "test_id": "B603", "test_name": "subprocess_without_shell_equals_true" }, @@ -2760,7 +2721,7 @@ 389, 390 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b603_subprocess_without_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", "test_id": "B603", "test_name": "subprocess_without_shell_equals_true" }, @@ -2781,7 +2742,7 @@ 364, 365 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -2801,7 +2762,7 @@ "line_range": [ 36 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b404-import-subprocess", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", "test_id": "B404", "test_name": "blacklist" }, @@ -2821,7 +2782,7 @@ "line_range": [ 154 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b108_hardcoded_tmp_directory.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b108_hardcoded_tmp_directory.html", "test_id": "B108", "test_name": "hardcoded_tmp_directory" }, @@ -2842,7 +2803,7 @@ 155, 156 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -2877,7 +2838,7 @@ 234, 235 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b108_hardcoded_tmp_directory.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b108_hardcoded_tmp_directory.html", "test_id": "B108", "test_name": "hardcoded_tmp_directory" }, @@ -2898,7 +2859,7 @@ 317, 318 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -2919,7 +2880,7 @@ 378, 379 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -2939,7 +2900,7 @@ "line_range": [ 18 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b404-import-subprocess", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", "test_id": "B404", "test_name": "blacklist" }, @@ -2959,7 +2920,7 @@ "line_range": [ 19 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b405-import-xml-etree", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b405-import-xml-etree", "test_id": "B405", "test_name": "blacklist" }, @@ -2979,7 +2940,7 @@ "line_range": [ 43 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b108_hardcoded_tmp_directory.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b108_hardcoded_tmp_directory.html", "test_id": "B108", "test_name": "hardcoded_tmp_directory" }, @@ -2999,7 +2960,7 @@ "line_range": [ 86 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b313-b320-xml-bad-elementtree", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b313-b320-xml-bad-elementtree", "test_id": "B314", "test_name": "blacklist" }, @@ -3020,7 +2981,7 @@ 129, 130 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -3063,7 +3024,7 @@ 209, 210 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b108_hardcoded_tmp_directory.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b108_hardcoded_tmp_directory.html", "test_id": "B108", "test_name": "hardcoded_tmp_directory" }, @@ -3084,7 +3045,7 @@ 253, 254 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -3107,7 +3068,7 @@ 265, 266 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b603_subprocess_without_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", "test_id": "B603", "test_name": "subprocess_without_shell_equals_true" }, @@ -3127,7 +3088,7 @@ "line_range": [ 325 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b603_subprocess_without_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", "test_id": "B603", "test_name": "subprocess_without_shell_equals_true" }, @@ -3148,7 +3109,7 @@ 1335, 1336 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -3169,7 +3130,7 @@ 3284, 3285 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -3191,7 +3152,7 @@ 7990, 7991 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -3213,7 +3174,7 @@ 312, 313 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b702_use_of_mako_templates.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b702_use_of_mako_templates.html", "test_id": "B702", "test_name": "use_of_mako_templates" }, @@ -3235,7 +3196,7 @@ 317, 318 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b702_use_of_mako_templates.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b702_use_of_mako_templates.html", "test_id": "B702", "test_name": "use_of_mako_templates" }, @@ -3255,7 +3216,7 @@ "line_range": [ 512 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b108_hardcoded_tmp_directory.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b108_hardcoded_tmp_directory.html", "test_id": "B108", "test_name": "hardcoded_tmp_directory" }, @@ -3275,7 +3236,7 @@ "line_range": [ 785 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b104_hardcoded_bind_all_interfaces.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b104_hardcoded_bind_all_interfaces.html", "test_id": "B104", "test_name": "hardcoded_bind_all_interfaces" }, @@ -3295,7 +3256,7 @@ "line_range": [ 39 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b404-import-subprocess", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", "test_id": "B404", "test_name": "blacklist" }, @@ -3315,7 +3276,7 @@ "line_range": [ 93 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b104_hardcoded_bind_all_interfaces.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b104_hardcoded_bind_all_interfaces.html", "test_id": "B104", "test_name": "hardcoded_bind_all_interfaces" }, @@ -3337,7 +3298,7 @@ 738, 739 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b603_subprocess_without_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", "test_id": "B603", "test_name": "subprocess_without_shell_equals_true" }, @@ -3357,7 +3318,7 @@ "line_range": [ 867 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b307-eval", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b307-eval", "test_id": "B307", "test_name": "blacklist" }, @@ -3379,10 +3340,52 @@ 872, 873 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b307-eval", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b307-eval", "test_id": "B307", "test_name": "blacklist" }, + { + "code": "33 import os\n34 import subprocess\n35 from pkg.actions import generic\n", + "col_offset": 0, + "end_col_offset": 17, + "filename": "./modules/actions/driver.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "Consider possible security implications associated with the subprocess module.", + "line_number": 34, + "line_range": [ + 34 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", + "test_id": "B404", + "test_name": "blacklist" + }, + { + "code": "119 def __call(args, fmt, fmtargs):\n120 proc = subprocess.Popen(\n121 args, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True\n122 )\n123 buf = proc.stdout.read()\n", + "col_offset": 15, + "end_col_offset": 9, + "filename": "./modules/actions/driver.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "subprocess call - check for execution of untrusted input.", + "line_number": 120, + "line_range": [ + 120, + 121, + 122 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", + "test_id": "B603", + "test_name": "subprocess_without_shell_equals_true" + }, { "code": "883 os.chmod(pdir, pmode)\n884 except Exception as e:\n885 # Ignore failure to reset parent mode.\n886 pass\n887 \n", "col_offset": 16, @@ -3401,7 +3404,7 @@ 885, 886 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -3422,7 +3425,7 @@ 117, 118 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -3442,7 +3445,7 @@ "line_range": [ 75 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -3462,7 +3465,7 @@ "line_range": [ 282 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b105_hardcoded_password_string.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b105_hardcoded_password_string.html", "test_id": "B105", "test_name": "hardcoded_password_string" }, @@ -3482,7 +3485,7 @@ "line_range": [ 290 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b105_hardcoded_password_string.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b105_hardcoded_password_string.html", "test_id": "B105", "test_name": "hardcoded_password_string" }, @@ -3503,7 +3506,7 @@ 859, 860 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -3524,10 +3527,30 @@ 6194, 6195 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b112_try_except_continue.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b112_try_except_continue.html", "test_id": "B112", "test_name": "try_except_continue" }, + { + "code": "28 import shutil\n29 import subprocess\n30 import tempfile\n", + "col_offset": 0, + "end_col_offset": 17, + "filename": "./modules/client/bootenv.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "Consider possible security implications associated with the subprocess module.", + "line_number": 29, + "line_range": [ + 29 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", + "test_id": "B404", + "test_name": "blacklist" + }, { "code": "295 BootEnv.destroy_be(be_name)\n296 except Exception as e:\n297 pass\n298 break\n", "col_offset": 16, @@ -3545,10 +3568,32 @@ 296, 297 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, + { + "code": "505 try:\n506 ret = subprocess.call(\n507 cmd, stdout=open(os.devnull), stderr=subprocess.STDOUT\n508 )\n509 except OSError as e:\n", + "col_offset": 18, + "end_col_offset": 13, + "filename": "./modules/client/bootenv.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "subprocess call - check for execution of untrusted input.", + "line_number": 506, + "line_range": [ + 506, + 507, + 508 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", + "test_id": "B603", + "test_name": "subprocess_without_shell_equals_true" + }, { "code": "751 \n752 except:\n753 # Ignore the above error and just use what\n754 # already exists.\n755 pass\n756 \n", "col_offset": 8, @@ -3568,10 +3613,52 @@ 754, 755 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, + { + "code": "26 import os.path\n27 import subprocess\n28 import sys\n", + "col_offset": 0, + "end_col_offset": 17, + "filename": "./modules/client/firmware.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "Consider possible security implications associated with the subprocess module.", + "line_number": 27, + "line_range": [ + 27 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", + "test_id": "B404", + "test_name": "blacklist" + }, + { + "code": "77 try:\n78 proc = subprocess.Popen(\n79 args, stdout=subprocess.PIPE, stderr=subprocess.STDOUT\n80 )\n81 # output from proc is bytes\n", + "col_offset": 23, + "end_col_offset": 17, + "filename": "./modules/client/firmware.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "subprocess call - check for execution of untrusted input.", + "line_number": 78, + "line_range": [ + 78, + 79, + 80 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", + "test_id": "B603", + "test_name": "subprocess_without_shell_equals_true" + }, { "code": "32 import traceback\n33 import xml.dom.minidom as xmini\n34 \n", "col_offset": 0, @@ -3588,7 +3675,7 @@ "line_range": [ 33 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b408-import-xml-minidom", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b408-import-xml-minidom", "test_id": "B408", "test_name": "blacklist" }, @@ -3608,10 +3695,50 @@ "line_range": [ 593 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b313-b320-xml-bad-minidom", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b313-b320-xml-bad-minidom", "test_id": "B318", "test_name": "blacklist" }, + { + "code": "38 import stat\n39 import subprocess\n40 import sys\n", + "col_offset": 0, + "end_col_offset": 17, + "filename": "./modules/client/image.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "Consider possible security implications associated with the subprocess module.", + "line_number": 39, + "line_range": [ + 39 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", + "test_id": "B404", + "test_name": "blacklist" + }, + { + "code": "1127 cmdargs = [\"/usr/bin/rm\", \"-rf\", orig_root]\n1128 subprocess.Popen(cmdargs, stdout=nullf, stderr=nullf)\n1129 nullf.close()\n", + "col_offset": 16, + "end_col_offset": 69, + "filename": "./modules/client/image.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "subprocess call - check for execution of untrusted input.", + "line_number": 1128, + "line_range": [ + 1128 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", + "test_id": "B603", + "test_name": "subprocess_without_shell_equals_true" + }, { "code": "2900 os.rmdir(os.path.dirname(mcdir))\n2901 except:\n2902 pass\n2903 \n", "col_offset": 12, @@ -3629,7 +3756,7 @@ 2901, 2902 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -3650,7 +3777,7 @@ 2915, 2916 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -3671,7 +3798,7 @@ 3919, 3920 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -3692,12 +3819,12 @@ 3954, 3955 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, { - "code": "112 # Token used for default values.\n113 DEF_TOKEN = \"DEFAULT\"\n114 _val_map_none = {\"None\": None}\n", + "code": "111 # Token used for default values.\n112 DEF_TOKEN = \"DEFAULT\"\n113 _val_map_none = {\"None\": None}\n", "col_offset": 12, "end_col_offset": 21, "filename": "./modules/client/imageconfig.py", @@ -3708,16 +3835,16 @@ }, "issue_severity": "LOW", "issue_text": "Possible hardcoded password: 'DEFAULT'", - "line_number": 113, + "line_number": 112, "line_range": [ - 113 + 112 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b105_hardcoded_password_string.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b105_hardcoded_password_string.html", "test_id": "B105", "test_name": "hardcoded_password_string" }, { - "code": "5982 self.pd._actuators.exec_fail_actuators(self.image)\n5983 except:\n5984 # Ensure the real cause of failure is raised.\n5985 pass\n5986 raise api_errors.InvalidPackageErrors([exc_value])\n", + "code": "5980 self.pd._actuators.exec_fail_actuators(self.image)\n5981 except:\n5982 # Ensure the real cause of failure is raised.\n5983 pass\n5984 raise api_errors.InvalidPackageErrors([exc_value])\n", "col_offset": 12, "end_col_offset": 20, "filename": "./modules/client/imageplan.py", @@ -3728,16 +3855,76 @@ }, "issue_severity": "LOW", "issue_text": "Try, Except, Pass detected.", - "line_number": 5983, + "line_number": 5981, "line_range": [ - 5983, - 5984, - 5985 + 5981, + 5982, + 5983 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, + { + "code": "37 import tempfile\n38 import subprocess\n39 \n", + "col_offset": 0, + "end_col_offset": 17, + "filename": "./modules/client/linkedimage/zone.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "Consider possible security implications associated with the subprocess module.", + "line_number": 38, + "line_range": [ + 38 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", + "test_id": "B404", + "test_name": "blacklist" + }, + { + "code": "396 ferrout = tempfile.TemporaryFile(mode=\"w+\")\n397 p = subprocess.Popen(cmd, stdout=fout, stderr=ferrout)\n398 p.wait()\n", + "col_offset": 8, + "end_col_offset": 58, + "filename": "./modules/client/linkedimage/zone.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "subprocess call - check for execution of untrusted input.", + "line_number": 397, + "line_range": [ + 397 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", + "test_id": "B603", + "test_name": "subprocess_without_shell_equals_true" + }, + { + "code": "473 ferrout = tempfile.TemporaryFile(mode=\"w+\")\n474 p = subprocess.Popen(cmd, stdout=fout, stderr=ferrout)\n475 p.wait()\n", + "col_offset": 8, + "end_col_offset": 58, + "filename": "./modules/client/linkedimage/zone.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "subprocess call - check for execution of untrusted input.", + "line_number": 474, + "line_range": [ + 474 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", + "test_id": "B603", + "test_name": "subprocess_without_shell_equals_true" + }, { "code": "1623 opts[avail_opt] = int(opts[avail_opt])\n1624 except Exception:\n1625 pass\n1626 if opts[avail_opt] not in valid_args:\n", "col_offset": 20, @@ -3755,7 +3942,7 @@ 1624, 1625 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -3775,12 +3962,12 @@ "line_range": [ 36 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b404-import-subprocess", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", "test_id": "B404", "test_name": "blacklist" }, { - "code": "148 # Redefinition of p type\n149 p = subprocess.Popen(\n150 pkg_cmd,\n151 stdout=fstdout,\n152 stderr=fstderr,\n153 pass_fds=(server_cmd_pipe, server_prog_pipe_fobj.fileno()),\n154 )\n155 \n", + "code": "139 try:\n140 p = subprocess.Popen(\n141 pkg_cmd,\n142 stdout=fstdout,\n143 stderr=fstderr,\n144 pass_fds=(server_cmd_pipe, server_prog_pipe_fobj.fileno()),\n145 )\n146 \n", "col_offset": 16, "end_col_offset": 13, "filename": "./modules/client/pkgremote.py", @@ -3791,16 +3978,16 @@ }, "issue_severity": "LOW", "issue_text": "subprocess call - check for execution of untrusted input.", - "line_number": 149, + "line_number": 140, "line_range": [ - 149, - 150, - 151, - 152, - 153, - 154 + 140, + 141, + 142, + 143, + 144, + 145 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b603_subprocess_without_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", "test_id": "B603", "test_name": "subprocess_without_shell_equals_true" }, @@ -3820,7 +4007,7 @@ "line_range": [ 3475 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -3840,7 +4027,7 @@ "line_range": [ 3517 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -3860,7 +4047,7 @@ "line_range": [ 3520 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -3880,7 +4067,7 @@ "line_range": [ 3596 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -3900,7 +4087,7 @@ "line_range": [ 2020 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -3920,7 +4107,7 @@ "line_range": [ 2039 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -3942,7 +4129,7 @@ 2051, 2052 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -3964,7 +4151,7 @@ 2832, 2833 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -3984,7 +4171,7 @@ "line_range": [ 2882 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -4004,7 +4191,7 @@ "line_range": [ 2975 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -4024,7 +4211,7 @@ "line_range": [ 3021 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -4044,7 +4231,7 @@ "line_range": [ 3158 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -4064,7 +4251,7 @@ "line_range": [ 3404 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -4084,7 +4271,7 @@ "line_range": [ 3426 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -4104,7 +4291,7 @@ "line_range": [ 298 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b408-import-xml-minidom", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b408-import-xml-minidom", "test_id": "B408", "test_name": "blacklist" }, @@ -4124,7 +4311,7 @@ "line_range": [ 300 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b313-b320-xml-bad-minidom", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b313-b320-xml-bad-minidom", "test_id": "B318", "test_name": "blacklist" }, @@ -4144,12 +4331,12 @@ "line_range": [ 58 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b404-import-subprocess", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", "test_id": "B404", "test_name": "blacklist" }, { - "code": "1799 p = subprocess.Popen(\n1800 cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE\n1801 )\n1802 out, err = p.communicate()\n1803 status, result = p.returncode, misc.force_str(out)\n", + "code": "1797 p = subprocess.Popen(\n1798 cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE\n1799 )\n1800 out, err = p.communicate()\n1801 status, result = p.returncode, misc.force_str(out)\n", "col_offset": 12, "end_col_offset": 9, "filename": "./modules/config.py", @@ -4160,16 +4347,81 @@ }, "issue_severity": "HIGH", "issue_text": "subprocess call with shell=True identified, security issue.", - "line_number": 1800, + "line_number": 1798, "line_range": [ - 1799, - 1800, - 1801 + 1797, + 1798, + 1799 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b602_subprocess_popen_with_shell_equals_true.html", "test_id": "B602", "test_name": "subprocess_popen_with_shell_equals_true" }, + { + "code": "45 import struct\n46 import subprocess\n47 \n", + "col_offset": 0, + "end_col_offset": 17, + "filename": "./modules/cpiofile.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "Consider possible security implications associated with the subprocess module.", + "line_number": 46, + "line_range": [ + 46 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", + "test_id": "B404", + "test_name": "blacklist" + }, + { + "code": "801 )\n802 p = subprocess.Popen(\n803 cmd.split(),\n804 stdin=subprocess.PIPE,\n805 stdout=subprocess.PIPE,\n806 stderr=subprocess.PIPE,\n807 )\n808 pobj = p.stdout\n", + "col_offset": 16, + "end_col_offset": 13, + "filename": "./modules/cpiofile.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "subprocess call - check for execution of untrusted input.", + "line_number": 802, + "line_range": [ + 802, + 803, + 804, + 805, + 806, + 807 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", + "test_id": "B603", + "test_name": "subprocess_without_shell_equals_true" + }, + { + "code": "30 import ssl\n31 import subprocess\n32 import sys\n", + "col_offset": 0, + "end_col_offset": 17, + "filename": "./modules/depotcontroller.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "Consider possible security implications associated with the subprocess module.", + "line_number": 31, + "line_range": [ + 31 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", + "test_id": "B404", + "test_name": "blacklist" + }, { "code": "63 self.__file_root = None\n64 self.__logpath = \"/tmp/depot.log\"\n65 self.__mirror = False\n", "col_offset": 25, @@ -4186,7 +4438,7 @@ "line_range": [ 64 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b108_hardcoded_tmp_directory.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b108_hardcoded_tmp_directory.html", "test_id": "B108", "test_name": "hardcoded_tmp_directory" }, @@ -4206,7 +4458,7 @@ "line_range": [ 264 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b310-urllib-urlopen", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b310-urllib-urlopen", "test_id": "B310", "test_name": "blacklist" }, @@ -4226,7 +4478,7 @@ "line_range": [ 291 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b310-urllib-urlopen", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b310-urllib-urlopen", "test_id": "B310", "test_name": "blacklist" }, @@ -4246,10 +4498,37 @@ "line_range": [ 291 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b323-unverified-context", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b323-unverified-context", "test_id": "B323", "test_name": "blacklist" }, + { + "code": "426 newenv.update(self.__env)\n427 self.__depot_handle = subprocess.Popen(\n428 pargs,\n429 env=newenv,\n430 stdin=subprocess.PIPE,\n431 stdout=self.__output,\n432 stderr=self.__output,\n433 close_fds=True,\n434 )\n435 if self.__depot_handle is None:\n", + "col_offset": 30, + "end_col_offset": 9, + "filename": "./modules/depotcontroller.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "subprocess call - check for execution of untrusted input.", + "line_number": 427, + "line_range": [ + 427, + 428, + 429, + 430, + 431, + 432, + 433, + 434 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", + "test_id": "B603", + "test_name": "subprocess_without_shell_equals_true" + }, { "code": "604 print()\n605 f = open(\"/tmp/depot.log\", \"r\")\n606 print(f.read())\n", "col_offset": 21, @@ -4266,7 +4545,7 @@ "line_range": [ 605 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b108_hardcoded_tmp_directory.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b108_hardcoded_tmp_directory.html", "test_id": "B108", "test_name": "hardcoded_tmp_directory" }, @@ -4286,7 +4565,7 @@ "line_range": [ 615 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b108_hardcoded_tmp_directory.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b108_hardcoded_tmp_directory.html", "test_id": "B108", "test_name": "hardcoded_tmp_directory" }, @@ -4306,7 +4585,7 @@ "line_range": [ 620 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b605_start_process_with_a_shell.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html", "test_id": "B605", "test_name": "start_process_with_a_shell" }, @@ -4326,7 +4605,7 @@ "line_range": [ 29 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b404-import-subprocess", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", "test_id": "B404", "test_name": "blacklist" }, @@ -4352,7 +4631,7 @@ 350, 351 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b603_subprocess_without_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", "test_id": "B603", "test_name": "subprocess_without_shell_equals_true" }, @@ -4372,7 +4651,7 @@ "line_range": [ 363 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b307-eval", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b307-eval", "test_id": "B307", "test_name": "blacklist" }, @@ -4392,7 +4671,7 @@ "line_range": [ 28 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b408-import-xml-minidom", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b408-import-xml-minidom", "test_id": "B408", "test_name": "blacklist" }, @@ -4412,7 +4691,7 @@ "line_range": [ 384 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b313-b320-xml-bad-minidom", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b313-b320-xml-bad-minidom", "test_id": "B318", "test_name": "blacklist" }, @@ -4432,7 +4711,7 @@ "line_range": [ 422 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b313-b320-xml-bad-minidom", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b313-b320-xml-bad-minidom", "test_id": "B318", "test_name": "blacklist" }, @@ -4452,7 +4731,7 @@ "line_range": [ 1042 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -4472,7 +4751,7 @@ "line_range": [ 1134 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -4492,7 +4771,7 @@ "line_range": [ 578 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b105_hardcoded_password_string.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b105_hardcoded_password_string.html", "test_id": "B105", "test_name": "hardcoded_password_string" }, @@ -4513,7 +4792,7 @@ 1009, 1010 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -4537,7 +4816,7 @@ 669, 670 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -4561,7 +4840,7 @@ 715, 716 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -4581,7 +4860,7 @@ "line_range": [ 1365 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -4602,7 +4881,7 @@ 1771, 1772 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -4625,7 +4904,7 @@ 1809, 1810 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -4645,7 +4924,7 @@ "line_range": [ 102 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b108_hardcoded_tmp_directory.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b108_hardcoded_tmp_directory.html", "test_id": "B108", "test_name": "hardcoded_tmp_directory" }, @@ -4665,7 +4944,7 @@ "line_range": [ 1398 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -4686,7 +4965,7 @@ 2834, 2835 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -4706,7 +4985,7 @@ "line_range": [ 76 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b310-urllib-urlopen", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b310-urllib-urlopen", "test_id": "B310", "test_name": "blacklist" }, @@ -4726,34 +5005,14 @@ "line_range": [ 101 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b411-import-xmlrpclib", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b411-import-xmlrpclib", "test_id": "B411", "test_name": "blacklist" }, { - "code": "30 import types\n31 import subprocess\n32 import pkg.portable\n", - "col_offset": 0, - "end_col_offset": 17, - "filename": "./modules/pkgsubprocess.py", - "issue_confidence": "HIGH", - "issue_cwe": { - "id": 78, - "link": "https://cwe.mitre.org/data/definitions/78.html" - }, - "issue_severity": "LOW", - "issue_text": "Consider possible security implications associated with the subprocess module.", - "line_number": 31, - "line_range": [ - 31 - ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b404-import-subprocess", - "test_id": "B404", - "test_name": "blacklist" - }, - { - "code": "304 try:\n305 exec(\"from .{0} import *\".format(modname))\n306 break\n", + "code": "304 try:\n305 exec(\"from pkg.portable.{0} import *\".format(modname))\n306 break\n", "col_offset": 8, - "end_col_offset": 50, + "end_col_offset": 62, "filename": "./modules/portable/__init__.py", "issue_confidence": "HIGH", "issue_cwe": { @@ -4766,7 +5025,7 @@ "line_range": [ 305 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b102_exec_used.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b102_exec_used.html", "test_id": "B102", "test_name": "exec_used" }, @@ -4786,33 +5045,10 @@ "line_range": [ 34 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b404-import-subprocess", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", "test_id": "B404", "test_name": "blacklist" }, - { - "code": "175 spawn_env.append(ffi.new(\"char []\", arg))\n176 except:\n177 # If an environment variable cannot be added for any reason,\n178 # just continue. (Most likely is UnicodeEncodeError)\n179 pass\n180 spawn_env.append(ffi.NULL)\n", - "col_offset": 12, - "end_col_offset": 20, - "filename": "./modules/pspawn.py", - "issue_confidence": "HIGH", - "issue_cwe": { - "id": 703, - "link": "https://cwe.mitre.org/data/definitions/703.html" - }, - "issue_severity": "LOW", - "issue_text": "Try, Except, Pass detected.", - "line_number": 176, - "line_range": [ - 176, - 177, - 178, - 179 - ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", - "test_id": "B110", - "test_name": "try_except_pass" - }, { "code": "284 # basetermlist.\n285 if token == \"\":\n286 p[0] = self.query_objs[\"FieldQuery\"](fields, p[2])\n", "col_offset": 24, @@ -4829,7 +5065,7 @@ "line_range": [ 285 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b105_hardcoded_password_string.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b105_hardcoded_password_string.html", "test_id": "B105", "test_name": "hardcoded_password_string" }, @@ -4849,7 +5085,7 @@ "line_range": [ 299 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b105_hardcoded_password_string.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b105_hardcoded_password_string.html", "test_id": "B105", "test_name": "hardcoded_password_string" }, @@ -4869,7 +5105,7 @@ "line_range": [ 300 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b105_hardcoded_password_string.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b105_hardcoded_password_string.html", "test_id": "B105", "test_name": "hardcoded_password_string" }, @@ -4889,7 +5125,7 @@ "line_range": [ 620 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -4909,7 +5145,7 @@ "line_range": [ 632 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b324_hashlib.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b324_hashlib.html", "test_id": "B324", "test_name": "hashlib" }, @@ -4931,7 +5167,7 @@ 351, 352 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -4951,7 +5187,7 @@ "line_range": [ 1686 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -4971,7 +5207,7 @@ "line_range": [ 1689 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -4998,7 +5234,7 @@ 1703, 1704 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -5018,7 +5254,7 @@ "line_range": [ 1819 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -5038,7 +5274,7 @@ "line_range": [ 1838 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -5060,7 +5296,7 @@ 1877, 1878 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -5080,7 +5316,7 @@ "line_range": [ 1901 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -5100,7 +5336,7 @@ "line_range": [ 2014 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -5120,7 +5356,7 @@ "line_range": [ 2068 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -5140,7 +5376,7 @@ "line_range": [ 2114 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -5160,7 +5396,7 @@ "line_range": [ 2133 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -5180,7 +5416,7 @@ "line_range": [ 2158 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -5200,7 +5436,7 @@ "line_range": [ 2170 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -5220,7 +5456,7 @@ "line_range": [ 2194 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -5240,7 +5476,7 @@ "line_range": [ 40 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b408-import-xml-minidom", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b408-import-xml-minidom", "test_id": "B408", "test_name": "blacklist" }, @@ -5260,10 +5496,30 @@ "line_range": [ 349 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b313-b320-xml-bad-minidom", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b313-b320-xml-bad-minidom", "test_id": "B318", "test_name": "blacklist" }, + { + "code": "33 import stat\n34 import subprocess\n35 import sys\n", + "col_offset": 0, + "end_col_offset": 17, + "filename": "./modules/server/repository.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "Consider possible security implications associated with the subprocess module.", + "line_number": 34, + "line_range": [ + 34 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", + "test_id": "B404", + "test_name": "blacklist" + }, { "code": "638 storage_locked = True\n639 except:\n640 pass\n641 else:\n", "col_offset": 8, @@ -5281,7 +5537,7 @@ 639, 640 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -5302,7 +5558,7 @@ 661, 662 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -5326,10 +5582,112 @@ 1789, 1790 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b112_try_except_continue.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b112_try_except_continue.html", "test_id": "B112", "test_name": "try_except_continue" }, + { + "code": "3262 args = [\"/usr/bin/nohup\"] + args\n3263 subp = subprocess.Popen(args, stdout=nullf, stderr=nullf)\n3264 \n", + "col_offset": 15, + "end_col_offset": 65, + "filename": "./modules/server/repository.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "subprocess call - check for execution of untrusted input.", + "line_number": 3263, + "line_range": [ + 3263 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", + "test_id": "B603", + "test_name": "subprocess_without_shell_equals_true" + }, + { + "code": "31 import shlex\n32 import subprocess\n33 \n", + "col_offset": 0, + "end_col_offset": 17, + "filename": "./modules/smf.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "Consider possible security implications associated with the subprocess module.", + "line_number": 32, + "line_range": [ + 32 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", + "test_id": "B404", + "test_name": "blacklist" + }, + { + "code": "91 try:\n92 proc = subprocess.Popen(\n93 args, stdout=subprocess.PIPE, stderr=subprocess.STDOUT\n94 )\n95 buf = [\n", + "col_offset": 15, + "end_col_offset": 9, + "filename": "./modules/smf.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "subprocess call - check for execution of untrusted input.", + "line_number": 92, + "line_range": [ + 92, + 93, + 94 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", + "test_id": "B603", + "test_name": "subprocess_without_shell_equals_true" + }, + { + "code": "37 import shutil\n38 import subprocess\n39 import sys\n", + "col_offset": 4, + "end_col_offset": 21, + "filename": "./pull.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "Consider possible security implications associated with the subprocess module.", + "line_number": 38, + "line_range": [ + 38 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", + "test_id": "B404", + "test_name": "blacklist" + }, + { + "code": "1446 try:\n1447 ret = subprocess.call(args)\n1448 except OSError as e:\n", + "col_offset": 18, + "end_col_offset": 39, + "filename": "./pull.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "LOW", + "issue_text": "subprocess call - check for execution of untrusted input.", + "line_number": 1447, + "line_range": [ + 1447 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", + "test_id": "B603", + "test_name": "subprocess_without_shell_equals_true" + }, { "code": "1855 t.close(abandon=True)\n1856 except:\n1857 # It might not exist already.\n1858 pass\n1859 \n", "col_offset": 16, @@ -5348,7 +5706,7 @@ 1857, 1858 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -5369,7 +5727,7 @@ 2052, 2053 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -5389,12 +5747,12 @@ "line_range": [ 35 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b404-import-subprocess", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b404-import-subprocess", "test_id": "B404", "test_name": "blacklist" }, { - "code": "598 print(\" \".join(archcmd))\n599 os.system(\" \".join(archcmd))\n600 print(\" \".join(elfcmd))\n", + "code": "517 print(\" \".join(archcmd))\n518 os.system(\" \".join(archcmd))\n519 print(\" \".join(elfcmd))\n", "col_offset": 12, "end_col_offset": 40, "filename": "./setup.py", @@ -5405,16 +5763,16 @@ }, "issue_severity": "HIGH", "issue_text": "Starting a process with a shell, possible injection detected, security issue.", - "line_number": 599, + "line_number": 518, "line_range": [ - 599 + 518 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b605_start_process_with_a_shell.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html", "test_id": "B605", "test_name": "start_process_with_a_shell" }, { - "code": "600 print(\" \".join(elfcmd))\n601 os.system(\" \".join(elfcmd))\n602 print(\" \".join(_actionscmd))\n", + "code": "519 print(\" \".join(elfcmd))\n520 os.system(\" \".join(elfcmd))\n521 print(\" \".join(_actionscmd))\n", "col_offset": 12, "end_col_offset": 39, "filename": "./setup.py", @@ -5425,16 +5783,16 @@ }, "issue_severity": "HIGH", "issue_text": "Starting a process with a shell, possible injection detected, security issue.", - "line_number": 601, + "line_number": 520, "line_range": [ - 601 + 520 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b605_start_process_with_a_shell.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html", "test_id": "B605", "test_name": "start_process_with_a_shell" }, { - "code": "602 print(\" \".join(_actionscmd))\n603 os.system(\" \".join(_actionscmd))\n604 print(\" \".join(_actcommcmd))\n", + "code": "521 print(\" \".join(_actionscmd))\n522 os.system(\" \".join(_actionscmd))\n523 print(\" \".join(_actcommcmd))\n", "col_offset": 12, "end_col_offset": 44, "filename": "./setup.py", @@ -5445,16 +5803,16 @@ }, "issue_severity": "HIGH", "issue_text": "Starting a process with a shell, possible injection detected, security issue.", - "line_number": 603, + "line_number": 522, "line_range": [ - 603 + 522 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b605_start_process_with_a_shell.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html", "test_id": "B605", "test_name": "start_process_with_a_shell" }, { - "code": "604 print(\" \".join(_actcommcmd))\n605 os.system(\" \".join(_actcommcmd))\n606 print(\" \".join(_varcetcmd))\n", + "code": "523 print(\" \".join(_actcommcmd))\n524 os.system(\" \".join(_actcommcmd))\n525 print(\" \".join(_varcetcmd))\n", "col_offset": 12, "end_col_offset": 44, "filename": "./setup.py", @@ -5465,16 +5823,16 @@ }, "issue_severity": "HIGH", "issue_text": "Starting a process with a shell, possible injection detected, security issue.", - "line_number": 605, + "line_number": 524, "line_range": [ - 605 + 524 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b605_start_process_with_a_shell.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html", "test_id": "B605", "test_name": "start_process_with_a_shell" }, { - "code": "606 print(\" \".join(_varcetcmd))\n607 os.system(\" \".join(_varcetcmd))\n608 print(\" \".join(_misccmd))\n", + "code": "525 print(\" \".join(_varcetcmd))\n526 os.system(\" \".join(_varcetcmd))\n527 print(\" \".join(_misccmd))\n", "col_offset": 12, "end_col_offset": 43, "filename": "./setup.py", @@ -5485,16 +5843,16 @@ }, "issue_severity": "HIGH", "issue_text": "Starting a process with a shell, possible injection detected, security issue.", - "line_number": 607, + "line_number": 526, "line_range": [ - 607 + 526 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b605_start_process_with_a_shell.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html", "test_id": "B605", "test_name": "start_process_with_a_shell" }, { - "code": "608 print(\" \".join(_misccmd))\n609 os.system(\" \".join(_misccmd))\n610 print(\" \".join(pspawncmd))\n", + "code": "527 print(\" \".join(_misccmd))\n528 os.system(\" \".join(_misccmd))\n529 print(\" \".join(syscallatcmd))\n", "col_offset": 12, "end_col_offset": 41, "filename": "./setup.py", @@ -5505,36 +5863,16 @@ }, "issue_severity": "HIGH", "issue_text": "Starting a process with a shell, possible injection detected, security issue.", - "line_number": 609, + "line_number": 528, "line_range": [ - 609 + 528 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b605_start_process_with_a_shell.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html", "test_id": "B605", "test_name": "start_process_with_a_shell" }, { - "code": "610 print(\" \".join(pspawncmd))\n611 os.system(\" \".join(pspawncmd))\n612 print(\" \".join(syscallatcmd))\n", - "col_offset": 12, - "end_col_offset": 42, - "filename": "./setup.py", - "issue_confidence": "HIGH", - "issue_cwe": { - "id": 78, - "link": "https://cwe.mitre.org/data/definitions/78.html" - }, - "issue_severity": "HIGH", - "issue_text": "Starting a process with a shell, possible injection detected, security issue.", - "line_number": 611, - "line_range": [ - 611 - ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b605_start_process_with_a_shell.html", - "test_id": "B605", - "test_name": "start_process_with_a_shell" - }, - { - "code": "612 print(\" \".join(syscallatcmd))\n613 os.system(\" \".join(syscallatcmd))\n614 print(\" \".join(sysattrcmd))\n", + "code": "529 print(\" \".join(syscallatcmd))\n530 os.system(\" \".join(syscallatcmd))\n531 print(\" \".join(sysattrcmd))\n", "col_offset": 12, "end_col_offset": 45, "filename": "./setup.py", @@ -5545,16 +5883,16 @@ }, "issue_severity": "HIGH", "issue_text": "Starting a process with a shell, possible injection detected, security issue.", - "line_number": 613, + "line_number": 530, "line_range": [ - 613 + 530 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b605_start_process_with_a_shell.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html", "test_id": "B605", "test_name": "start_process_with_a_shell" }, { - "code": "614 print(\" \".join(sysattrcmd))\n615 os.system(\" \".join(sysattrcmd))\n616 print(\" \".join(sha512_tcmd))\n", + "code": "531 print(\" \".join(sysattrcmd))\n532 os.system(\" \".join(sysattrcmd))\n533 print(\" \".join(sha512_tcmd))\n", "col_offset": 12, "end_col_offset": 43, "filename": "./setup.py", @@ -5565,16 +5903,16 @@ }, "issue_severity": "HIGH", "issue_text": "Starting a process with a shell, possible injection detected, security issue.", - "line_number": 615, + "line_number": 532, "line_range": [ - 615 + 532 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b605_start_process_with_a_shell.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html", "test_id": "B605", "test_name": "start_process_with_a_shell" }, { - "code": "616 print(\" \".join(sha512_tcmd))\n617 os.system(\" \".join(sha512_tcmd))\n618 \n", + "code": "533 print(\" \".join(sha512_tcmd))\n534 os.system(\" \".join(sha512_tcmd))\n535 \n", "col_offset": 12, "end_col_offset": 44, "filename": "./setup.py", @@ -5585,16 +5923,16 @@ }, "issue_severity": "HIGH", "issue_text": "Starting a process with a shell, possible injection detected, security issue.", - "line_number": 617, + "line_number": 534, "line_range": [ - 617 + 534 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b605_start_process_with_a_shell.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html", "test_id": "B605", "test_name": "start_process_with_a_shell" }, { - "code": "790 stderr = None\n791 ret = subprocess.Popen(args, cwd=swdir, env=env, stderr=stderr).wait()\n792 if ret != 0:\n", + "code": "689 stderr = None\n690 ret = subprocess.Popen(args, cwd=swdir, env=env, stderr=stderr).wait()\n691 if ret != 0:\n", "col_offset": 10, "end_col_offset": 67, "filename": "./setup.py", @@ -5605,16 +5943,16 @@ }, "issue_severity": "LOW", "issue_text": "subprocess call - check for execution of untrusted input.", - "line_number": 791, + "line_number": 690, "line_range": [ - 791 + 690 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b603_subprocess_without_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", "test_id": "B603", "test_name": "subprocess_without_shell_equals_true" }, { - "code": "884 try:\n885 p = subprocess.Popen(\n886 [\"git\", \"show\", \"--format=%h\", \"--no-patch\"], stdout=subprocess.PIPE\n887 )\n888 return p.communicate()[0].strip().decode(\"utf-8\", \"strict\")\n", + "code": "783 try:\n784 p = subprocess.Popen(\n785 [\"git\", \"show\", \"--format=%h\", \"--no-patch\"], stdout=subprocess.PIPE\n786 )\n787 return p.communicate()[0].strip().decode(\"utf-8\", \"strict\")\n", "col_offset": 12, "end_col_offset": 9, "filename": "./setup.py", @@ -5625,18 +5963,18 @@ }, "issue_severity": "LOW", "issue_text": "Starting a process with a partial executable path", - "line_number": 885, + "line_number": 784, "line_range": [ - 885, - 886, - 887 + 784, + 785, + 786 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b607_start_process_with_partial_path.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b607_start_process_with_partial_path.html", "test_id": "B607", "test_name": "start_process_with_partial_path" }, { - "code": "884 try:\n885 p = subprocess.Popen(\n886 [\"git\", \"show\", \"--format=%h\", \"--no-patch\"], stdout=subprocess.PIPE\n887 )\n888 return p.communicate()[0].strip().decode(\"utf-8\", \"strict\")\n", + "code": "783 try:\n784 p = subprocess.Popen(\n785 [\"git\", \"show\", \"--format=%h\", \"--no-patch\"], stdout=subprocess.PIPE\n786 )\n787 return p.communicate()[0].strip().decode(\"utf-8\", \"strict\")\n", "col_offset": 12, "end_col_offset": 9, "filename": "./setup.py", @@ -5647,18 +5985,18 @@ }, "issue_severity": "LOW", "issue_text": "subprocess call - check for execution of untrusted input.", - "line_number": 885, + "line_number": 784, "line_range": [ - 885, - 886, - 887 + 784, + 785, + 786 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b603_subprocess_without_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", "test_id": "B603", "test_name": "subprocess_without_shell_equals_true" }, { - "code": "1037 \n1038 p = subprocess.Popen(os.path.join(pwd, pydates), stdout=subprocess.PIPE)\n1039 \n", + "code": "936 \n937 p = subprocess.Popen(os.path.join(pwd, pydates), stdout=subprocess.PIPE)\n938 \n", "col_offset": 12, "end_col_offset": 80, "filename": "./setup.py", @@ -5669,16 +6007,16 @@ }, "issue_severity": "LOW", "issue_text": "subprocess call - check for execution of untrusted input.", - "line_number": 1038, + "line_number": 937, "line_range": [ - 1038 + 937 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b603_subprocess_without_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", "test_id": "B603", "test_name": "subprocess_without_shell_equals_true" }, { - "code": "1065 # run the scripts\n1066 p = subprocess.Popen([sys.executable, path])\n1067 \n", + "code": "964 # run the scripts\n965 p = subprocess.Popen([sys.executable, path])\n966 \n", "col_offset": 16, "end_col_offset": 56, "filename": "./setup.py", @@ -5689,16 +6027,16 @@ }, "issue_severity": "LOW", "issue_text": "subprocess call - check for execution of untrusted input.", - "line_number": 1066, + "line_number": 965, "line_range": [ - 1066 + 965 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b603_subprocess_without_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", "test_id": "B603", "test_name": "subprocess_without_shell_equals_true" }, { - "code": "1297 cmd.extend(args)\n1298 subprocess.call(cmd)\n1299 \n", + "code": "1196 cmd.extend(args)\n1197 subprocess.call(cmd)\n1198 \n", "col_offset": 8, "end_col_offset": 28, "filename": "./setup.py", @@ -5709,11 +6047,11 @@ }, "issue_severity": "LOW", "issue_text": "subprocess call - check for execution of untrusted input.", - "line_number": 1298, + "line_number": 1197, "line_range": [ - 1298 + 1197 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b603_subprocess_without_shell_equals_true.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b603_subprocess_without_shell_equals_true.html", "test_id": "B603", "test_name": "subprocess_without_shell_equals_true" }, @@ -5733,7 +6071,7 @@ "line_range": [ 733 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b702_use_of_mako_templates.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b702_use_of_mako_templates.html", "test_id": "B702", "test_name": "use_of_mako_templates" }, @@ -5753,7 +6091,7 @@ "line_range": [ 824 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b702_use_of_mako_templates.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b702_use_of_mako_templates.html", "test_id": "B702", "test_name": "use_of_mako_templates" }, @@ -5774,7 +6112,7 @@ 691, 692 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -5794,7 +6132,7 @@ "line_range": [ 27 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b403-import-pickle", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b403-import-pickle", "test_id": "B403", "test_name": "blacklist" }, @@ -5814,7 +6152,7 @@ "line_range": [ 105 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b301-pickle", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b301-pickle", "test_id": "B301", "test_name": "blacklist" }, @@ -5834,7 +6172,7 @@ "line_range": [ 27 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b403-import-pickle", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b403-import-pickle", "test_id": "B403", "test_name": "blacklist" }, @@ -5854,7 +6192,7 @@ "line_range": [ 27 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_imports.html#b403-import-pickle", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_imports.html#b403-import-pickle", "test_id": "B403", "test_name": "blacklist" }, @@ -5875,7 +6213,7 @@ 97, 98 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -5897,7 +6235,7 @@ 595, 596 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/plugins/b110_try_except_pass.html", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/plugins/b110_try_except_pass.html", "test_id": "B110", "test_name": "try_except_pass" }, @@ -5917,7 +6255,7 @@ "line_range": [ 179 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -5937,7 +6275,7 @@ "line_range": [ 193 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -5957,7 +6295,7 @@ "line_range": [ 199 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" }, @@ -5977,7 +6315,7 @@ "line_range": [ 205 ], - "more_info": "https://bandit.readthedocs.io/en/1.7.8/blacklists/blacklist_calls.html#b311-random", + "more_info": "https://bandit.readthedocs.io/en/1.7.9/blacklists/blacklist_calls.html#b311-random", "test_id": "B311", "test_name": "blacklist" } From 49b25e2b17d89d31f5530d48de47aebb4d0efd2a Mon Sep 17 00:00:00 2001 From: Jakub Kulik Date: Tue, 13 Aug 2024 05:40:50 -0700 Subject: [PATCH 09/10] 25870529 unused license file should be removed 36945413 YUI based css file needs its license file and baid --- exception_lists/copyright | 1 + src/pkg/license_files/lic_BSD | 27 -------------------------- src/pkg/license_files/lic_yui | 32 +++++++++++++++++++++++++++++++ src/pkg/manifests/package:pkg.p5m | 3 +++ 4 files changed, 36 insertions(+), 27 deletions(-) delete mode 100644 src/pkg/license_files/lic_BSD create mode 100644 src/pkg/license_files/lic_yui diff --git a/exception_lists/copyright b/exception_lists/copyright index bc99ae21f..e2e88eb7b 100644 --- a/exception_lists/copyright +++ b/exception_lists/copyright @@ -33,3 +33,4 @@ doc/* src/tests/*.txt src/po/LINGUAS src/po/POTFILES.* +src/pkg/license_files/lic_* diff --git a/src/pkg/license_files/lic_BSD b/src/pkg/license_files/lic_BSD deleted file mode 100644 index ae2596354..000000000 --- a/src/pkg/license_files/lic_BSD +++ /dev/null @@ -1,27 +0,0 @@ -Copyright 2001 Gareth Rees. All rights reserved. -Copyright 2004-2009 Ned Batchelder. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the - distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -HOLDERS AND CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS -OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR -TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE -USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH -DAMAGE. diff --git a/src/pkg/license_files/lic_yui b/src/pkg/license_files/lic_yui new file mode 100644 index 000000000..2f35deddd --- /dev/null +++ b/src/pkg/license_files/lic_yui @@ -0,0 +1,32 @@ +Software License Agreement (BSD License) + +Copyright (c) 2011, Yahoo! Inc. All rights reserved. + +Redistribution and use of this software in source and binary forms, with or +without modification, are permitted provided that the following conditions are +met: + +* Redistributions of source code must retain the above + copyright notice, this list of conditions and the + following disclaimer. + +* Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the + following disclaimer in the documentation and/or other + materials provided with the distribution. + +* Neither the name of Yahoo! Inc. nor the names of its + contributors may be used to endorse or promote products + derived from this software without specific prior + written permission of Yahoo! Inc. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/src/pkg/manifests/package:pkg.p5m b/src/pkg/manifests/package:pkg.p5m index a05767771..fcd0e5aa1 100644 --- a/src/pkg/manifests/package:pkg.p5m +++ b/src/pkg/manifests/package:pkg.p5m @@ -393,6 +393,9 @@ dir path=var/log/pkg/mirror group groupname=pkg5srv gid=97 user username=pkg5srv gcos-field="pkg(7) server UID" group=pkg5srv password=NP \ uid=97 +license lic_yui license="BSD (YUI)" com.oracle.info.baid=174547 \ + com.oracle.info.description="two css files from YUI 2.7.0" \ + com.oracle.info.name=YUI com.oracle.info.version=2.7.0 license lic_CDDL license=CDDL license lic_gustaebel license="MIT (Lars Gustaebel)" \ com.oracle.info.description="portions of the tarfile module from Python 2.4" \ From abd40763b639659354fa8a29719384abcaae45de Mon Sep 17 00:00:00 2001 From: Andy Fiddaman Date: Thu, 22 Aug 2024 18:20:59 +0000 Subject: [PATCH 10/10] Update README.sync --- README.sync | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.sync b/README.sync index 0fdce06c7..3246fe6ac 100644 --- a/README.sync +++ b/README.sync @@ -4,11 +4,11 @@ The pkg5 components have been updated to the latest upstream solaris-ips as of: -commit 2cb20af7cc68247c0a809de5378915a99d2bc17b +commit 7caddba490ac61d0ae1ad9daead93e1fc7265c9c Author: Jakub Kulik -Date: Thu Jun 20 04:41:22 2024 -0700 +Date: Wed Aug 14 06:40:52 2024 -0700 - 36752252 fix several real errors reported by pylint + 29414815 -D firmware-dependency-bypass=1 option throws stacktrace -----------------------------------------------------------------------------