openstack
/
bandit
Code Issues Proposed changes

Merge "Adding missing docs"

This commit is contained in:
Jenkins 2015-10-23 15:49:19 +00:00 committed by Gerrit Code Review
parent 9e4cc0798e c1518ebe20
commit 535fdf618c
3 changed files with 114 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
docs/source/tests/password_config_option_not_marked_secret.rst
View File

@ -1,27 +1,57 @@
password_config_option_not_marked_secret
==============================================
========================================
Description
-----------
Passwords are sensitive and must be protected appropriately. In OpenStack
Oslo there is an option to mark options "secret" which will ensure that they
are not logged. This plugin detects usages of oslo configuration functions
that appear to deal with strings ending in 'password' and flag usages where
they have not been marked secret.
If such a value is found a MEDIUM severity error is generated. If 'False' or
'None' are explicitly set, Bandit will return a MEDIUM confidence issue. If
Bandit can't determine the value of secret it will return a LOW confidence
issue.
Available Since
---------------
- Bandit v?.?.?
- Bandit v0.10.0
Config Options
--------------
.. code-block:: yaml
password_config_option_not_marked_secret:
- ????????
function_names:
- oslo.config.cfg.StrOpt
- oslo_config.cfg.StrOpt
Sample Output
-------------
??
.. code-block:: none
>> Issue: [password_config_option_not_marked_secret] oslo config option
possibly not marked secret=True identified.
Severity: Medium Confidence: Low
Location: examples/secret-config-option.py:12
11 help="User's password"),
12 cfg.StrOpt('nova_password',
13 secret=secret,
14 help="Nova user password"),
15 ]
>> Issue: [password_config_option_not_marked_secret] oslo config option not
marked secret=True identifed, security issue.
Severity: Medium Confidence: Medium
Location: examples/secret-config-option.py:21
20 help="LDAP ubind ser name"),
21 cfg.StrOpt('ldap_password',
22 help="LDAP bind user password"),
23 cfg.StrOpt('ldap_password_attribute',
References
----------
- https://security.openstack.org/guidelines/dg_protect-sensitive-data-in-files.html
- http://docs.openstack.org/developer/oslo.config/cfg.html#special-handling-instructions

29
docs/source/tests/request_with_no_cert_validation.rst
View File

@ -1,25 +1,38 @@
request_with_no_cert_validation
==============================================
===============================
Description
-----------
Encryption in general is typically critical to the security of many
applications. Using TLS can greatly increase security by guaranteeing the
identity of the party you are communicating with. This is accomplished by one
or both parties presenting trusted certificates during the connection
initialization phase of TLS.
When request methods are used certificates are validated automatically which is
the desired behavior. If certificate validation is explicitly turned off
Bandit will return a HIGH severity error.
Available Since
---------------
- Bandit v?.?.?
- Bandit v0.9.0
Config Options
--------------
.. code-block:: yaml
request_with_no_cert_validation:
- ????????
None
Sample Output
-------------
??
.. code-block:: none
>> Issue: [request_with_no_cert_validation] Requests call with verify=False
disabling SSL certificate checks, security issue.
Severity: High Confidence: High
Location: examples/requests-ssl-verify-disabled.py:4
3 requests.get('https://gmail.com', verify=True)
4 requests.get('https://gmail.com', verify=False)
5 requests.post('https://gmail.com', verify=True)
References
----------

65
docs/source/tests/start_process_with_no_shell.rst
View File

@ -4,24 +4,73 @@ start_process_with_no_shell
Description
-----------
Python possesses many mechanisms to invoke an external executable. However,
doing so may present a security issue if appropriate care is not taken to
sanitize any user provided or variable input.
This plugin test is part of a family of tests built to check for process
spawning and warn appropriately. Specifically, this test looks for the spawning
of a subprocess in a way that doesn't use a shell. Although this is generally
safe, it maybe useful for penetration testing workflows to track where external
system calls are used. As such a LOW severity message is generated.
See also:
- :doc:`linux_commands_wildcard_injection`.
- :doc:`subprocess_without_shell_equals_true`.
- :doc:`start_process_with_a_shell`.
- :doc:`start_process_with_partial_path`.
- :doc:`subprocess_popen_with_shell_equals_true`.
Available Since
---------------
- Bandit v?.?.?
- Bandit v0.10.0
Config Options
--------------
This plugin test shares a configuration with others in the same family, namely
`shell_injection`. This configuration is divided up into three sections,
`subprocess`, `shell` and `no_shell`. They each list Python calls that spawn
subprocesses, invoke commands within a shell, or invoke commands without a
shell (by replacing the calling process) respectively.
This plugin specifically scans for methods listed in `no_shell` section.
.. code-block:: yaml
start_process_with_no_shell:
- ????????
shell_injection:
no_shell:
- os.execl
- os.execle
- os.execlp
- os.execlpe
- os.execv
- os.execve
- os.execvp
- os.execvpe
- os.spawnl
- os.spawnle
- os.spawnlp
- os.spawnlpe
- os.spawnv
- os.spawnve
- os.spawnvp
- os.spawnvpe
- os.startfile
Sample Output
-------------
??
.. code-block:: none
>> Issue: [start_process_with_no_shell] Starting a process without a shell.
Severity: Low Confidence: Medium
Location: examples/os-spawn.py:8
7 os.spawnv(mode, path, args)
8 os.spawnve(mode, path, args, env)
9 os.spawnvp(mode, file, args)
References
----------
- https://security.openstack.org/guidelines/dg_use-subprocess-securely.html
- https://security.openstack.org
- https://docs.python.org/2/library/os.html#os.system
- https://docs.python.org/2/library/subprocess.html#frequently-used-arguments
- https://security.openstack.org/guidelines/dg_use-subprocess-securely.html