diff --git a/docs/source/tests/password_config_option_not_marked_secret.rst b/docs/source/tests/password_config_option_not_marked_secret.rst index bb1cf9ad..9148bc90 100644 --- a/docs/source/tests/password_config_option_not_marked_secret.rst +++ b/docs/source/tests/password_config_option_not_marked_secret.rst @@ -1,27 +1,57 @@ password_config_option_not_marked_secret -============================================== +======================================== Description ----------- +Passwords are sensitive and must be protected appropriately. In OpenStack +Oslo there is an option to mark options "secret" which will ensure that they +are not logged. This plugin detects usages of oslo configuration functions +that appear to deal with strings ending in 'password' and flag usages where +they have not been marked secret. + +If such a value is found a MEDIUM severity error is generated. If 'False' or +'None' are explicitly set, Bandit will return a MEDIUM confidence issue. If +Bandit can't determine the value of secret it will return a LOW confidence +issue. Available Since --------------- - - Bandit v?.?.? + - Bandit v0.10.0 Config Options -------------- .. code-block:: yaml password_config_option_not_marked_secret: - - ???????? - + function_names: + - oslo.config.cfg.StrOpt + - oslo_config.cfg.StrOpt Sample Output ------------- -?? +.. code-block:: none + + >> Issue: [password_config_option_not_marked_secret] oslo config option + possibly not marked secret=True identified. + Severity: Medium Confidence: Low + Location: examples/secret-config-option.py:12 + 11 help="User's password"), + 12 cfg.StrOpt('nova_password', + 13 secret=secret, + 14 help="Nova user password"), + 15 ] + + >> Issue: [password_config_option_not_marked_secret] oslo config option not + marked secret=True identifed, security issue. + Severity: Medium Confidence: Medium + Location: examples/secret-config-option.py:21 + 20 help="LDAP ubind ser name"), + 21 cfg.StrOpt('ldap_password', + 22 help="LDAP bind user password"), + 23 cfg.StrOpt('ldap_password_attribute', References ---------- - https://security.openstack.org/guidelines/dg_protect-sensitive-data-in-files.html - +- http://docs.openstack.org/developer/oslo.config/cfg.html#special-handling-instructions diff --git a/docs/source/tests/request_with_no_cert_validation.rst b/docs/source/tests/request_with_no_cert_validation.rst index 5385d231..3736c7b5 100644 --- a/docs/source/tests/request_with_no_cert_validation.rst +++ b/docs/source/tests/request_with_no_cert_validation.rst @@ -1,25 +1,38 @@ request_with_no_cert_validation -============================================== +=============================== Description ----------- +Encryption in general is typically critical to the security of many +applications. Using TLS can greatly increase security by guaranteeing the +identity of the party you are communicating with. This is accomplished by one +or both parties presenting trusted certificates during the connection +initialization phase of TLS. + +When request methods are used certificates are validated automatically which is +the desired behavior. If certificate validation is explicitly turned off +Bandit will return a HIGH severity error. Available Since --------------- - - Bandit v?.?.? + - Bandit v0.9.0 Config Options -------------- -.. code-block:: yaml - - request_with_no_cert_validation: - - ???????? - +None Sample Output ------------- -?? +.. code-block:: none + + >> Issue: [request_with_no_cert_validation] Requests call with verify=False + disabling SSL certificate checks, security issue. + Severity: High Confidence: High + Location: examples/requests-ssl-verify-disabled.py:4 + 3 requests.get('https://gmail.com', verify=True) + 4 requests.get('https://gmail.com', verify=False) + 5 requests.post('https://gmail.com', verify=True) References ---------- diff --git a/docs/source/tests/start_process_with_no_shell.rst b/docs/source/tests/start_process_with_no_shell.rst index dc9d6e12..f4a7d803 100644 --- a/docs/source/tests/start_process_with_no_shell.rst +++ b/docs/source/tests/start_process_with_no_shell.rst @@ -4,24 +4,73 @@ start_process_with_no_shell Description ----------- +Python possesses many mechanisms to invoke an external executable. However, +doing so may present a security issue if appropriate care is not taken to +sanitize any user provided or variable input. + +This plugin test is part of a family of tests built to check for process +spawning and warn appropriately. Specifically, this test looks for the spawning +of a subprocess in a way that doesn't use a shell. Although this is generally +safe, it maybe useful for penetration testing workflows to track where external +system calls are used. As such a LOW severity message is generated. + +See also: + +- :doc:`linux_commands_wildcard_injection`. +- :doc:`subprocess_without_shell_equals_true`. +- :doc:`start_process_with_a_shell`. +- :doc:`start_process_with_partial_path`. +- :doc:`subprocess_popen_with_shell_equals_true`. Available Since --------------- - - Bandit v?.?.? + - Bandit v0.10.0 Config Options -------------- +This plugin test shares a configuration with others in the same family, namely +`shell_injection`. This configuration is divided up into three sections, +`subprocess`, `shell` and `no_shell`. They each list Python calls that spawn +subprocesses, invoke commands within a shell, or invoke commands without a +shell (by replacing the calling process) respectively. + +This plugin specifically scans for methods listed in `no_shell` section. + .. code-block:: yaml - start_process_with_no_shell: - - ???????? - - + shell_injection: + no_shell: + - os.execl + - os.execle + - os.execlp + - os.execlpe + - os.execv + - os.execve + - os.execvp + - os.execvpe + - os.spawnl + - os.spawnle + - os.spawnlp + - os.spawnlpe + - os.spawnv + - os.spawnve + - os.spawnvp + - os.spawnvpe + - os.startfile Sample Output ------------- -?? +.. code-block:: none + + >> Issue: [start_process_with_no_shell] Starting a process without a shell. + Severity: Low Confidence: Medium + Location: examples/os-spawn.py:8 + 7 os.spawnv(mode, path, args) + 8 os.spawnve(mode, path, args, env) + 9 os.spawnvp(mode, file, args) References ---------- - - https://security.openstack.org/guidelines/dg_use-subprocess-securely.html - +- https://security.openstack.org +- https://docs.python.org/2/library/os.html#os.system +- https://docs.python.org/2/library/subprocess.html#frequently-used-arguments +- https://security.openstack.org/guidelines/dg_use-subprocess-securely.html