5320ecbaf2
md5 is not an approved algorithm in FIPS mode, and trying to instantiate a hashlib.md5() will fail when the system is running in FIPS mode. md5 is allowed when in a non-security context. There is a plan to add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate whether or not the instance is being used in a security context. In the case where it is not, the instantiation of md5 will be allowed. See https://bugs.python.org/issue9216 for more details. Some downstream python versions already support this parameter. To support these versions, a new encapsulation of md5() is added to swift/common/utils.py. This encapsulation is identical to the one being added to oslo.utils, but is recreated here to avoid adding a dependency. This patch is to replace the instances of hashlib.md5() with this new encapsulation, adding an annotation indicating whether the usage is a security context or not. While this patch seems large, it is really just the same change over and again. Reviewers need to pay particular attention as to whether the keyword parameter (usedforsecurity) is set correctly. Right now, all of them appear to be not used in a security context. Now that all the instances have been converted, we can update the bandit run to look for these instances and ensure that new invocations do not creep in. With this latest patch, the functional and unit tests all pass on a FIPS enabled system. Co-Authored-By: Pete Zaitcev Change-Id: Ibb4917da4c083e1e094156d748708b87387f2d87
165 lines
7.8 KiB
YAML
165 lines
7.8 KiB
YAML
|
|
### This config may optionally select a subset of tests to run or skip by
|
|
### filling out the 'tests' and 'skips' lists given below. If no tests are
|
|
### specified for inclusion then it is assumed all tests are desired. The skips
|
|
### set will remove specific tests from the include set. This can be controlled
|
|
### using the -t/-s CLI options. Note that the same test ID should not appear
|
|
### in both 'tests' and 'skips', this would be nonsensical and is detected by
|
|
### Bandit at runtime.
|
|
|
|
# Available tests:
|
|
# B101 : assert_used
|
|
# B102 : exec_used
|
|
# B103 : set_bad_file_permissions
|
|
# B104 : hardcoded_bind_all_interfaces
|
|
# B105 : hardcoded_password_string
|
|
# B106 : hardcoded_password_funcarg
|
|
# B107 : hardcoded_password_default
|
|
# B108 : hardcoded_tmp_directory
|
|
# B110 : try_except_pass
|
|
# B112 : try_except_continue
|
|
# B201 : flask_debug_true
|
|
# B301 : pickle
|
|
# B302 : marshal
|
|
# B303 : md5
|
|
# B304 : ciphers
|
|
# B305 : cipher_modes
|
|
# B306 : mktemp_q
|
|
# B307 : eval
|
|
# B308 : mark_safe
|
|
# B309 : httpsconnection
|
|
# B310 : urllib_urlopen
|
|
# B311 : random
|
|
# B312 : telnetlib
|
|
# B313 : xml_bad_cElementTree
|
|
# B314 : xml_bad_ElementTree
|
|
# B315 : xml_bad_expatreader
|
|
# B316 : xml_bad_expatbuilder
|
|
# B317 : xml_bad_sax
|
|
# B318 : xml_bad_minidom
|
|
# B319 : xml_bad_pulldom
|
|
# B320 : xml_bad_etree
|
|
# B321 : ftplib
|
|
# B322 : input
|
|
# B323 : unverified_context
|
|
# B325 : tempnam
|
|
# B401 : import_telnetlib
|
|
# B402 : import_ftplib
|
|
# B403 : import_pickle
|
|
# B404 : import_subprocess
|
|
# B405 : import_xml_etree
|
|
# B406 : import_xml_sax
|
|
# B407 : import_xml_expat
|
|
# B408 : import_xml_minidom
|
|
# B409 : import_xml_pulldom
|
|
# B410 : import_lxml
|
|
# B411 : import_xmlrpclib
|
|
# B412 : import_httpoxy
|
|
# B413 : import_pycrypto
|
|
# B414 : import_pycryptodome
|
|
# B501 : request_with_no_cert_validation
|
|
# B502 : ssl_with_bad_version
|
|
# B503 : ssl_with_bad_defaults
|
|
# B504 : ssl_with_no_version
|
|
# B505 : weak_cryptographic_key
|
|
# B506 : yaml_load
|
|
# B507 : ssh_no_host_key_verification
|
|
# B601 : paramiko_calls
|
|
# B602 : subprocess_popen_with_shell_equals_true
|
|
# B603 : subprocess_without_shell_equals_true
|
|
# B604 : any_other_function_with_shell_equals_true
|
|
# B605 : start_process_with_a_shell
|
|
# B606 : start_process_with_no_shell
|
|
# B607 : start_process_with_partial_path
|
|
# B608 : hardcoded_sql_expressions
|
|
# B609 : linux_commands_wildcard_injection
|
|
# B610 : django_extra_used
|
|
# B611 : django_rawsql_used
|
|
# B701 : jinja2_autoescape_false
|
|
# B702 : use_of_mako_templates
|
|
# B703 : django_mark_safe
|
|
|
|
# (optional) list included test IDs here, eg '[B101, B406]':
|
|
tests: [B102, B103, B302, B303, B304, B305, B306, B308, B309, B310, B401, B501, B502, B506, B601, B602, B609]
|
|
|
|
# (optional) list skipped test IDs here, eg '[B101, B406]':
|
|
skips:
|
|
|
|
### (optional) plugin settings - some test plugins require configuration data
|
|
### that may be given here, per-plugin. All bandit test plugins have a built in
|
|
### set of sensible defaults and these will be used if no configuration is
|
|
### provided. It is not necessary to provide settings for every (or any) plugin
|
|
### if the defaults are acceptable.
|
|
|
|
#any_other_function_with_shell_equals_true:
|
|
# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
|
|
# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
|
|
# os.spawnvp, os.spawnvpe, os.startfile]
|
|
# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
|
|
# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
|
|
# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
|
|
# utils.execute, utils.execute_with_timeout]
|
|
#execute_with_run_as_root_equals_true:
|
|
# function_names: [ceilometer.utils.execute, cinder.utils.execute, neutron.agent.linux.utils.execute,
|
|
# nova.utils.execute, nova.utils.trycmd]
|
|
#hardcoded_tmp_directory:
|
|
# tmp_dirs: [/tmp, /var/tmp, /dev/shm]
|
|
#linux_commands_wildcard_injection:
|
|
# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
|
|
# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
|
|
# os.spawnvp, os.spawnvpe, os.startfile]
|
|
# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
|
|
# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
|
|
# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
|
|
# utils.execute, utils.execute_with_timeout]
|
|
#password_config_option_not_marked_secret:
|
|
# function_names: [oslo.config.cfg.StrOpt, oslo_config.cfg.StrOpt]
|
|
#ssl_with_bad_defaults:
|
|
# bad_protocol_versions: [PROTOCOL_SSLv2, SSLv2_METHOD, SSLv23_METHOD, PROTOCOL_SSLv3,
|
|
# PROTOCOL_TLSv1, SSLv3_METHOD, TLSv1_METHOD]
|
|
#ssl_with_bad_version:
|
|
# bad_protocol_versions: [PROTOCOL_SSLv2, SSLv2_METHOD, SSLv23_METHOD, PROTOCOL_SSLv3,
|
|
# PROTOCOL_TLSv1, SSLv3_METHOD, TLSv1_METHOD]
|
|
#start_process_with_a_shell:
|
|
# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
|
|
# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
|
|
# os.spawnvp, os.spawnvpe, os.startfile]
|
|
# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
|
|
# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
|
|
# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
|
|
# utils.execute, utils.execute_with_timeout]
|
|
#start_process_with_no_shell:
|
|
# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
|
|
# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
|
|
# os.spawnvp, os.spawnvpe, os.startfile]
|
|
# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
|
|
# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
|
|
# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
|
|
# utils.execute, utils.execute_with_timeout]
|
|
#start_process_with_partial_path:
|
|
# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
|
|
# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
|
|
# os.spawnvp, os.spawnvpe, os.startfile]
|
|
# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
|
|
# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
|
|
# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
|
|
# utils.execute, utils.execute_with_timeout]
|
|
#subprocess_popen_with_shell_equals_true:
|
|
# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
|
|
# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
|
|
# os.spawnvp, os.spawnvpe, os.startfile]
|
|
# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
|
|
# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
|
|
# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
|
|
# utils.execute, utils.execute_with_timeout]
|
|
#subprocess_without_shell_equals_true:
|
|
# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
|
|
# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
|
|
# os.spawnvp, os.spawnvpe, os.startfile]
|
|
# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
|
|
# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
|
|
# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
|
|
# utils.execute, utils.execute_with_timeout]
|
|
#try_except_continue: {check_typed_exception: false}
|
|
#try_except_pass: {check_typed_exception: false}
|