summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErno Kuvaja <jokke@usr.fi>2018-08-16 19:53:58 +0100
committerErno Kuvaja <jokke@usr.fi>2018-08-16 19:53:58 +0100
commit2142860353f12aea1dc4bc7e8e7a503602913c85 (patch)
tree282140919d36cf5e774df152813341ef14294938
parent62c2c914ef2ac55f03877a42c2bc81b695320648 (diff)
Remove broken bandit from testing
Notes
Notes (review): Code-Review+2: Brian Rosmaita <rosmaita.fossdev@gmail.com> Code-Review+2: Sean McGinnis <sean.mcginnis@gmail.com> Workflow+1: Sean McGinnis <sean.mcginnis@gmail.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 16 Aug 2018 22:06:55 +0000 Reviewed-on: https://review.openstack.org/592651 Project: openstack/glance Branch: refs/heads/master
-rw-r--r--bandit.yaml245
-rw-r--r--lower-constraints.txt1
-rw-r--r--test-requirements.txt1
-rw-r--r--tox.ini5
4 files changed, 0 insertions, 252 deletions
diff --git a/bandit.yaml b/bandit.yaml
deleted file mode 100644
index 2394d71..0000000
--- a/bandit.yaml
+++ /dev/null
@@ -1,245 +0,0 @@
1# optional: after how many files to update progress
2#show_progress_every: 100
3
4# optional: plugins directory name
5#plugins_dir: 'plugins'
6
7# optional: plugins discovery name pattern
8plugin_name_pattern: '*.py'
9
10# optional: terminal escape sequences to display colors
11#output_colors:
12# DEFAULT: '\033[0m'
13# HEADER: '\033[95m'
14# LOW: '\033[94m'
15# MEDIUM: '\033[93m'
16# HIGH: '\033[91m'
17
18# optional: log format string
19#log_format: "[%(module)s]\t%(levelname)s\t%(message)s"
20
21# globs of files which should be analyzed
22include:
23 - '*.py'
24 - '*.pyw'
25
26# a list of strings, which if found in the path will cause files to be excluded
27# for example /tests/ - to remove all all files in tests directory
28exclude_dirs:
29 - '/tests/'
30
31profiles:
32 gate:
33 include:
34
35 - any_other_function_with_shell_equals_true
36 - assert_used
37 - blacklist_calls
38 - blacklist_import_func
39
40 # One of the blacklisted imports is the subprocess module. Keystone
41 # has to import the subprocess module in a single module for
42 # eventlet support so in most cases bandit won't be able to detect
43 # that subprocess is even being imported. Also, Bandit's
44 # recommendation is just to check that the use is safe without any
45 # documentation on what safe or unsafe usage is. So this test is
46 # skipped.
47 # - blacklist_imports
48
49 - exec_used
50
51 - execute_with_run_as_root_equals_true
52
53 # - hardcoded_bind_all_interfaces # TODO: enable this test
54
55 # Not working because wordlist/default-passwords file not bundled,
56 # see https://bugs.launchpad.net/bandit/+bug/1451575 :
57 # - hardcoded_password
58
59 # Not used because it's prone to false positives:
60 # - hardcoded_sql_expressions
61
62 # - hardcoded_tmp_directory # TODO: enable this test
63
64 - jinja2_autoescape_false
65
66 - linux_commands_wildcard_injection
67
68 - paramiko_calls
69
70 - password_config_option_not_marked_secret
71 - request_with_no_cert_validation
72 - set_bad_file_permissions
73 - subprocess_popen_with_shell_equals_true
74 # - subprocess_without_shell_equals_true # TODO: enable this test
75 - start_process_with_a_shell
76 # - start_process_with_no_shell # TODO: enable this test
77 - start_process_with_partial_path
78 - ssl_with_bad_defaults
79 - ssl_with_bad_version
80 - ssl_with_no_version
81 # - try_except_pass # TODO: enable this test
82
83 - use_of_mako_templates
84
85blacklist_calls:
86 bad_name_sets:
87 # - pickle:
88 # qualnames: [pickle.loads, pickle.load, pickle.Unpickler,
89 # cPickle.loads, cPickle.load, cPickle.Unpickler]
90 # message: "Pickle library appears to be in use, possible security issue."
91 # TODO: enable this test
92 - marshal:
93 qualnames: [marshal.load, marshal.loads]
94 message: "Deserialization with the marshal module is possibly dangerous."
95 # - md5:
96 # qualnames: [hashlib.md5, Crypto.Hash.MD2.new, Crypto.Hash.MD4.new, Crypto.Hash.MD5.new, cryptography.hazmat.primitives.hashes.MD5]
97 # message: "Use of insecure MD2, MD4, or MD5 hash function."
98 # TODO: enable this test
99 - mktemp_q:
100 qualnames: [tempfile.mktemp]
101 message: "Use of insecure and deprecated function (mktemp)."
102 - eval:
103 qualnames: [eval]
104 message: "Use of possibly insecure function - consider using safer ast.literal_eval."
105 - mark_safe:
106 names: [mark_safe]
107 message: "Use of mark_safe() may expose cross-site scripting vulnerabilities and should be reviewed."
108 - httpsconnection:
109 qualnames: [httplib.HTTPSConnection]
110 message: "Use of HTTPSConnection does not provide security, see https://wiki.openstack.org/wiki/OSSN/OSSN-0033"
111 - yaml_load:
112 qualnames: [yaml.load]
113 message: "Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load()."
114 - urllib_urlopen:
115 qualnames: [urllib.urlopen, urllib.urlretrieve, urllib.URLopener, urllib.FancyURLopener, urllib2.urlopen, urllib2.Request]
116 message: "Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected."
117 - random:
118 qualnames: [random.random, random.randrange, random.randint, random.choice, random.uniform, random.triangular]
119 message: "Standard pseudo-random generators are not suitable for security/cryptographic purposes."
120 level: "LOW"
121
122 # Most of this is based off of Christian Heimes' work on defusedxml:
123 # https://pypi.org/project/defusedxml/#defusedxml-sax
124
125 # TODO(jaegerandi): Enable once defusedxml is in global requirements.
126 #- xml_bad_cElementTree:
127 # qualnames: [xml.etree.cElementTree.parse,
128 # xml.etree.cElementTree.iterparse,
129 # xml.etree.cElementTree.fromstring,
130 # xml.etree.cElementTree.XMLParser]
131 # message: "Using {func} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {func} with it's defusedxml equivilent function."
132 #- xml_bad_ElementTree:
133 # qualnames: [xml.etree.ElementTree.parse,
134 # xml.etree.ElementTree.iterparse,
135 # xml.etree.ElementTree.fromstring,
136 # xml.etree.ElementTree.XMLParser]
137 # message: "Using {func} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {func} with it's defusedxml equivilent function."
138 - xml_bad_expatreader:
139 qualnames: [xml.sax.expatreader.create_parser]
140 message: "Using {func} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {func} with it's defusedxml equivilent function."
141 - xml_bad_expatbuilder:
142 qualnames: [xml.dom.expatbuilder.parse,
143 xml.dom.expatbuilder.parseString]
144 message: "Using {func} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {func} with it's defusedxml equivilent function."
145 - xml_bad_sax:
146 qualnames: [xml.sax.parse,
147 xml.sax.parseString,
148 xml.sax.make_parser]
149 message: "Using {func} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {func} with it's defusedxml equivilent function."
150 - xml_bad_minidom:
151 qualnames: [xml.dom.minidom.parse,
152 xml.dom.minidom.parseString]
153 message: "Using {func} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {func} with it's defusedxml equivilent function."
154 - xml_bad_pulldom:
155 qualnames: [xml.dom.pulldom.parse,
156 xml.dom.pulldom.parseString]
157 message: "Using {func} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {func} with it's defusedxml equivilent function."
158 - xml_bad_etree:
159 qualnames: [lxml.etree.parse,
160 lxml.etree.fromstring,
161 lxml.etree.RestrictedElement,
162 lxml.etree.GlobalParserTLS,
163 lxml.etree.getDefaultParser,
164 lxml.etree.check_docinfo]
165 message: "Using {func} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {func} with it's defusedxml equivilent function."
166
167
168shell_injection:
169 # Start a process using the subprocess module, or one of its wrappers.
170 subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call,
171 subprocess.check_output, utils.execute, utils.execute_with_timeout]
172 # Start a process with a function vulnerable to shell injection.
173 shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4,
174 popen2.popen2, popen2.popen3, popen2.popen4, popen2.Popen3,
175 popen2.Popen4, commands.getoutput, commands.getstatusoutput]
176 # Start a process with a function that is not vulnerable to shell injection.
177 no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv,os.execve,
178 os.execvp, os.execvpe, os.spawnl, os.spawnle, os.spawnlp,
179 os.spawnlpe, os.spawnv, os.spawnve, os.spawnvp, os.spawnvpe,
180 os.startfile]
181
182blacklist_imports:
183 bad_import_sets:
184 - telnet:
185 imports: [telnetlib]
186 level: HIGH
187 message: "Telnet is considered insecure. Use SSH or some other encrypted protocol."
188 - info_libs:
189 imports: [pickle, cPickle, subprocess, Crypto]
190 level: LOW
191 message: "Consider possible security implications associated with {module} module."
192
193 # Most of this is based off of Christian Heimes' work on defusedxml:
194 # https://pypi.org/project/defusedxml/#defusedxml-sax
195
196 - xml_libs:
197 imports: [xml.etree.cElementTree,
198 xml.etree.ElementTree,
199 xml.sax.expatreader,
200 xml.sax,
201 xml.dom.expatbuilder,
202 xml.dom.minidom,
203 xml.dom.pulldom,
204 lxml.etree,
205 lxml]
206 message: "Using {module} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {module} with the equivilent defusedxml package."
207 level: LOW
208 - xml_libs_high:
209 imports: [xmlrpclib]
210 message: "Using {module} to parse untrusted XML data is known to be vulnerable to XML attacks. Use defused.xmlrpc.monkey_patch() function to monkey-patch xmlrpclib and mitigate XML vulnerabilities."
211 level: HIGH
212
213hardcoded_tmp_directory:
214 tmp_dirs: ['/tmp', '/var/tmp', '/dev/shm']
215
216hardcoded_password:
217 # Support for full path, relative path and special "%(site_data_dir)s"
218 # substitution (/usr/{local}/share)
219 word_list: "%(site_data_dir)s/wordlist/default-passwords"
220
221ssl_with_bad_version:
222 bad_protocol_versions:
223 - 'PROTOCOL_SSLv2'
224 - 'SSLv2_METHOD'
225 - 'SSLv23_METHOD'
226 - 'PROTOCOL_SSLv3' # strict option
227 - 'PROTOCOL_TLSv1' # strict option
228 - 'SSLv3_METHOD' # strict option
229 - 'TLSv1_METHOD' # strict option
230
231password_config_option_not_marked_secret:
232 function_names:
233 - oslo.config.cfg.StrOpt
234 - oslo_config.cfg.StrOpt
235
236execute_with_run_as_root_equals_true:
237 function_names:
238 - ceilometer.utils.execute
239 - cinder.utils.execute
240 - neutron.agent.linux.utils.execute
241 - nova.utils.execute
242 - nova.utils.trycmd
243
244try_except_pass:
245 check_typed_exception: True
diff --git a/lower-constraints.txt b/lower-constraints.txt
index d032306..beac1f1 100644
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@@ -5,7 +5,6 @@ appdirs==1.4.3
5asn1crypto==0.24.0 5asn1crypto==0.24.0
6automaton==1.14.0 6automaton==1.14.0
7Babel==2.3.4 7Babel==2.3.4
8bandit==1.1.0
9cachetools==2.0.1 8cachetools==2.0.1
10castellan==0.17.0 9castellan==0.17.0
11certifi==2018.1.18 10certifi==2018.1.18
diff --git a/test-requirements.txt b/test-requirements.txt
index 8c2ec24..01a708b 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -9,7 +9,6 @@ hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
9Babel!=2.4.0,>=2.3.4 # BSD 9Babel!=2.4.0,>=2.3.4 # BSD
10 10
11# Needed for testing 11# Needed for testing
12bandit>=1.1.0 # Apache-2.0
13coverage!=4.4,>=4.0 # Apache-2.0 12coverage!=4.4,>=4.0 # Apache-2.0
14ddt>=1.0.1 # MIT 13ddt>=1.0.1 # MIT
15fixtures>=3.0.0 # Apache-2.0/BSD 14fixtures>=3.0.0 # Apache-2.0/BSD
diff --git a/tox.ini b/tox.ini
index 01683d8..0f88bc3 100644
--- a/tox.ini
+++ b/tox.ini
@@ -67,7 +67,6 @@ basepython = python3
67commands = 67commands =
68 flake8 {posargs} 68 flake8 {posargs}
69 # Run security linter 69 # Run security linter
70 bandit -c bandit.yaml -r glance -n5 -p gate
71 # Check that .po and .pot files are valid: 70 # Check that .po and .pot files are valid:
72 bash -c "find glance -type f -regex '.*\.pot?' -print0|xargs -0 -n 1 msgfmt --check-format -o /dev/null" 71 bash -c "find glance -type f -regex '.*\.pot?' -print0|xargs -0 -n 1 msgfmt --check-format -o /dev/null"
73 doc8 {posargs} 72 doc8 {posargs}
@@ -135,10 +134,6 @@ commands =
135basepython = python3 134basepython = python3
136commands = {posargs} 135commands = {posargs}
137 136
138[testenv:bandit]
139basepython = python3
140commands = bandit -c bandit.yaml -r glance -n5 -p gate
141
142[testenv:releasenotes] 137[testenv:releasenotes]
143basepython = python3 138basepython = python3
144deps = 139deps =