-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update known flaws files 4.7.0 #4313
Conversation
e1df2be
to
b39fb37
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I ran the code analysis scan and got the same results
(venv) gasti@pop-os:~/work/wazuh-qa/tests/scans/code_analysis$ python3 -m pytest test_python_flaws.py --disable-warnings --exclude_directories tests,test
==================================== test session starts =====================================
platform linux -- Python 3.9.16, pytest-7.4.0, pluggy-1.2.0
rootdir: /home/gasti/work/wazuh-qa/tests
configfile: pytest.ini
collected 1 item
test_python_flaws.py . [100%]
=============================== 1 passed, 3 warnings in 18.79s ===============================
known_flaws_framework.json
{
"false_positives": [
{
"code": " def md5(fname):\n hash_md5 = hashlib.md5()\n with open(fname, \"rb\") as f:\n",
"filename": "framework/wazuh/core/utils.py",
"issue_confidence": "HIGH",
"issue_severity": "MEDIUM",
"issue_text": "Use of insecure MD2, MD4, MD5, or SHA1 hash function.",
"line_number": 724,
"line_range": [
724
],
"more_info": "https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b303-md5",
"test_id": "B303",
"test_name": "blacklist"
},
{
"code": " try:\n subprocess.check_output([os_path.join(common.WAZUH_PATH, \"bin\", \"verify-agent-conf\"), '-f', tmp_file_path],\n stderr=subprocess.STDOUT)\n except subprocess.CalledProcessError as e:\n",
"filename": "framework/wazuh/core/configuration.py",
"issue_confidence": "HIGH",
"issue_severity": "LOW",
"issue_text": "subprocess call - check for execution of untrusted input.",
"line_number": 991,
"line_range": [
991,
992
],
"more_info": "https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html",
"test_id": "B603",
"test_name": "subprocess_without_shell_equals_true"
},
{
"code": " import re\n import subprocess\n import sys\n",
"filename": "framework/wazuh/core/configuration.py",
"issue_confidence": "HIGH",
"issue_severity": "LOW",
"issue_text": "Consider possible security implications associated with subprocess module.",
"line_number": 9,
"line_range": [
9
],
"more_info": "https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess",
"test_id": "B404",
"test_name": "blacklist"
},
{
"code": " # end time\n result = wdb_conn.execute(f\"agent {agent_id} sql SELECT max(date_last) FROM pm_event WHERE \"\n \"log = 'Ending rootcheck scan.'\")\n",
"filename": "framework/wazuh/core/rootcheck.py",
"issue_confidence": "MEDIUM",
"issue_severity": "MEDIUM",
"issue_text": "Possible SQL injection vector through string-based query construction.",
"line_number": 156,
"line_range": [
156
],
"more_info": "https://bandit.readthedocs.io/en/latest/plugins/b608_hardcoded_sql_expressions.html",
"test_id": "B608",
"test_name": "hardcoded_sql_expressions"
},
{
"code": " def syscheck_delete_agent(agent: str, wdb_conn: WazuhDBConnection) -> None:\n wdb_conn.execute(f\"agent {agent} sql delete from fim_entry\", delete=True)\n",
"filename": "framework/wazuh/core/syscheck.py",
"issue_confidence": "MEDIUM",
"issue_severity": "MEDIUM",
"issue_text": "Possible SQL injection vector through string-based query construction.",
"line_number": 48,
"line_range": [
48
],
"more_info": "https://bandit.readthedocs.io/en/latest/plugins/b608_hardcoded_sql_expressions.html",
"test_id": "B608",
"test_name": "hardcoded_sql_expressions"
},
{
"code": " # start time\n result = wdb_conn.execute(f\"agent {agent_id} sql SELECT max(date_last) FROM pm_event \"\n \"WHERE log = 'Starting rootcheck scan.'\")\n",
"filename": "framework/wazuh/core/rootcheck.py",
"issue_confidence": "MEDIUM",
"issue_severity": "MEDIUM",
"issue_text": "Possible SQL injection vector through string-based query construction.",
"line_number": 162,
"line_range": [
162
],
"more_info": "https://bandit.readthedocs.io/en/latest/plugins/b608_hardcoded_sql_expressions.html",
"test_id": "B608",
"test_name": "hardcoded_sql_expressions"
},
{
"code": " iv = InputValidator()\n reservated_ips = {'localhost', 'NODE_IP', '0.0.0.0', '127.0.1.1'}\n \n",
"filename": "framework/wazuh/core/cluster/cluster.py",
"issue_confidence": "MEDIUM",
"issue_severity": "MEDIUM",
"issue_text": "Possible binding to all interfaces.",
"line_number": 58,
"line_range": [
58
],
"more_info": "https://bandit.readthedocs.io/en/latest/plugins/b104_hardcoded_bind_all_interfaces.html",
"test_id": "B104",
"test_name": "hardcoded_bind_all_interfaces"
},
{
"code": " 'port': 1516,\n 'bind_addr': '0.0.0.0',\n 'nodes': ['NODE_IP'],\n 'hidden': 'no'\n }\n \n try:\n config_cluster = get_ossec_conf(section='cluster', conf_file=config_file, from_import=from_import)['cluster']\n except WazuhException as e:\n64 if e.code == 1106:\n65 # If no cluster configuration is present in ossec.conf, return default configuration but disabling it.\n66 cluster_default_configuration['disabled'] = True\n",
"filename": "framework/wazuh/core/cluster/utils.py",
"issue_confidence": "MEDIUM",
"issue_severity": "MEDIUM",
"issue_text": "Possible binding to all interfaces.",
"line_number": 56,
"line_range": [
49,
58
],
"more_info": "https://bandit.readthedocs.io/en/latest/plugins/b104_hardcoded_bind_all_interfaces.html",
"test_id": "B104",
"test_name": "hardcoded_bind_all_interfaces"
},
{
"code": " new_password = getpass(f\"New password for '{username}' (skip): \")\n if new_password == \"\":\n continue\n",
"filename": "framework/scripts/rbac_control.py",
"issue_confidence": "MEDIUM",
"issue_severity": "LOW",
"issue_text": "Possible hardcoded password: ''",
"line_number": 39,
"line_range": [
39
],
"more_info": "https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html",
"test_id": "B105",
"test_name": "hardcoded_password_string"
}
],
"to_fix": [
{
"code": " exc_data = dct['__unhandled_exc__']\n return eval(exc_data['__class__'])(*exc_data['__args__'])\n return dct\n",
"filename": "framework/wazuh/core/cluster/common.py",
"issue_confidence": "HIGH",
"issue_severity": "MEDIUM",
"issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.",
"line_number": 1793,
"line_range": [
1793
],
"more_info": "https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b307-eval",
"test_id": "B307",
"test_name": "blacklist"
}
]
}
LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should these changes need to been included in previous development branches such as 4.5.0, 4.6.0, etc
@Rebits Here there are the related PR's |
3303ce7
to
4d7e129
Compare
Now is OK with
|
4d7e129
to
d1c463a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, but in the future remember to include 3 execution outputs @nico-stefani
Run 1
$ pytest tests/scans/code_analysis/test_python_flaws.py --disable-warnings --exclude_directories tests,test --reference 4.7.0
============================================================================================ test session starts =============================================================================================
platform linux -- Python 3.10.12, pytest-7.1.2, pluggy-1.0.0
rootdir: /home/selu/Git/wazuh-qa/tests, configfile: pytest.ini
plugins: html-3.1.1, testinfra-5.0.0, metadata-2.0.4
collected 1 item
tests/scans/code_analysis/test_python_flaws.py . [100%]
======================================================================================= 1 passed, 3 warnings in 12.24s =======================================================================================
Run 2
$ pytest tests/scans/code_analysis/test_python_flaws.py --disable-warnings --exclude_directories tests,test --reference 4.7.0
============================================================================================ test session starts =============================================================================================
platform linux -- Python 3.10.12, pytest-7.1.2, pluggy-1.0.0
rootdir: /home/selu/Git/wazuh-qa/tests, configfile: pytest.ini
plugins: html-3.1.1, testinfra-5.0.0, metadata-2.0.4
collected 1 item
tests/scans/code_analysis/test_python_flaws.py . [100%]
======================================================================================= 1 passed, 3 warnings in 12.69s =======================================================================================
Run 3
$ pytest tests/scans/code_analysis/test_python_flaws.py --disable-warnings --exclude_directories tests,test --reference 4.7.0
============================================================================================ test session starts =============================================================================================
platform linux -- Python 3.10.12, pytest-7.1.2, pluggy-1.0.0
rootdir: /home/selu/Git/wazuh-qa/tests, configfile: pytest.ini
plugins: html-3.1.1, testinfra-5.0.0, metadata-2.0.4
collected 1 item
tests/scans/code_analysis/test_python_flaws.py . [100%]
======================================================================================= 1 passed, 3 warnings in 12.53s =======================================================================================
Run 1 🟢
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Description
This PR updates the framework file of known flaws with the recent scan results.
Updated