Closed mcarmona99 closed 2 years ago
B603
:wazuh/framework/wazuh/core/cluster/cluster.py
: FALSE POSITIVEwazuh/framework/wazuh/core/common.py
: FALSE POSITIVEwazuh/framework/wazuh/core/configuration.py
: FALSE POSITIVEwazuh/framework/scripts/wazuh-logtest.py
: FALSE POSITIVEwazuh/framework/wazuh/core/utils.py
: FIXEDB404
:wazuh/framework/scripts/wazuh-logtest.py
: FALSE POSITIVEwazuh/framework/wazuh/core/cluster/cluster.py
: FALSE POSITIVEwazuh/framework/wazuh/core/common.py
: FALSE POSITIVEwazuh/framework/wazuh/core/configuration.py
: FALSE POSITIVEAPI:
Wodles:
Framework:
from subprocess import CalledProcessError, check_output
at framework/wazuh/core/utils.py
. It's entirely related with a rebase conflict. This line should be removed since the subprocess package is not being used here. Removed in https://github.com/wazuh/wazuh/pull/10740 and incorrectly added in https://github.com/wazuh/wazuh/pull/10635.
ii. It's a false positive, in which its surrounding lines were modified. This way Bandit is reporting it as a new flaw.subprocess
module at framework/wazuh/core/common.py
in despite of it's not being used.wazuh/wazuh
:
from subprocess import CalledProcessError, check_output
from framework/wazuh/core/utils.py
since it's not being used and it's reported as a new framework flaw.import subprocess
from framework/wazuh/core/common.py
since it's not being used and it's known as a false positive.wazuh/wazuh-qa
:
dev-fix-python-code-vulnerabilities
in wazuh/wazuh
, we need to verify and modify these altered false positives I mentioned above in the current status
section.With all this adjustments, the test should successfully pass with no errors regarding a possible code flaw. If a new flaw appears while doing these modifications, it should be reported in a new issue.
Having into account the required fixes commented in the last comment, the following pull requests have been created:
Description
This issue is part of https://github.com/wazuh/wazuh/issues/10125.
In that epic issue, we investigate and fix the possible vulnerabilities found using the tool located at
wazuh-qa/tests/scans/code_analysis/test_python_flaws.py
.In this issue, we should track and confirm that all the possible flaws reported have been moved to the
false_positives
list or removed fromto_fix
.The following issues should be solved in order to merge this issue's working branch into the target branch:
WORKING QA BRANCH: dev-fix-python-code-vulnerabilities TARGET WAZUH-QA BRANCH: master