Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SG-33057 App pre-commit configuration and CI #367

Merged
merged 4 commits into from
Feb 19, 2025

Merge remote-tracking branch 'origin/master' into ticket/SG-33057-upg…

ed12565
Select commit
Loading
Failed to load commit list.
Merged

SG-33057 App pre-commit configuration and CI #367

Merge remote-tracking branch 'origin/master' into ticket/SG-33057-upg…
ed12565
Select commit
Loading
Failed to load commit list.
ShotGrid Chorus / security/bandit completed Feb 12, 2025 in 20s

7 issue(s) found

Summary of Issues

Type Count Severity Secure Coding Guidelines
B104: hardcoded_bind_all_interfaces 1 MEDIUM PYTH-AORZ-20
B603: subprocess_without_shell_equals_true 3 LOW PYTH-INJC-30
B607: start_process_with_partial_path 2 LOW PYTH-INJC-30
B311: blacklist 1 LOW PYTH-CRYP-20

How do I clear all these issues?

If you suspect these issues are not actual issues, click “Clear All Issues” above. Click here for more details.

Details and Annotations

Details

bandit version 1.7.9

Annotations

Check warning on line 260 in tests/base.py

See this annotation in the file changed.

@shotgrid-chorus shotgrid-chorus / security/bandit

B104: hardcoded_bind_all_interfaces 

Possible binding to all interfaces.
secure coding id: PYTH-AORZ-20.

Check notice on line 373 in tests/base.py

See this annotation in the file changed.

@shotgrid-chorus shotgrid-chorus / security/bandit

B311: blacklist 

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
secure coding id: PYTH-CRYP-20.

Check notice on line 28 in update_httplib2.py

See this annotation in the file changed.

@shotgrid-chorus shotgrid-chorus / security/bandit

B607: start_process_with_partial_path 

Starting a process with a partial executable path
secure coding id: PYTH-INJC-30.

Check notice on line 28 in update_httplib2.py

See this annotation in the file changed.

@shotgrid-chorus shotgrid-chorus / security/bandit

B603: subprocess_without_shell_equals_true 

subprocess call - check for execution of untrusted input.
secure coding id: PYTH-INJC-30.

Check notice on line 33 in update_httplib2.py

See this annotation in the file changed.

@shotgrid-chorus shotgrid-chorus / security/bandit

B607: start_process_with_partial_path 

Starting a process with a partial executable path
secure coding id: PYTH-INJC-30.

Check notice on line 33 in update_httplib2.py

See this annotation in the file changed.

@shotgrid-chorus shotgrid-chorus / security/bandit

B603: subprocess_without_shell_equals_true 

subprocess call - check for execution of untrusted input.
secure coding id: PYTH-INJC-30.

Check notice on line 50 in update_httplib2.py

See this annotation in the file changed.

@shotgrid-chorus shotgrid-chorus / security/bandit

B603: subprocess_without_shell_equals_true 

subprocess call - check for execution of untrusted input.
secure coding id: PYTH-INJC-30.
View more details on ShotGrid Chorus