Skip to content

Instantly share code, notes, and snippets.

@codevulture

codevulture/bandit_output

Created May 10, 2016 03:35
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save codevulture/190ecc35071e69f809008227b7c733f4 to your computer and use it in GitHub Desktop.
Save codevulture/190ecc35071e69f809008227b7c733f4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
bandit_output
Severity: Medium Confidence: Medium
Location: swift/common/db.py:864
862 for key in keys_to_delete:
863 del md[key]
864 conn.execute('UPDATE %s_stat SET metadata = ?' %
865 self.db_type, (json.dumps(md),))
866 return True
867 except sqlite3.OperationalError as err:
--------------------------------------------------
>> Issue: [hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction.
Severity: Medium Confidence: Medium
Location: swift/common/db.py:881
879 with self.get() as conn:
880 conn.execute(
881 'UPDATE %s_stat SET put_timestamp = ?'
882 ' WHERE put_timestamp < ?' % self.db_type,
883 (timestamp, timestamp))
884 conn.commit()
--------------------------------------------------
>> Issue: [hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction.
Severity: Medium Confidence: Medium
Location: swift/common/db.py:900
898 def _update_status_changed_at(self, conn, timestamp):
899 conn.execute(
900 'UPDATE %s_stat SET status_changed_at = ?'
901 ' WHERE status_changed_at < ?' % self.db_type,
902 (timestamp, timestamp))
--------------------------------------------------
>> Issue: [hardcoded_bind_all_interfaces] Possible binding to all interfaces.
Severity: Medium Confidence: Medium
Location: swift/common/db_replicator.py:158
156 self.root = conf.get('devices', '/srv/node')
157 self.mount_check = config_true_value(conf.get('mount_check', 'true'))
158 self.bind_ip = conf.get('bind_ip', '0.0.0.0')
159 self.port = int(conf.get('bind_port', self.default_port))
160 concurrency = int(conf.get('concurrency', 8))
--------------------------------------------------
>> Issue: [hardcoded_bind_all_interfaces] Possible binding to all interfaces.
Severity: Medium Confidence: Medium
Location: swift/common/utils.py:1925
1923 bind_ip, None, 0, socket.SOCK_STREAM, 0,
1924 socket.AI_NUMERICHOST)[0]
1925 if sockaddr[0] not in ('0.0.0.0', '::'):
1926 return [bind_ip]
1927 except socket.gaierror:
--------------------------------------------------
>> Issue: [hardcoded_bind_all_interfaces] Possible binding to all interfaces.
Severity: Medium Confidence: Medium
Location: swift/common/wsgi.py:178
176 except (ValueError, KeyError, TypeError):
177 raise ConfigFilePortError()
178 bind_addr = (conf.get('bind_ip', '0.0.0.0'), bind_port)
179 address_family = [addr[0] for addr in socket.getaddrinfo(
180 bind_addr[0], bind_addr[1], socket.AF_UNSPEC, socket.SOCK_STREAM)
--------------------------------------------------
>> Issue: [hardcoded_bind_all_interfaces] Possible binding to all interfaces.
Severity: Medium Confidence: Medium
Location: swift/common/wsgi.py:707
705 self.port_pid_state = PortPidState(servers_per_port, logger)
706
707 bind_ip = conf.get('bind_ip', '0.0.0.0')
708 self.cache = BindPortsCache(self.swift_dir, bind_ip)
709
--------------------------------------------------
>> Issue: [hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction.
Severity: Medium Confidence: Medium
Location: swift/container/backend.py:841
839 records.update(
840 ((rec[0], rec[6]), rec) for rec in curs.execute(
841 'SELECT name, created_at, size, content_type,'
842 'etag, deleted, storage_policy_index '
843 'FROM object WHERE ' + query_mod + ' name IN (%s)' %
844 ','.join('?' * len(chunk)), chunk))
845 # Sort item_list into things that need adding and deleting, based
--------------------------------------------------
>> Issue: [hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction.
Severity: Medium Confidence: Medium
Location: swift/container/backend.py:861
859 if to_delete:
860 curs.executemany(
861 'DELETE FROM object WHERE ' + query_mod +
862 'name=? AND storage_policy_index=?',
863 ((rec['name'], rec['storage_policy_index'])
--------------------------------------------------
>> Issue: [hardcoded_bind_all_interfaces] Possible binding to all interfaces.
Severity: Medium Confidence: Medium
Location: swift/container/sync.py:216
214 self.container_ring = container_ring or Ring(self.swift_dir,
215 ring_name='container')
216 bind_ip = conf.get('bind_ip', '0.0.0.0')
217 self._myips = whataremyips(bind_ip)
218 self._myport = int(conf.get('bind_port', 6201))
--------------------------------------------------
>> Issue: [hardcoded_bind_all_interfaces] Possible binding to all interfaces.
Severity: Medium Confidence: Medium
Location: swift/obj/reconstructor.py:127
125 self.mount_check = config_true_value(conf.get('mount_check', 'true'))
126 self.swift_dir = conf.get('swift_dir', '/etc/swift')
127 self.bind_ip = conf.get('bind_ip', '0.0.0.0')
128 self.servers_per_port = int(conf.get('servers_per_port', '0') or 0)
129 self.port = None if self.servers_per_port else \
--------------------------------------------------
>> Issue: [hardcoded_bind_all_interfaces] Possible binding to all interfaces.
Severity: Medium Confidence: Medium
Location: swift/obj/replicator.py:68
66 self.mount_check = config_true_value(conf.get('mount_check', 'true'))
67 self.swift_dir = conf.get('swift_dir', '/etc/swift')
68 self.bind_ip = conf.get('bind_ip', '0.0.0.0')
69 self.servers_per_port = int(conf.get('servers_per_port', '0') or 0)
70 self.port = None if self.servers_per_port else \
--------------------------------------------------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment