Created
February 17, 2015 18:17
-
-
Save sheyman/6cdedb51276dab77f348 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
>> Consider possible security implications associated with Crypto module. | |
- /Users/step6927/barbican/barbican/openstack/common/crypto/utils.py::20 | |
20 from Crypto import Random | |
>> Random library should not be used for any security or cryptographic purposes | |
- /Users/step6927/barbican/barbican/openstack/common/processutils.py::23 | |
23 import random | |
>> Use of random is not suitable for security/cryptographic purposes. | |
- /Users/step6927/barbican/barbican/openstack/common/processutils.py::130 | |
130 greenthread.sleep(random.randint(20, 200) / 100.0) | |
>> Random library should not be used for any security or cryptographic purposes | |
- /Users/step6927/barbican/barbican/openstack/common/service.py::24 | |
24 import random | |
>> Use of random is not suitable for security/cryptographic purposes. | |
- /Users/step6927/barbican/barbican/openstack/common/service.py::243 | |
243 random.seed() | |
>> ssl.wrap_socket call with no SSL/TLS protocol version specified, the default SSLv23 could be insecure, possible security issue. | |
- /Users/step6927/barbican/barbican/openstack/common/sslutils.py::80 | |
80 return ssl.wrap_socket(sock, **ssl_kwargs) | |
>> Possible SQL injection vector through string-based query construction, without SQLALCHEMY use | |
- /Users/step6927/barbican/barbican/plugin/interface/certificate_manager.py::242 | |
242 """ | |
>> Possible SQL injection vector through string-based query construction, without SQLALCHEMY use | |
- /Users/step6927/barbican/barbican/plugin/simple_certificate_manager.py::55 | |
55 """ | |
>> Possible SQL injection vector through string-based query construction, without SQLALCHEMY use | |
- /Users/step6927/barbican/barbican/plugin/symantec.py::96 | |
96 """ | |
>> Probable insecure usage of temp file/directory | |
- /Users/step6927/barbican/barbican/tests/plugin/test_dogtag.py::93 | |
93 m.dogtag_plugin = mock.MagicMock(pem_path=None, nss_db_path='/tmp') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment