DCUseYh6

· 5 years ago · Apr 21, 2020, 01:40 PM
1bandit run-test: commands[0] | bandit -r /home/turkdev/devel/etrm/django_bo
2[main]  INFO    profile include tests: None
3[main]  INFO    profile exclude tests: None
4[main]  INFO    cli include tests: None
5[main]  INFO    cli exclude tests: None
6[main]  INFO    running on Python 3.6.9
774 [0.. 50.. ]
8Run started:2020-04-21 13:37:11.029225
9
10Test results:
11>> Issue: [B405:blacklist] Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
12   Severity: Low   Confidence: High
13   Location: django_bo/backoffice/management/commands/import_file.py:2
14   More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b405-import-xml-etree
151       """Backoffice .xml and .DAT files importer."""
162       import xml.etree.ElementTree as ET
173       from datetime import date, datetime
18
19--------------------------------------------------
20>> Issue: [B314:blacklist] Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
21   Severity: Medium   Confidence: High
22   Location: django_bo/backoffice/management/commands/import_file.py:61
23   More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b313-b320-xml-bad-elementtree
2460      
2561              tree = ET.parse(filename)
2662              root = tree.getroot()
27
28--------------------------------------------------
29>> Issue: [B501:request_with_no_cert_validation] Requests call with verify=False disabling SSL certificate checks, security issue.
30   Severity: High   Confidence: High
31   Location: django_bo/backoffice/views/validation_view.py:124
32   More Info: https://bandit.readthedocs.io/en/latest/plugins/b501_request_with_no_cert_validation.html
33123                 params = {'trade_exec_utc__gte': start, 'trade_exec_utc__lte': end}
34124                 our_trades_resp = requests.get(OUR_TRADES_URL, params=params, verify=False)
35125                 if our_trades_resp.ok:
36
37--------------------------------------------------
38>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: '3zz1y-*6spjri1ofo@4gieidyj5t33^h_3_33%*17k4r!!1l24'
39   Severity: Low   Confidence: Medium
40   Location: django_bo/django_bo/settings.py:24
41   More Info: https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html
4223      # SECURITY WARNING: keep the secret key used in production secret!
4324      SECRET_KEY = '3zz1y-*6spjri1ofo@4gieidyj5t33^h_3_33%*17k4r!!1l24'
4425      
4526      # SECURITY WARNING: don't run with debug turned on in production!
4627      DEBUG = True
47
48--------------------------------------------------
49>> Issue: [B112:try_except_continue] Try, Except, Continue detected.
50   Severity: Low   Confidence: High
51   Location: django_bo/reporting/forms.py:44
52   More Info: https://bandit.readthedocs.io/en/latest/plugins/b112_try_except_continue.html
5343                              qs.filter(subquery)
5444                          except Exception:
5545                              continue
56
57--------------------------------------------------
58>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
59   Severity: Medium   Confidence: High
60   Location: django_bo/reporting/management/commands/import_from_elexon_portal.py:39
61   More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b310-urllib-urlopen
6238              full_url = full_url + '?' + params
6339              urllib.request.urlretrieve(full_url, full_filename)
6440      
65
66--------------------------------------------------
67>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
68   Severity: Low   Confidence: High
69   Location: django_bo/reporting/views/payments_view.py:82
70   More Info: https://bandit.readthedocs.io/en/latest/plugins/b110_try_except_pass.html
7181                  end = end.date()
7282              except Exception:
7383                  pass
74
75--------------------------------------------------
76>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
77   Severity: Low   Confidence: High
78   Location: django_bo/reporting/views/payments_view.py:86
79   More Info: https://bandit.readthedocs.io/en/latest/plugins/b110_try_except_pass.html
8085                  start = start.date()
8186              except Exception:
8287                  pass
83
84--------------------------------------------------
85
86Code scanned:
87        Total lines of code: 7102
88        Total lines skipped (#nosec): 0
89
90Run metrics:
91        Total issues (by severity):
92                Undefined: 0.0
93                Low: 5.0
94                Medium: 2.0
95                High: 1.0
96        Total issues (by confidence):
97                Undefined: 0.0
98                Low: 0.0
99                Medium: 1.0
100                High: 7.0
101Files skipped (0):