Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new plugin to check use of pyghmi #803

Merged
merged 4 commits into from Feb 7, 2022
Merged

Add new plugin to check use of pyghmi #803

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
abc1b50
Add new plugin to check use of pyghmi
stannum-l Aug 8, 2018
e96cd6b
Fix example and polish te code.
stannum-l Aug 13, 2018
ec1e38e
Add new plug-in to check pyghmi
stannum-l Aug 13, 2018
800c233
Merge branch 'feat/pyghmi' of ssh://github.com/stannum-l/bandit into …
ericwb Feb 7, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
23 changes: 23 additions & 0 deletions bandit/blacklists/imports.py
View file
Open in desktop
Expand Up @@ -212,6 +212,17 @@
| | | - Cryptodome.Util | |
+------+---------------------+------------------------------------+-----------+

B415: import_pyghmi
-------------------
An IPMI-related module is being imported. IPMI is considered insecure. Use
an encrypted protocol.

+------+---------------------+------------------------------------+-----------+
| ID | Name | Imports | Severity |
+======+=====================+====================================+===========+
| B415 | import_pyghmi | - pyghmi | high |
+------+---------------------+------------------------------------+-----------+

"""
from bandit.blacklists import utils
from bandit.core import issue
Expand Down Expand Up @@ -410,4 +421,16 @@ def gen_blacklist():
)
)

sets.append(
utils.build_conf_dict(
"import_pyghmi",
"B415",
issue.Cwe.CLEARTEXT_TRANSMISSION,
["pyghmi"],
"An IPMI-related module is being imported. IPMI is considered "
"insecure. Use an encrypted protocol.",
"HIGH",
)
)

return {"Import": sets, "ImportFrom": sets, "Call": sets}
5 changes: 5 additions & 0 deletions examples/pyghmi.py
View file
Open in desktop
@@ -0,0 +1,5 @@
from pyghmi.ipmi import command

cmd = command.Command(bmc="bmc",
userid="userid",
password="ZjE4ZjI0NTE4YmI2NGJjZDliOGY3ZmJiY2UyN2IzODQK")
8 changes: 8 additions & 0 deletions tests/functional/test_functional.py
View file
Open in desktop
Expand Up @@ -851,6 +851,14 @@ def test_no_blacklist_pycryptodome(self):
}
self.check_example("pycryptodome.py", expect)

def test_blacklist_pyghmi(self):
"""Test calling pyghmi methods"""
expect = {
"SEVERITY": {"UNDEFINED": 0, "LOW": 1, "MEDIUM": 0, "HIGH": 1},
"CONFIDENCE": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 1, "HIGH": 1},
}
self.check_example("pyghmi.py", expect)

def test_snmp_security_check(self):
"""Test insecure and weak crypto usage of SNMP."""
expect = {
Expand Down