From 33be75a9a2d99cf58fe67e80b270dd83277db4ac Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Wed, 16 Feb 2022 09:10:33 -0500 Subject: [PATCH] Markup bandit exceptions Apply bandit exceptions and explain the rationale in each case --- .../confluent/config/configmanager.py | 6 ++++-- .../confluent/discovery/handlers/smm.py | 4 +++- confluent_server/confluent/osimage.py | 3 ++- misc/fixsmmexpiry.py | 18 ++++++++++++++++-- 4 files changed, 25 insertions(+), 6 deletions(-) diff --git a/confluent_server/confluent/config/configmanager.py b/confluent_server/confluent/config/configmanager.py index 45c3e4dd..8ee3b216 100644 --- a/confluent_server/confluent/config/configmanager.py +++ b/confluent_server/confluent/config/configmanager.py @@ -546,15 +546,17 @@ def _load_dict_from_dbm(dpath, tdb): if elem not in currdict: currdict[elem] = {} currdict = currdict[elem] + # Pickle is used as the first choice. It is a local self-owned file + # and thus not a significant security risk try: for tk in dbe.keys(): tks = confluent.util.stringify(tk) - currdict[tks] = cPickle.loads(dbe[tk]) + currdict[tks] = cPickle.loads(dbe[tk]) # nosec except AttributeError: tk = dbe.firstkey() while tk != None: tks = confluent.util.stringify(tk) - currdict[tks] = cPickle.loads(dbe[tk]) + currdict[tks] = cPickle.loads(dbe[tk]) # nosec tk = dbe.nextkey(tk) except dbm.error: return diff --git a/confluent_server/confluent/discovery/handlers/smm.py b/confluent_server/confluent/discovery/handlers/smm.py index 4f7d10d0..96e2dbd3 100644 --- a/confluent_server/confluent/discovery/handlers/smm.py +++ b/confluent_server/confluent/discovery/handlers/smm.py @@ -36,7 +36,9 @@ def fromstring(inputdata): cmpstr = '!entity' if cmpstr in inputdata.lower(): raise Exception('!ENTITY not supported in this interface') - return rfromstring(inputdata) + # The measures above should filter out the risky facets of xml + # We don't need sophisticated feature support + return rfromstring(inputdata) # nosec def fixuuid(baduuid): # SMM dumps it out in hex diff --git a/confluent_server/confluent/osimage.py b/confluent_server/confluent/osimage.py index 7c8822e0..59e8fc9b 100644 --- a/confluent_server/confluent/osimage.py +++ b/confluent_server/confluent/osimage.py @@ -212,7 +212,8 @@ def extract_entries(entries, flags=0, callback=None, totalsize=None, extractlist write_data_block(write_p, buff, size, offset) write_finish_entry(write_p) if os.path.isdir(str(entry)): - os.chmod(str(entry), 0o755) + # This directory must be world accessible for web server + os.chmod(str(entry), 0o755) # nosec else: os.chmod(str(entry), 0o644) if callback: diff --git a/misc/fixsmmexpiry.py b/misc/fixsmmexpiry.py index 5a08fdaa..2e09da97 100644 --- a/misc/fixsmmexpiry.py +++ b/misc/fixsmmexpiry.py @@ -31,7 +31,14 @@ if 'authResult>1' in rspdata: rspdata = rsp.read().decode('utf8') if 'renew_account' in rspdata: restorepwd = True - tokens = fromstring(rspdata) + if isinstance(rspdata, bytes): + if b'!entity' in rspdata.lower(): + raise Exception('Unexpected material') + else: + if '!entity' in rspdata.lower(): + raise Exception('Unexpected material') + # the troublesome entity tag is guarded above + tokens = fromstring(rspdata) # nosec st2 = tokens.findall('st2')[0].text w.set_header('ST2', st2) w.request('POST', '/data/changepwd', 'oripwd={0}&newpwd={1}'.format(os.environ['SMMPASS'], tmppassword)) @@ -41,7 +48,14 @@ if 'renew_account' in rspdata: rsp = w.getresponse() rspdata = rsp.read().decode('utf8') if 'authResult>0' in rspdata: - tokens = fromstring(rspdata) + if isinstance(rspdata, bytes): + if b'!entity' in rspdata.lower(): + raise Exception('Unexpected material') + else: + if '!entity' in rspdata.lower(): + raise Exception('Unexpected material') + # the risky xml entity feature is filtered out above + tokens = fromstring(rspdata) # nosec st2 = tokens.findall('st2')[0].text w.set_header('ST2', st2) rules = 'set=passwordDurationDays:0,passwordExpireWarningDays:0,passwordChangeInterval:0,passwordReuseCheckNum:0,passwordFailAllowdNum:0,passwordLockoutTimePeriod:0'