-
Notifications
You must be signed in to change notification settings - Fork 867
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
CI: missing security check for security issues in the codebase #3311
Comments
ChengyuZhu6
added a commit
to ChengyuZhu6/serve
that referenced
this issue
Sep 12, 2024
- Integrate Bandit to scan for security issues in the codebase. - Configure Bandit to fail the workflow if any high-severity issues are found. e.g.: ```bash >> Issue: [B605:start_process_with_a_shell] Starting a process with a shell, possible injection detected, security issue. Severity: High Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) More Info: https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html Location: ./binaries/build.py:52:30 51 if not args.dry_run: 52 build_exit_code = os.system(cur_wheel_cmd) 53 # If any one of the steps fail, exit with error ``` Fixes: pytorch#3311 Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
1 task
Thanks @ChengyuZhu6 for flagging this and creating your PR! We will take a look! |
ChengyuZhu6
added a commit
to ChengyuZhu6/serve
that referenced
this issue
Sep 19, 2024
- Integrate Bandit to scan for security issues in the codebase. - Configure Bandit to fail the workflow if any high-severity issues are found. e.g.: ```bash >> Issue: [B605:start_process_with_a_shell] Starting a process with a shell, possible injection detected, security issue. Severity: High Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) More Info: https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html Location: ./binaries/build.py:52:30 51 if not args.dry_run: 52 build_exit_code = os.system(cur_wheel_cmd) 53 # If any one of the steps fail, exit with error ``` Fixes: pytorch#3311 Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
ChengyuZhu6
added a commit
to ChengyuZhu6/serve
that referenced
this issue
Oct 7, 2024
- Integrate Bandit to scan for security issues in the codebase. - Configure Bandit to fail the workflow if any high-severity issues are found. e.g.: ```bash >> Issue: [B605:start_process_with_a_shell] Starting a process with a shell, possible injection detected, security issue. Severity: High Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) More Info: https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html Location: ./binaries/build.py:52:30 51 if not args.dry_run: 52 build_exit_code = os.system(cur_wheel_cmd) 53 # If any one of the steps fail, exit with error ``` Fixes: pytorch#3311 Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
🐛 Describe the bug
Currently, the project does not have a security linter integrated into its CI pipeline. This poses potential risks as security vulnerabilities in Python code can go undetected. I found many high security issues using Bandit
Error logs
security-issues.log
Installation instructions
No
Model Packaging
No
config.properties
No response
Versions
No
Repro instructions
Reproduce:
Possible Solution
Add Security Check Using Bandit in CI
The text was updated successfully, but these errors were encountered: