-
Notifications
You must be signed in to change notification settings - Fork 62
/
Copy pathstatic_code_analysis.txt
124 lines (113 loc) · 5.5 KB
/
static_code_analysis.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
Run started:2025-02-06 22:48:29.453631
Test results:
>> Issue: [B403:blacklist] Consider possible security implications associated with pickle module.
Severity: Low Confidence: High
CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
More Info: https://bandit.readthedocs.io/en/1.7.7/blacklists/blacklist_imports.html#b403-import-pickle
Location: ./sdgym/benchmark.py:7:0
6 import os
7 import pickle
8 import tracemalloc
--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Severity: Low Confidence: High
CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
More Info: https://bandit.readthedocs.io/en/1.7.7/plugins/b101_assert_used.html
Location: ./sdgym/benchmark.py:151:8
150 if isinstance(synthesizer, type):
151 assert issubclass(synthesizer, BaselineSynthesizer), (
152 '`synthesizer` must be a synthesizer class'
153 )
154 synthesizer = synthesizer()
--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Severity: Low Confidence: High
CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
More Info: https://bandit.readthedocs.io/en/1.7.7/plugins/b101_assert_used.html
Location: ./sdgym/benchmark.py:156:8
155 else:
156 assert issubclass(type(synthesizer), BaselineSynthesizer), (
157 '`synthesizer` must be an instance of a synthesizer class.'
158 )
159
--------------------------------------------------
>> Issue: [B608:hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction.
Severity: Medium Confidence: Low
CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html)
More Info: https://bandit.readthedocs.io/en/1.7.7/plugins/b608_hardcoded_sql_expressions.html
Location: ./sdgym/benchmark.py:674:23
673 # User data script to install the library
674 user_data_script = f"""#!/bin/bash
675 sudo apt update -y
676 sudo apt install python3-pip -y
677 echo "======== Install Dependencies ============"
678 sudo pip3 install sdgym
679 sudo pip3 install anyio
680 pip3 list
681 sudo apt install awscli -y
682 aws configure set aws_access_key_id {credentials.access_key}
683 aws configure set aws_secret_access_key {credentials.secret_key}
684 aws configure set region {session.region_name}
685 echo "======== Write Script ==========="
686 sudo touch ~/sdgym_script.py
687 echo "{script_content}" > ~/sdgym_script.py
688 echo "======== Run Script ==========="
689 sudo python3 ~/sdgym_script.py
690 echo "======== Complete ==========="
691 INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
692 aws ec2 terminate-instances --instance-ids $INSTANCE_ID
693 """
694
--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
Severity: Low Confidence: High
CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
More Info: https://bandit.readthedocs.io/en/1.7.7/blacklists/blacklist_imports.html#b404-import-subprocess
Location: ./sdgym/utils.py:5:0
4 import os
5 import subprocess
6 import sys
--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
Severity: Low Confidence: High
CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
More Info: https://bandit.readthedocs.io/en/1.7.7/plugins/b603_subprocess_without_shell_equals_true.html
Location: ./sdgym/utils.py:133:17
132 command = ['nvidia-smi', '--query-gpu=utilization.gpu', '--format=csv,noheader,nounits']
133 output = subprocess.run(command, stdout=subprocess.PIPE)
134 return len(output.stdout.decode().split())
--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
Severity: Low Confidence: High
CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
More Info: https://bandit.readthedocs.io/en/1.7.7/plugins/b603_subprocess_without_shell_equals_true.html
Location: ./sdgym/utils.py:149:17
148 command = ['nvidia-smi', '--query-gpu=utilization.gpu', '--format=csv,noheader,nounits']
149 output = subprocess.run(command, stdout=subprocess.PIPE)
150 loads = np.array(output.stdout.decode().split()).astype(float)
--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: 'sdgym['
Severity: Low Confidence: Medium
CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
More Info: https://bandit.readthedocs.io/en/1.7.7/plugins/b105_hardcoded_password_string.html
Location: ./tasks.py:103:18
102 extra_dependencies = []
103 start_token = 'sdgym['
104 for dep in test_dependencies:
--------------------------------------------------
Code scanned:
Total lines of code: 2855
Total lines skipped (#nosec): 0
Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0
Run metrics:
Total issues (by severity):
Undefined: 0
Low: 7
Medium: 1
High: 0
Total issues (by confidence):
Undefined: 0
Low: 1
Medium: 1
High: 6
Files skipped (0):