mirror
/
glances
mirror of https://github.com/nicolargo/glances.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
glances/bandit_report_v2.txt

400 lines
19 KiB
Plaintext
Raw Permalink Blame History

Run started:2025-12-19 19:21:21.068196+00:00
Test results:
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
Severity: Low Confidence: High
CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/blacklists/blacklist_imports.html#b404-import-subprocess
Location: glances/amps/systemd/__init__.py:37:0
36
37 from subprocess import CalledProcessError, check_output
38
--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
Severity: Low Confidence: High
CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b603_subprocess_without_shell_equals_true.html
Location: glances/amps/systemd/__init__.py:62:18
61 try:
62 res = check_output(self.get('systemctl_cmd').split())
63 except (OSError, CalledProcessError) as e:
--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: ''
Severity: Low Confidence: Medium
CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b105_hardcoded_password_string.html
Location: glances/client.py:56:28
55 # Build the URI
56 if args.password != "":
57 self.uri = f'http://{args.username}:{args.password}@{args.client}:{args.port}'
--------------------------------------------------
>> Issue: [B608:hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction.
Severity: Medium Confidence: Low
CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b608_hardcoded_sql_expressions.html
Location: glances/exports/glances_cassandra/__init__.py:112:21
111 try:
112 stmt = f"INSERT INTO {self.table} (plugin, time, stat) VALUES (?, ?, ?)"
113 query = self.session.prepare(stmt)
--------------------------------------------------
>> Issue: [B608:hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction.
Severity: Medium Confidence: Low
CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b608_hardcoded_sql_expressions.html
Location: glances/exports/glances_duckdb/__init__.py:172:31
171 for values in values_list:
172 insert_query = f"""
173 INSERT INTO {plugin} VALUES (
174 {', '.join(['?' for _ in values])}
175 );"""
176 logger.debug(f"Insert values into table {plugin}: {values}")
--------------------------------------------------
>> Issue: [B608:hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction.
Severity: Medium Confidence: Medium
CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b608_hardcoded_sql_expressions.html
Location: glances/exports/glances_timescaledb/__init__.py:178:26
177 # Is the table exists?
178 cur.execute(f"select exists(select * from information_schema.tables where table_name='{plugin}')")
179 if not cur.fetchone()[0]:
--------------------------------------------------
>> Issue: [B608:hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction.
Severity: Medium Confidence: Low
CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b608_hardcoded_sql_expressions.html
Location: glances/exports/glances_timescaledb/__init__.py:202:29
201 insert_list = [f"({','.join(i)})" for i in values_list]
202 insert_query = f"INSERT INTO {plugin} VALUES {','.join(insert_list)};"
203 logger.debug(f"Insert data into table: {insert_query}")
--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
Severity: Low Confidence: High
CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/blacklists/blacklist_imports.html#b404-import-subprocess
Location: glances/globals.py:25:0
24 import re
25 import subprocess
26 import sys
--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
Severity: Low Confidence: High
CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b603_subprocess_without_shell_equals_true.html
Location: glances/globals.py:159:14
158 try:
159 res = subprocess.run(command.split(' '), stdout=subprocess.PIPE).stdout.decode('utf-8')
160 except Exception as e:
--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
Severity: Medium Confidence: High
CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/blacklists/blacklist_calls.html#b310-urllib-urlopen
Location: glances/globals.py:346:11
345 """Open a url with basic auth"""
346 return urlopen(
347 Request(
348 url,
349 headers={'Authorization': 'Basic ' + base64.b64encode(f'{username}:{password}'.encode()).decode()},
350 )
351 )
352
--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: ''
Severity: Low Confidence: Medium
CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b105_hardcoded_password_string.html
Location: glances/main.py:46:15
45 username = "glances"
46 password = ""
47
--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
Severity: Medium Confidence: Medium
CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b104_hardcoded_bind_all_interfaces.html
Location: glances/main.py:420:20
419 '--bind',
420 default='0.0.0.0',
421 dest='bind_address',
--------------------------------------------------
>> Issue: [B403:blacklist] Consider possible security implications associated with pickle module.
Severity: Low Confidence: High
CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/blacklists/blacklist_imports.html#b403-import-pickle
Location: glances/outdated.py:13:0
12 import os
13 import pickle
14 import threading
--------------------------------------------------
>> Issue: [B301:blacklist] Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
Severity: Medium Confidence: High
CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/blacklists/blacklist_calls.html#b301-pickle
Location: glances/outdated.py:121:30
120 with open(self.cache_file, 'rb') as f:
121 cached_data = pickle.load(f)
122 except Exception as e:
--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
Severity: Low Confidence: High
CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b110_try_except_pass.html
Location: glances/outputs/glances_colors.py:109:12
108 self.SEPARATOR = curses.color_pair(11)
109 except Exception:
110 # Catch exception in TMUX
111 pass
112
--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
Severity: Low Confidence: High
CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b110_try_except_pass.html
Location: glances/outputs/glances_colors.py:119:12
118 curses.init_pair(12, -1, curses.COLOR_BLUE)
119 except Exception:
120 pass
121 else:
--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
Severity: Low Confidence: High
CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b110_try_except_pass.html
Location: glances/outputs/glances_curses.py:254:12
253 curses.curs_set(value)
254 except Exception:
255 pass
256
--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
Severity: Low Confidence: High
CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b110_try_except_pass.html
Location: glances/outputs/glances_curses.py:459:8
458 curses.curs_set(1)
459 except Exception:
460 pass
461 try:
--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
Severity: Low Confidence: High
CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b110_try_except_pass.html
Location: glances/outputs/glances_curses.py:463:8
462 curses.endwin()
463 except Exception:
464 pass
465 self.is_end = True
--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
Severity: Low Confidence: High
CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b110_try_except_pass.html
Location: glances/outputs/glances_curses.py:1029:12
1028 continue
1029 except Exception:
1030 # Avoid exception (see issue #1692)
1031 pass
1032 # Do not display outside the screen
--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
Severity: Low Confidence: High
CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b110_try_except_pass.html
Location: glances/outputs/glances_curses.py:1049:12
1048 self.display_stats_with_current_size(m, y, x)
1049 except Exception:
1050 pass
1051 else:
--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
Severity: Low Confidence: High
CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b110_try_except_pass.html
Location: glances/outputs/glances_stdout_issue.py:75:12
74 stats._plugins[plugin].update()
75 except Exception:
76 pass
77
--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
Severity: Low Confidence: High
CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/blacklists/blacklist_imports.html#b404-import-subprocess
Location: glances/plugins/ports/__init__.py:14:0
13 import socket
14 import subprocess
15 import threading
--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
Severity: Medium Confidence: Low
CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b113_request_without_timeout.html
Location: glances/plugins/ports/__init__.py:305:18
304 try:
305 req = requests.head(
306 web['url'],
307 allow_redirects=True,
308 verify=web['ssl_verify'],
309 proxies=web['proxies'],
310 timeout=web['timeout'],
311 )
312 except Exception as e:
--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
Severity: Low Confidence: High
CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b603_subprocess_without_shell_equals_true.html
Location: glances/plugins/ports/__init__.py:367:18
366 counter = Counter()
367 ret = subprocess.check_call(cmd, stdout=fnull, stderr=fnull, close_fds=True)
368 if ret == 0:
--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Severity: Low Confidence: High
CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b101_assert_used.html
Location: glances/plugins/smart/__init__.py:111:20
110 try:
111 assert num is not None
112 except Exception as e:
--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
Severity: Low Confidence: High
CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b110_try_except_pass.html
Location: glances/plugins/uptime/__init__.py:68:12
67 stats = str(timedelta(seconds=int(uptime) / 100))
68 except Exception:
69 pass
70
--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Severity: Low Confidence: High
CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b101_assert_used.html
Location: glances/processes.py:739:8
738 """Kill process with pid"""
739 assert pid != os.getpid(), "Glances can kill itself..."
740 p = psutil.Process(pid)
--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
Severity: Low Confidence: High
CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/blacklists/blacklist_imports.html#b404-import-subprocess
Location: glances/secure.py:12:0
11 import re
12 from subprocess import PIPE, Popen
13
--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
Severity: Low Confidence: High
CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b603_subprocess_without_shell_equals_true.html
Location: glances/secure.py:55:12
54 sub_cmd_split = [_[1:-1] if (_[0] == _[-1] == '"') or (_[0] == _[-1] == '\'') else _ for _ in tmp_split]
55 p = Popen(sub_cmd_split, shell=False, stdin=sub_cmd_stdin, stdout=PIPE, stderr=PIPE)
56 if p_last is not None:
--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Severity: Low Confidence: High
CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b101_assert_used.html
Location: glances/server.py:55:12
54 (basic, _, encoded) = headers.get('Authorization').partition(' ')
55 assert basic == 'Basic', 'Only basic authentication supported'
56 # Encoded portion of the header is a string
--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: ''
Severity: Low Confidence: Medium
CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b105_hardcoded_password_string.html
Location: glances/server.py:218:33
217 # Set the server login/password (if -P/--password tag)
218 if self.args.password != "":
219 self.add_user(self.args.username, self.args.password)
--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
Severity: Medium Confidence: Medium
CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b104_hardcoded_bind_all_interfaces.html
Location: glances/servers_list_dynamic.py:212:66
211 # -B @ overwrite the dynamic IPv4 choice
212 if netifaces_tag and zeroconf_bind_address == '0.0.0.0':
213 zeroconf_bind_address = self.find_active_ip_address()
--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
Severity: Low Confidence: High
CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b110_try_except_pass.html
Location: glances/servers_list_dynamic.py:214:16
213 zeroconf_bind_address = self.find_active_ip_address()
214 except Exception:
215 # Issue #528 (no network interface available)
216 # Issue #3219 (no implementation for gateway())
217 pass
218
--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: ''
Severity: Low Confidence: Medium
CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
More Info: https://bandit.readthedocs.io/en/1.9.2/plugins/b105_hardcoded_password_string.html
Location: glances/servers_list_static.py:61:27
60 new_server['username'] = 'glances'
61 new_server['password'] = ''
62
--------------------------------------------------
Code scanned:
Total lines of code: 18668
Total lines skipped (#nosec): 0
Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0
Run metrics:
Total issues (by severity):
Undefined: 0
Low: 26
Medium: 9
High: 0
Total issues (by confidence):
Undefined: 0
Low: 4
Medium: 7
High: 24
Files skipped (0):
Reference in New Issue View Git Blame Copy Permalink