Skip to content
This repository was archived by the owner on Mar 8, 2025. It is now read-only.

Static Analysis Findings: Security Issues in nats_request_plane.py #232

Open
nv-anants opened this issue Feb 21, 2025 · 0 comments
Open

Static Analysis Findings: Security Issues in nats_request_plane.py #232

nv-anants opened this issue Feb 21, 2025 · 0 comments

Comments

@nv-anants
Copy link
Contributor

This issue aggregates three security concerns identified by our static analysis:

>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.7.10/plugins/b108_hardcoded_tmp_directory.html
   Location: WHEEL_UNPACKED_DIR/triton_distributed_icp-0.2.1.dev0+b050c6b/triton_distributed/icp/nats_request_plane.py:89:25
88	        port: int = 4223,
89	        store_dir: str = "/tmp/nats_store",
90	        log_dir: str = "logs",
91	        debug: bool = False,
92	        clear_store: bool = True,
93	        dry_run: bool = False,
94	    ) -> None:
95	        self._process = None
96	        self.port = port
--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.7.10/plugins/b603_subprocess_without_shell_equals_true.html
   Location: WHEEL_UNPACKED_DIR/triton_distributed_icp-0.2.1.dev0+b050c6b/triton_distributed/icp/nats_request_plane.py:122:30
121	                with open(f"{log_dir}/nats_server.stderr.log", "wt") as output_err:
122	                    process = subprocess.Popen(
123	                        command,
124	                        stdin=subprocess.DEVNULL,
125	                        stdout=output_,
126	                        stderr=output_err,
127	                    )
128	                    self._process = process
--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.7.10/plugins/b603_subprocess_without_shell_equals_true.html
   Location: WHEEL_UNPACKED_DIR/triton_distributed_icp-0.2.1.dev0+b050c6b/triton_distributed/icp/nats_request_plane.py:130:22
129	        else:
130	            process = subprocess.Popen(
131	                command,
132	                stdin=subprocess.DEVNULL,
133	            )
134	            self._process = process
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nv-anants