diff --git a/static_code_analysis.txt b/static_code_analysis.txt index 8c74f81..a76679c 100644 --- a/static_code_analysis.txt +++ b/static_code_analysis.txt @@ -1,4 +1,4 @@ -Run started:2024-08-07 18:04:12.306814 +Run started:2024-08-29 15:51:04.711485 Test results: >> Issue: [B403:blacklist] Consider possible security implications associated with pickle module. @@ -15,39 +15,53 @@ Test results: Severity: Low Confidence: High CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html) More Info: https://bandit.readthedocs.io/en/1.7.7/plugins/b101_assert_used.html - Location: ./sdgym/benchmark.py:149:4 -148 synthesizer = synthesizer_dict['synthesizer'] -149 assert issubclass(synthesizer, BaselineSynthesizer), '`synthesizer` must be a synthesizer class' -150 + Location: ./sdgym/benchmark.py:152:8 +151 if isinstance(synthesizer, type): +152 assert issubclass( +153 synthesizer, BaselineSynthesizer +154 ), '`synthesizer` must be a synthesizer class' +155 synthesizer = synthesizer() + +-------------------------------------------------- +>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. + Severity: Low Confidence: High + CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html) + More Info: https://bandit.readthedocs.io/en/1.7.7/plugins/b101_assert_used.html + Location: ./sdgym/benchmark.py:157:8 +156 else: +157 assert issubclass( +158 type(synthesizer), BaselineSynthesizer +159 ), '`synthesizer` must be an instance of a synthesizer class.' +160 -------------------------------------------------- >> Issue: [B608:hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction. Severity: Medium Confidence: Low CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html) More Info: https://bandit.readthedocs.io/en/1.7.7/plugins/b608_hardcoded_sql_expressions.html - Location: ./sdgym/benchmark.py:645:23 -644 # User data script to install the library -645 user_data_script = f"""#!/bin/bash -646 sudo apt update -y -647 sudo apt install python3-pip -y -648 echo "======== Install Dependencies ============" -649 sudo pip3 install sdgym -650 sudo pip3 install anyio -651 pip3 list -652 sudo apt install awscli -y -653 aws configure set aws_access_key_id {credentials.access_key} -654 aws configure set aws_secret_access_key {credentials.secret_key} -655 aws configure set region {session.region_name} -656 echo "======== Write Script ===========" -657 sudo touch ~/sdgym_script.py -658 echo "{script_content}" > ~/sdgym_script.py -659 echo "======== Run Script ===========" -660 sudo python3 ~/sdgym_script.py -661 echo "======== Complete ===========" -662 INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) -663 aws ec2 terminate-instances --instance-ids $INSTANCE_ID -664 """ -665 + Location: ./sdgym/benchmark.py:675:23 +674 # User data script to install the library +675 user_data_script = f"""#!/bin/bash +676 sudo apt update -y +677 sudo apt install python3-pip -y +678 echo "======== Install Dependencies ============" +679 sudo pip3 install sdgym +680 sudo pip3 install anyio +681 pip3 list +682 sudo apt install awscli -y +683 aws configure set aws_access_key_id {credentials.access_key} +684 aws configure set aws_secret_access_key {credentials.secret_key} +685 aws configure set region {session.region_name} +686 echo "======== Write Script ===========" +687 sudo touch ~/sdgym_script.py +688 echo "{script_content}" > ~/sdgym_script.py +689 echo "======== Run Script ===========" +690 sudo python3 ~/sdgym_script.py +691 echo "======== Complete ===========" +692 INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) +693 aws ec2 terminate-instances --instance-ids $INSTANCE_ID +694 """ +695 -------------------------------------------------- >> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module. @@ -64,37 +78,37 @@ Test results: Severity: Low Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) More Info: https://bandit.readthedocs.io/en/1.7.7/plugins/b603_subprocess_without_shell_equals_true.html - Location: ./sdgym/utils.py:129:17 -128 command = ['nvidia-smi', '--query-gpu=utilization.gpu', '--format=csv,noheader,nounits'] -129 output = subprocess.run(command, stdout=subprocess.PIPE) -130 return len(output.stdout.decode().split()) + Location: ./sdgym/utils.py:133:17 +132 command = ['nvidia-smi', '--query-gpu=utilization.gpu', '--format=csv,noheader,nounits'] +133 output = subprocess.run(command, stdout=subprocess.PIPE) +134 return len(output.stdout.decode().split()) -------------------------------------------------- >> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input. Severity: Low Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) More Info: https://bandit.readthedocs.io/en/1.7.7/plugins/b603_subprocess_without_shell_equals_true.html - Location: ./sdgym/utils.py:145:17 -144 command = ['nvidia-smi', '--query-gpu=utilization.gpu', '--format=csv,noheader,nounits'] -145 output = subprocess.run(command, stdout=subprocess.PIPE) -146 loads = np.array(output.stdout.decode().split()).astype(float) + Location: ./sdgym/utils.py:149:17 +148 command = ['nvidia-smi', '--query-gpu=utilization.gpu', '--format=csv,noheader,nounits'] +149 output = subprocess.run(command, stdout=subprocess.PIPE) +150 loads = np.array(output.stdout.decode().split()).astype(float) -------------------------------------------------- Code scanned: - Total lines of code: 2694 + Total lines of code: 2735 Total lines skipped (#nosec): 0 Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0 Run metrics: Total issues (by severity): Undefined: 0 - Low: 5 + Low: 6 Medium: 1 High: 0 Total issues (by confidence): Undefined: 0 Low: 1 Medium: 0 - High: 5 + High: 6 Files skipped (0):