refactor(#4282): Update known flaws files for 4.8.0

wazuh · Aug 23, 2023 · cd849fe · cd849fe
1 parent ea84bee
commit cd849fe
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 41 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,7 @@ Release report: TBD
 
 - Update _wazuh_db_ schema database version ([#4353](https:/wazuh/wazuh-qa/pull/4353)) \- (Tests)
 - Update the JSON schema with the required fields for the output content of the migration tool ([#4375](https:/wazuh/wazuh-qa/pull/4375)) \- (Tests)
+- Update framework known flaws file ([#4443](https:/wazuh/wazuh-qa/pull/4443)) \- (Tests)
 
 ## [4.7.0] - TBD
 

diff --git a/tests/scans/code_analysis/known_flaws/known_flaws_api.json b/tests/scans/code_analysis/known_flaws/known_flaws_api.json
@@ -1,30 +1,30 @@
 {
  "false_positives": [
  {
- "code": " default_api_configuration = {\n \"host\": \"0.0.0.0\",\n \"port\": 55000,\n \"drop_privileges\": True,\n \"experimental_features\": False,\n \"max_upload_size\": 10485760,\n \"intervals\": {\n \"request_timeout\": 10\n },\n38 \"https\": {\n39 \"enabled\": True,\n40 \"key\": \"server.key\",\n41 \"cert\": \"server.crt\",\n42 \"use_ca\": False,\n43 \"ca\": \"ca.crt\",\n44 \"ssl_protocol\": \"TLSv1.2\",\n45 \"ssl_ciphers\": \"\"\n46 },\n47 \"logs\": {\n48 \"level\": \"info\",\n49 \"format\": \"plain\",\n50 \"max_size\": {\n51 \"enabled\": False,\n52 \"size\": \"1M\"\n53 }\n54 },\n55 \"cors\": {\n56 \"enabled\": False,\n57 \"source_route\": \"*\",\n58 \"expose_headers\": \"*\",\n59 \"allow_headers\": \"*\",\n60 \"allow_credentials\": False,\n61 },\n62 \"cache\": {\n63 \"enabled\": True,\n64 \"time\": 0.750\n65 },\n66 \"access\": {\n67 \"max_login_attempts\": 50,\n68 \"block_time\": 300,\n69 \"max_request_per_minute\": 300\n70 },\n71 \"upload_configuration\": {\n72 \"remote_commands\": {\n73 \"localfile\": {\n74 \"allow\": True,\n75 \"exceptions\": []\n76 },\n77 \"wodle_command\": {\n78 \"allow\": True,\n79 \"exceptions\": []\n80 }\n81 },\n82 \"limits\": {\n83 \"eps\": {\n84 \"allow\": True\n85 }\n86 }\n",
+ "code": " default_api_configuration = {\n \"host\": \"0.0.0.0\",\n \"port\": 55000,\n \"drop_privileges\": True,\n \"experimental_features\": False,\n \"max_upload_size\": 10485760,\n \"intervals\": {\n \"request_timeout\": 10\n },\n38 \"https\": {\n39 \"enabled\": True,\n40 \"key\": \"server.key\",\n41 \"cert\": \"server.crt\",\n42 \"use_ca\": False,\n43 \"ca\": \"ca.crt\",\n44 \"ssl_protocol\": \"TLSv1.2\",\n45 \"ssl_ciphers\": \"\"\n46 },\n47 \"logs\": {\n48 \"level\": \"info\",\n49 \"format\": \"plain\",\n50 \"max_size\": {\n51 \"enabled\": False,\n52 \"size\": \"1M\"\n53 }\n54 },\n55 \"cors\": {\n56 \"enabled\": False,\n57 \"source_route\": \"*\",\n58 \"expose_headers\": \"*\",\n59 \"allow_headers\": \"*\",\n60 \"allow_credentials\": False,\n61 },\n62 \"cache\": {\n63 \"enabled\": True,\n64 \"time\": 0.750\n65 },\n66 \"access\": {\n67 \"max_login_attempts\": 50,\n68 \"block_time\": 300,\n69 \"max_request_per_minute\": 300\n70 },\n71 \"upload_configuration\": {\n72 \"remote_commands\": {\n73 \"localfile\": {\n74 \"allow\": True,\n75 \"exceptions\": []\n76 },\n77 \"wodle_command\": {\n78 \"allow\": True,\n79 \"exceptions\": []\n80 }\n81 },\n82 \"limits\": {\n83 \"eps\": {\n84 \"allow\": True\n85 }\n86 },\n87 \"agents\": {\n88 \"allow_higher_versions\": {\n89 \"allow\": True\n90 }\n91 }\n",
  "filename": "api/api/configuration.py",
  "issue_confidence": "MEDIUM",
  "issue_severity": "MEDIUM",
  "issue_text": "Possible binding to all interfaces.",
  "line_number": 30,
  "line_range": [
  29,
- 84
+ 89
  ],
  "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b104_hardcoded_bind_all_interfaces.html",
  "test_id": "B104",
  "test_name": "hardcoded_bind_all_interfaces"
  },
  {
- "code": " )\n app.add_api('spec.yaml',\n arguments={'title': 'Wazuh API',\n 'protocol': 'https' if api_conf['https']['enabled'] else 'http',\n 'host': api_conf['host'],\n 'port': api_conf['port']\n },\n strict_validation=True,\n validate_responses=False,\n76 pass_context_arg_name='request',\n77 options={\"middlewares\": [response_postprocessing, security_middleware, request_logging,\n78 set_secure_headers]})\n79 \n",
+ "code": " )\n app.add_api('spec.yaml',\n arguments={'title': 'Wazuh API',\n 'protocol': 'https' if api_conf['https']['enabled'] else 'http',\n 'host': api_conf['host'],\n 'port': api_conf['port']\n },\n strict_validation=True,\n validate_responses=False,\n82 pass_context_arg_name='request',\n83 options={\"middlewares\": [response_postprocessing, security_middleware, request_logging,\n84 set_secure_headers]})\n85 \n",
  "filename": "api/scripts/wazuh-apid.py",
  "issue_confidence": "MEDIUM",
  "issue_severity": "LOW",
  "issue_text": "Possible hardcoded password: 'request'",
- "line_number": 68,
+ "line_number": 74,
  "line_range": [
- 68,
- 78
+ 74,
+ 84
  ],
  "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b106_hardcoded_password_funcarg.html",
  "test_id": "B106",

diff --git a/tests/scans/code_analysis/known_flaws/known_flaws_framework.json b/tests/scans/code_analysis/known_flaws/known_flaws_framework.json
@@ -6,9 +6,9 @@
  "issue_confidence": "HIGH",
  "issue_severity": "MEDIUM",
  "issue_text": "Use of insecure MD2, MD4, MD5, or SHA1 hash function.",
- "line_number": 724,
+ "line_number": 737,
  "line_range": [
- 724
+ 737
  ],
  "more_info": "https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b303-md5",
  "test_id": "B303",
@@ -20,38 +20,10 @@
  "issue_confidence": "HIGH",
  "issue_severity": "LOW",
  "issue_text": "subprocess call - check for execution of untrusted input.",
- "line_number": 991,
+ "line_number": 1001,
  "line_range": [
- 991,
- 992
- ],
- "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html",
- "test_id": "B603",
- "test_name": "subprocess_without_shell_equals_true"
- },
- {
- "code": " import struct\n import subprocess\n import sys\n",
- "filename": "framework/scripts/wazuh_logtest.py",
- "issue_confidence": "HIGH",
- "issue_severity": "LOW",
- "issue_text": "Consider possible security implications associated with subprocess module.",
- "line_number": 14,
- "line_range": [
- 14
- ],
- "more_info": "https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess",
- "test_id": "B404",
- "test_name": "blacklist"
- },
- {
- "code": " try:\n proc = subprocess.Popen([wazuh_control, \"info\"], stdout=subprocess.PIPE)\n (stdout, stderr) = proc.communicate()\n",
- "filename": "framework/scripts/wazuh_logtest.py",
- "issue_confidence": "HIGH",
- "issue_severity": "LOW",
- "issue_text": "subprocess call - check for execution of untrusted input.",
- "line_number": 521,
- "line_range": [
- 521
+ 1001,
+ 1002
  ],
  "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html",
  "test_id": "B603",
@@ -164,9 +136,9 @@
  "issue_confidence": "HIGH",
  "issue_severity": "MEDIUM",
  "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.",
- "line_number": 1793,
+ "line_number": 1796,
  "line_range": [
- 1793
+ 1796
  ],
  "more_info": "https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b307-eval",
  "test_id": "B307",