-
Notifications
You must be signed in to change notification settings - Fork 2
Dungeoneer's Survival Guide
Hubert Tournier edited this page Jul 3, 2021
·
2 revisions
This place is dedicated to documenting security issues in The PNU Project.
Each command is scanned with the bandit tool.
None
-
Security considerations in the manual page.
- The command is perfectly safe for your own use or with The PNU project test files.
- For test files from unknown sources, make sure to:
- review those files prior to execution,
- use the b2bt command with an unpriviledged account (builtin warning)
- use the b2bt command with autoconfirmation option disabled (default behaviour)
-
Bandit output. Details:
| Issue | Severity | Status |
|---|---|---|
| [B404:blacklist] Consider possible security implications associated with subprocess module | 🔶 Low | ✔️ OK |
| [B303:blacklist] Use of insecure MD2, MD4, MD5, or SHA1 hash function | 🔸 Medium | ✔️ OK |
| [B607:start_process_with_partial_path] Starting a process with a partial executable path | 🔸 Low | ✅ Mitigated |
| [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input | 🔸 Low | ✔️ OK |
| [B602:subprocess_popen_with_shell_equals_true] subprocess call with shell=True identified, security issue | 🔴 High | ✅ Mitigated |