-
Notifications
You must be signed in to change notification settings - Fork 863
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CI: missing security check for security issues in the codebase #3311
Comments
ChengyuZhu6
added a commit
to ChengyuZhu6/serve
that referenced
this issue
Sep 12, 2024
- Integrate Bandit to scan for security issues in the codebase. - Configure Bandit to fail the workflow if any high-severity issues are found. e.g.: ```bash >> Issue: [B605:start_process_with_a_shell] Starting a process with a shell, possible injection detected, security issue. Severity: High Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) More Info: https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html Location: ./binaries/build.py:52:30 51 if not args.dry_run: 52 build_exit_code = os.system(cur_wheel_cmd) 53 # If any one of the steps fail, exit with error ``` Fixes: pytorch#3311 Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
1 task
Thanks @ChengyuZhu6 for flagging this and creating your PR! We will take a look! |
ChengyuZhu6
added a commit
to ChengyuZhu6/serve
that referenced
this issue
Sep 19, 2024
- Integrate Bandit to scan for security issues in the codebase. - Configure Bandit to fail the workflow if any high-severity issues are found. e.g.: ```bash >> Issue: [B605:start_process_with_a_shell] Starting a process with a shell, possible injection detected, security issue. Severity: High Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) More Info: https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html Location: ./binaries/build.py:52:30 51 if not args.dry_run: 52 build_exit_code = os.system(cur_wheel_cmd) 53 # If any one of the steps fail, exit with error ``` Fixes: pytorch#3311 Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
ChengyuZhu6
added a commit
to ChengyuZhu6/serve
that referenced
this issue
Oct 7, 2024
- Integrate Bandit to scan for security issues in the codebase. - Configure Bandit to fail the workflow if any high-severity issues are found. e.g.: ```bash >> Issue: [B605:start_process_with_a_shell] Starting a process with a shell, possible injection detected, security issue. Severity: High Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) More Info: https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html Location: ./binaries/build.py:52:30 51 if not args.dry_run: 52 build_exit_code = os.system(cur_wheel_cmd) 53 # If any one of the steps fail, exit with error ``` Fixes: pytorch#3311 Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
🐛 Describe the bug
Currently, the project does not have a security linter integrated into its CI pipeline. This poses potential risks as security vulnerabilities in Python code can go undetected. I found many high security issues using Bandit
Error logs
security-issues.log
Installation instructions
No
Model Packaging
No
config.properties
No response
Versions
No
Repro instructions
Reproduce:
Possible Solution
Add Security Check Using Bandit in CI
The text was updated successfully, but these errors were encountered: