B202: tarfile_unsafe_members
tduigou opened this issue · 0 comments
tduigou commented
We need to fix this safety error detected by bandit (check CI workflow):
=== BANDIT REPORT ===
Run started:2023-05-17 14:44:40.852460
Test results:
>> Issue: [B202:tarfile_unsafe_members] tarfile.extractall used without any validation. Please check and discard dangerous members.
Severity: High Confidence: High
CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
More Info: https://bandit.readthedocs.io/en/1.7.5/plugins/b202_tarfile_unsafe_members.html
Location: ../../rptools/rpreport/rp_report.py:250:16
249 tar = tarfile.open(source_path, mode='r')
250 tar.extractall(path=tmp_folder)
251 tar.close()
--------------------------------------------------
>> Issue: [B202:tarfile_unsafe_members] tarfile.extractall used without any validation. Please check and discard dangerous members.
Severity: High Confidence: High
CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
More Info: https://bandit.readthedocs.io/en/1.7.5/plugins/b202_tarfile_unsafe_members.html
Location: ../../rptools/rpviz/__main__.py:72:20
71 with tarfile.open(args.input_rpSBMLs, mode='r') as tar:
72 tar.extractall(path=tmp_folder)
73 _ = list(Path(tmp_folder).glob('*.xml'))