Bandit Report

hardcoded_tmp_directory: Probable insecure usage of temp file/directory.
Test ID: B108
Severity: MEDIUM
Confidence: MEDIUM
File: plugin/controllers/AT.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b108_hardcoded_tmp_directory.html

75				os.remove(ATFN)
76			checkfile = '/tmp/.autotimeredit'
77			f = os.open(checkfile, os.O_WRONLY | os.O_CREAT)

start_process_with_a_shell: Starting a process with a shell, possible injection detected, security issue.
Test ID: B605
Severity: HIGH
Confidence: HIGH
File: plugin/controllers/AT.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b605_start_process_with_a_shell.html

88					tarFiles += "%s " % arg
89				lines = os.popen("tar cvf %s %s" % (ATFN, tarFiles)).readlines()
90				os.remove(checkfile)

112				check_tar = False
113				lines = os.popen('tar -tf %s' % ATFN).readlines()
114				for line in lines:

119				if check_tar:
120					lines = os.popen('tar xvf %s -C /' % ATFN).readlines()
121

try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
File: plugin/controllers/AT.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b110_try_except_pass.html

127							autotimer.readXml()
128						except Exception:
129							# TODO: proper error handling

hardcoded_password_string: Possible hardcoded password: ''
Test ID: B105
Severity: LOW
Confidence: MEDIUM
File: plugin/controllers/NET.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html

186			if password is None:
187				password = ""
188

hardcoded_tmp_directory: Probable insecure usage of temp file/directory.
Test ID: B108
Severity: MEDIUM
Confidence: MEDIUM
File: plugin/controllers/base.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b108_hardcoded_tmp_directory.html

281			variant = "oscam"
282			for file in ["/tmp/.ncam/ncam.version", "/tmp/.oscam/oscam.version"]:
283				if fileExists(file):  # nosec

hardcoded_tmp_directory: Probable insecure usage of temp file/directory.
Test ID: B108
Severity: MEDIUM
Confidence: MEDIUM
File: plugin/controllers/base.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b108_hardcoded_tmp_directory.html

281			variant = "oscam"
282			for file in ["/tmp/.ncam/ncam.version", "/tmp/.oscam/oscam.version"]:
283				if fileExists(file):  # nosec

try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
File: plugin/controllers/epgevent.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b110_try_except_pass.html

174				debug("[[[   convertRating(%s) age=%s country=%s  ]]]" % (val, age, country), "EPGEvent")
175			except Exception as err:
176				pass

hardcoded_tmp_directory: Probable insecure usage of temp file/directory.
Test ID: B108
Severity: MEDIUM
Confidence: MEDIUM
File: plugin/controllers/ipkg.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b108_hardcoded_tmp_directory.html

92			try:
93				for line in open("/tmp/opkg.tmp", 'r'):
94					if line.startswith('Package:'):

hardcoded_tmp_directory: Probable insecure usage of temp file/directory.
Test ID: B108
Severity: MEDIUM
Confidence: MEDIUM
File: plugin/controllers/ipkg.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b108_hardcoded_tmp_directory.html

216					try:
217						data = open("/tmp/opkg.tmp", 'r').read()
218						self.request.write(six.ensure_binary(data))

try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
File: plugin/controllers/models/OWFMovieList.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b110_try_except_pass.html

46					return serviceref.getPath()
47			except:
48				pass

try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
File: plugin/controllers/models/config.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b110_try_except_pass.html

241					})
242				except Exception:
243					pass

blacklist: Use of possibly insecure function - consider using safer ast.literal_eval.
Test ID: B307
Severity: MEDIUM
Confidence: HIGH
File: plugin/controllers/models/config.py
More info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b307-eval

330						try:
331							result = eval(require)
332							result = bool(result.value and str(result.value).lower() not in ("0", "disable", "false", "no", "off"))

341				try:
342					if not bool(eval(conditional)):
343						return False

hardcoded_tmp_directory: Probable insecure usage of temp file/directory.
Test ID: B108
Severity: MEDIUM
Confidence: MEDIUM
File: plugin/controllers/models/grab.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b108_hardcoded_tmp_directory.html

71	
72			self.filepath = "/tmp/screenshot." + fileformat
73			self.container = eConsoleAppContainer()

blacklist: Use of insecure MD2, MD4, MD5, or SHA1 hash function.
Test ID: B303
Severity: MEDIUM
Confidence: HIGH
File: plugin/controllers/models/owibranding.py
More info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b303-md5

82		dest = rsa_pub1024(src[:128], mod)
83		hash = hashlib.sha1(dest[1:107])
84		if len(src) == 202:

try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
File: plugin/controllers/models/stream.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b110_try_except_pass.html

110					args = args.replace('__', urlparam)
111				except Exception:
112					pass

216						args = args.replace('__', urlparam)
217					except Exception:
218						pass

try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
File: plugin/controllers/models/timers.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b110_try_except_pass.html

95				filename = timer.Filename
96			except Exception:
97				pass

100				nextactivation = timer.next_activation
101			except Exception:
102				pass

hardcoded_bind_all_interfaces: Possible binding to all interfaces.
Test ID: B104
Severity: MEDIUM
Confidence: MEDIUM
File: plugin/controllers/views/ajax/boxinfo.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b104_hardcoded_bind_all_interfaces.html

427	''')
428	            if VFFSL(SL,"iface.ip",True) != "0.0.0.0": # generated from line 165, col 7
429	                write(u'''\t\t\t\t\t\t\t<tr>

hardcoded_bind_all_interfaces: Possible binding to all interfaces.
Test ID: B104
Severity: MEDIUM
Confidence: MEDIUM
File: plugin/controllers/views/responsive/ajax/boxinfo.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b104_hardcoded_bind_all_interfaces.html

531	''')
532	            if VFFSL(SL,"iface.ip",True) != "0.0.0.0": # generated from line 250, col 7
533	                write(u'''\t\t\t\t\t\t\t\t\t<div class="row clearfix">

try_except_pass: Try, Except, Pass detected.
Test ID: B110
Severity: LOW
Confidence: HIGH
File: plugin/controllers/web.py
More info: https://bandit.readthedocs.io/en/latest/plugins/b110_try_except_pass.html

2345						return {'configs': resultcfgs}
2346				except Exception:
2347					# TODO show exception

2359					comp_config.OpenWebif.webcache.moviedb.save()
2360				except Exception:
2361					pass

2389					comp_config.OpenWebif.webcache.smallremote.save()
2390				except Exception:
2391					pass

2395					comp_config.OpenWebif.webcache.theme.save()
2396				except Exception:
2397					pass