bluebird75 · May 15, 2021 16:51
diff --git a/gistfile1.txt b/gistfile1.txt
 [main]  INFO    profile include tests: None
 [main]  INFO    profile exclude tests: None
 [main]  INFO    cli include tests: None
 [main]  INFO    cli exclude tests: None
 [main]  INFO    running on Python 3.8.8
 Run started:2021-05-15 16:49:52.455989

 Test results:
 >> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling
 to optimised byte code.
   Severity: Low   Confidence: High
   Location: .\src\data_table.py:178
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
 177                     self.copy_list.append(self.sxfile.sxItemsEx[i])
 178             assert res == self.numRowsSelected()
 179             return res

 --------------------------------------------------
 >> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling
 to optimised byte code.
   Severity: Low   Confidence: High
   Location: .\src\data_table.py:190
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
 189             self.sxfile.syncFromEx()
 190             assert res == self.numRowsSelected()
 191             return res

 --------------------------------------------------
 >> Issue: [B605:start_process_with_a_shell] Starting a process with a shell, possible injection detected, security issue.
   Severity: High   Confidence: High
   Location: .\src\gui\ui_to_py.py:18
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b605_start_process_with_a_shell.html
 17              print( args )
 18              os.system("pyuic5.bat " + args)
 19

 --------------------------------------------------
 >> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling
 to optimised byte code.
   Severity: Low   Confidence: High
   Location: .\src\sx_item.py:41
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
 40
 41          assert len(norm_mask) == len(norm_v)
 42
 43          ret_l = []  # type: List[str]

 --------------------------------------------------
 >> Issue: [B406:blacklist] Using xml.sax to parse untrusted XML data is known to be vulnerable to XML
 attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
   Severity: Low   Confidence: High
   Location: .\src\utils.py:4
   More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b406-import-xml-sax
 3       import os
 4       import xml.sax as sax
 5       import xml.dom.minidom as dom

 --------------------------------------------------
 >> Issue: [B408:blacklist] Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
   Severity: Low   Confidence: High
   Location: .\src\utils.py:5
   More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b408-import-xml-minidom
 4       import xml.sax as sax
 5       import xml.dom.minidom as dom
 6
 7       from PyQt5.QtWidgets import QActionGroup, QAction

 --------------------------------------------------
 >> Issue: [B318:blacklist] Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
   Severity: Medium   Confidence: High
   Location: .\src\utils.py:20
   More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b313-b320-xml-bad-minidom
 19              try:
 20                  self.tree = dom.parse(fileName)
 21              except sax.SAXParseException :

 --------------------------------------------------

 Code scanned:
        Total lines of code: 3073
        Total lines skipped (#nosec): 0

 Run metrics:
        Total issues (by severity):
                Undefined: 0.0
                Low: 5.0
                Medium: 1.0
                High: 1.0
        Total issues (by confidence):
                Undefined: 0.0
                Low: 0.0
                Medium: 0.0
                High: 7.0
 Files skipped (0):
	[main] INFO profile include tests: None
	[main] INFO profile exclude tests: None
	[main] INFO cli include tests: None
	[main] INFO cli exclude tests: None
	[main] INFO running on Python 3.8.8
	Run started:2021-05-15 16:49:52.455989

	Test results:
	>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling
	to optimised byte code.
	Severity: Low Confidence: High
	Location: .\src\data_table.py:178
	More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
	177 self.copy_list.append(self.sxfile.sxItemsEx[i])
	178 assert res == self.numRowsSelected()
	179 return res

	--------------------------------------------------
	>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling
	to optimised byte code.
	Severity: Low Confidence: High
	Location: .\src\data_table.py:190
	More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
	189 self.sxfile.syncFromEx()
	190 assert res == self.numRowsSelected()
	191 return res

	--------------------------------------------------
	>> Issue: [B605:start_process_with_a_shell] Starting a process with a shell, possible injection detected, security issue.
	Severity: High Confidence: High
	Location: .\src\gui\ui_to_py.py:18
	More Info: https://bandit.readthedocs.io/en/latest/plugins/b605_start_process_with_a_shell.html
	17 print( args )
	18 os.system("pyuic5.bat " + args)
	19

	--------------------------------------------------
	>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling
	to optimised byte code.
	Severity: Low Confidence: High
	Location: .\src\sx_item.py:41
	More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
	40
	41 assert len(norm_mask) == len(norm_v)
	42
	43 ret_l = [] # type: List[str]

	--------------------------------------------------
	>> Issue: [B406:blacklist] Using xml.sax to parse untrusted XML data is known to be vulnerable to XML
	attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
	Severity: Low Confidence: High
	Location: .\src\utils.py:4
	More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b406-import-xml-sax
	3 import os
	4 import xml.sax as sax
	5 import xml.dom.minidom as dom

	--------------------------------------------------
	>> Issue: [B408:blacklist] Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
	Severity: Low Confidence: High
	Location: .\src\utils.py:5
	More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b408-import-xml-minidom
	4 import xml.sax as sax
	5 import xml.dom.minidom as dom
	6
	7 from PyQt5.QtWidgets import QActionGroup, QAction

	--------------------------------------------------
	>> Issue: [B318:blacklist] Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
	Severity: Medium Confidence: High
	Location: .\src\utils.py:20
	More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b313-b320-xml-bad-minidom
	19 try:
	20 self.tree = dom.parse(fileName)
	21 except sax.SAXParseException :

	--------------------------------------------------

	Code scanned:
	Total lines of code: 3073
	Total lines skipped (#nosec): 0

	Run metrics:
	Total issues (by severity):
	Undefined: 0.0
	Low: 5.0
	Medium: 1.0
	High: 1.0
	Total issues (by confidence):
	Undefined: 0.0
	Low: 0.0
	Medium: 0.0
	High: 7.0
	Files skipped (0):