Added snmp_security check plugin for various SNMP checks #403
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ericwb
requested changes
Oct 16, 2018
examples/snmp.py
Outdated
| @@ -0,0 +1,9 @@ | |||
| from pysnmp.hlapi import UsmUserData | |||
There was a problem hiding this comment.
Alpha sort: UsmUserData comes after CommunityData
| @@ -0,0 +1,8 @@ | |||
| ----------------------------- | |||
There was a problem hiding this comment.
Suggested change
| ----------------------------- | |
| ---------------------------- |
| @@ -0,0 +1,8 @@ | |||
| ----------------------------- | |||
| B508: snmp_weak_cryptography | |||
| ----------------------------- | |||
There was a problem hiding this comment.
Suggested change
| ----------------------------- | |
| ---------------------------- |
| if context.call_args_count == 1 or context.call_args_count == 1: | ||
| return bandit.Issue( | ||
| severity=bandit.MEDIUM, | ||
| confidence=bandit.MEDIUM, |
| severity=bandit.MEDIUM, | ||
| confidence=bandit.MEDIUM, | ||
| text="You should not use SNMPv3 without encryption. " | ||
| "noAuthNoPriv is an insecure method of transport.", |
There was a problem hiding this comment.
What about authNoPriv? Seems equally bad.
| context.check_call_arg_value("mpModel", 1): | ||
| return bandit.Issue( | ||
| severity=bandit.MEDIUM, | ||
| confidence=bandit.MEDIUM, |
|
@ericwb fixed up the lint errors you pointed out and corrected the duplicate code. As for using the blacklist plugin, I would think it should be its own plugin since its a very narrow use case |
ericwb
reviewed
Sep 25, 2019
ericwb
reviewed
Sep 25, 2019
ericwb
requested changes
Dec 12, 2020
Comment on lines
3
to
15
| # Copyright (c) 2018 SolarWinds, Inc. | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
| # not use this file except in compliance with the License. You may obtain | ||
| # a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
| # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
| # License for the specific language governing permissions and limitations | ||
| # under the License. |
There was a problem hiding this comment.
Switch to SPDX short form of the license.
ericwb
requested review from
ghugo,
lukehinds and
sigmavirus24
as code owners
ericwb
reviewed
Jan 25, 2022
ericwb
reviewed
Jan 25, 2022
ericwb
reviewed
Jan 25, 2022
ericwb
reviewed
Jan 25, 2022
ericwb
reviewed
Jan 25, 2022
This was referenced Jan 25, 2022
This was referenced Feb 28, 2022
This was referenced Mar 7, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This solves #355 by adding a single plugin that has two tests: