Fixing common security vulnerabilities 27/12527/1 v12.0.3 v12.0.4 v12.0.5
authoraticig <gulsum.atici@canonical.com>
Wed, 24 Aug 2022 19:41:56 +0000 (22:41 +0300)
committeraticig <gulsum.atici@canonical.com>
Mon, 5 Sep 2022 19:49:13 +0000 (21:49 +0200)
Correcting try-except-pass usage, removing assert improper usage.

Change-Id: Ic24c7e8a8f579c6dfd4a9740eff11ab1561af5e1
Signed-off-by: aticig <gulsum.atici@canonical.com>
(cherry picked from commit d3b582a7268d90c072bb7fbe10a25c80851f3c1e)

osm_common/__init__.py
osm_common/dbmemory.py
osm_common/msglocal.py
releasenotes/notes/Fixing_security_vulnerabilities-5e91fae03833135a.yaml [new file with mode: 0644]

index 8bc5507..c4c32da 100644 (file)
@@ -14,6 +14,7 @@
 # implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+import logging
 
 version = "7.0.0.post4"
 date_version = "2019-01-21"
@@ -23,5 +24,6 @@ try:
     from pkg_resources import get_distribution
 
     version = get_distribution("osm_common").version
-except Exception:
-    pass
+
+except Exception as init_error:
+    logging.exception(f"{init_error} occured while getting the common version")
index 9f8c571..ad52135 100644 (file)
@@ -398,16 +398,18 @@ class DbMemory(DbBase):
                         )
                         del dict_to_update[key_to_update]
                         updated = True
-                    except Exception:
-                        pass
+                    except Exception as unset_error:
+                        self.logger.error(f"{unset_error} occured while updating DB.")
             if pull:
                 for dot_k, v in pull.items():
                     try:
                         dict_to_update, key_to_update, _ = _iterate_keys(
                             dot_k, db_item, populate=False
                         )
-                    except Exception:
+                    except Exception as pull_error:
+                        self.logger.error(f"{pull_error} occured while updating DB.")
                         continue
+
                     if key_to_update not in dict_to_update:
                         continue
                     if not isinstance(dict_to_update[key_to_update], list):
@@ -430,8 +432,12 @@ class DbMemory(DbBase):
                         dict_to_update, key_to_update, _ = _iterate_keys(
                             dot_k, db_item, populate=False
                         )
-                    except Exception:
+                    except Exception as iterate_error:
+                        self.logger.error(
+                            f"{iterate_error} occured while iterating keys in db update."
+                        )
                         continue
+
                     if key_to_update not in dict_to_update:
                         continue
                     if not isinstance(dict_to_update[key_to_update], list):
index 2f90307..6d4cb58 100644 (file)
@@ -64,14 +64,37 @@ class MsgLocal(MsgBase):
             try:
                 f.close()
                 self.files_read[topic] = None
-            except Exception:  # TODO refine
-                pass
+            except Exception as read_topic_error:
+                if isinstance(read_topic_error, (IOError, FileNotFoundError)):
+                    self.logger.exception(
+                        f"{read_topic_error} occured while closing read topic files."
+                    )
+                elif isinstance(read_topic_error, KeyError):
+                    self.logger.exception(
+                        f"{read_topic_error} occured while reading from files_read dictionary."
+                    )
+                else:
+                    self.logger.exception(
+                        f"{read_topic_error} occured while closing read topics."
+                    )
+
         for topic, f in self.files_write.items():
             try:
                 f.close()
                 self.files_write[topic] = None
-            except Exception:  # TODO refine
-                pass
+            except Exception as write_topic_error:
+                if isinstance(write_topic_error, (IOError, FileNotFoundError)):
+                    self.logger.exception(
+                        f"{write_topic_error} occured while closing write topic files."
+                    )
+                elif isinstance(write_topic_error, KeyError):
+                    self.logger.exception(
+                        f"{write_topic_error} occured while reading from files_write dictionary."
+                    )
+                else:
+                    self.logger.exception(
+                        f"{write_topic_error} occured while closing write topics."
+                    )
 
     def write(self, topic, key, msg):
         """
@@ -122,7 +145,10 @@ class MsgLocal(MsgBase):
                             continue
                         msg_dict = yaml.safe_load(self.buffer[single_topic])
                         self.buffer[single_topic] = ""
-                        assert len(msg_dict) == 1
+                        if len(msg_dict) != 1:
+                            raise ValueError(
+                                "Length of message dictionary is not equal to 1"
+                            )
                         for k, v in msg_dict.items():
                             return single_topic, k, v
                 if not blocks:
diff --git a/releasenotes/notes/Fixing_security_vulnerabilities-5e91fae03833135a.yaml b/releasenotes/notes/Fixing_security_vulnerabilities-5e91fae03833135a.yaml
new file mode 100644 (file)
index 0000000..abf37f8
--- /dev/null
@@ -0,0 +1,20 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+---
+security:
+  - |
+    Correcting try-except-pass usage, removing assert improper usage.