From: aticig Date: Wed, 24 Aug 2022 19:41:56 +0000 (+0300) Subject: Fixing common security vulnerabilities X-Git-Tag: release-v13.0-start^0 X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=refs%2Fchanges%2F86%2F12486%2F1;p=osm%2Fcommon.git Fixing common security vulnerabilities Correcting try-except-pass usage, removing assert improper usage. Change-Id: Ic24c7e8a8f579c6dfd4a9740eff11ab1561af5e1 Signed-off-by: aticig --- diff --git a/osm_common/__init__.py b/osm_common/__init__.py index 8bc5507..c4c32da 100644 --- a/osm_common/__init__.py +++ b/osm_common/__init__.py @@ -14,6 +14,7 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. +import logging version = "7.0.0.post4" date_version = "2019-01-21" @@ -23,5 +24,6 @@ try: from pkg_resources import get_distribution version = get_distribution("osm_common").version -except Exception: - pass + +except Exception as init_error: + logging.exception(f"{init_error} occured while getting the common version") diff --git a/osm_common/dbmemory.py b/osm_common/dbmemory.py index 9f8c571..ad52135 100644 --- a/osm_common/dbmemory.py +++ b/osm_common/dbmemory.py @@ -398,16 +398,18 @@ class DbMemory(DbBase): ) del dict_to_update[key_to_update] updated = True - except Exception: - pass + except Exception as unset_error: + self.logger.error(f"{unset_error} occured while updating DB.") if pull: for dot_k, v in pull.items(): try: dict_to_update, key_to_update, _ = _iterate_keys( dot_k, db_item, populate=False ) - except Exception: + except Exception as pull_error: + self.logger.error(f"{pull_error} occured while updating DB.") continue + if key_to_update not in dict_to_update: continue if not isinstance(dict_to_update[key_to_update], list): @@ -430,8 +432,12 @@ class DbMemory(DbBase): dict_to_update, key_to_update, _ = _iterate_keys( dot_k, db_item, populate=False ) - except Exception: + except Exception as iterate_error: + self.logger.error( + f"{iterate_error} occured while iterating keys in db update." + ) continue + if key_to_update not in dict_to_update: continue if not isinstance(dict_to_update[key_to_update], list): diff --git a/osm_common/msglocal.py b/osm_common/msglocal.py index 2f90307..6d4cb58 100644 --- a/osm_common/msglocal.py +++ b/osm_common/msglocal.py @@ -64,14 +64,37 @@ class MsgLocal(MsgBase): try: f.close() self.files_read[topic] = None - except Exception: # TODO refine - pass + except Exception as read_topic_error: + if isinstance(read_topic_error, (IOError, FileNotFoundError)): + self.logger.exception( + f"{read_topic_error} occured while closing read topic files." + ) + elif isinstance(read_topic_error, KeyError): + self.logger.exception( + f"{read_topic_error} occured while reading from files_read dictionary." + ) + else: + self.logger.exception( + f"{read_topic_error} occured while closing read topics." + ) + for topic, f in self.files_write.items(): try: f.close() self.files_write[topic] = None - except Exception: # TODO refine - pass + except Exception as write_topic_error: + if isinstance(write_topic_error, (IOError, FileNotFoundError)): + self.logger.exception( + f"{write_topic_error} occured while closing write topic files." + ) + elif isinstance(write_topic_error, KeyError): + self.logger.exception( + f"{write_topic_error} occured while reading from files_write dictionary." + ) + else: + self.logger.exception( + f"{write_topic_error} occured while closing write topics." + ) def write(self, topic, key, msg): """ @@ -122,7 +145,10 @@ class MsgLocal(MsgBase): continue msg_dict = yaml.safe_load(self.buffer[single_topic]) self.buffer[single_topic] = "" - assert len(msg_dict) == 1 + if len(msg_dict) != 1: + raise ValueError( + "Length of message dictionary is not equal to 1" + ) for k, v in msg_dict.items(): return single_topic, k, v if not blocks: diff --git a/releasenotes/notes/Fixing_security_vulnerabilities-5e91fae03833135a.yaml b/releasenotes/notes/Fixing_security_vulnerabilities-5e91fae03833135a.yaml new file mode 100644 index 0000000..abf37f8 --- /dev/null +++ b/releasenotes/notes/Fixing_security_vulnerabilities-5e91fae03833135a.yaml @@ -0,0 +1,20 @@ +####################################################################################### +# Copyright ETSI Contributors and Others. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. +####################################################################################### +--- +security: + - | + Correcting try-except-pass usage, removing assert improper usage.