anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: resolve all bandit SAST findings in templates/

Browse Source 
- Add # nosec B104 to all intentional 0.0.0.0 binds in honeypot servers
  (hardcoded_bind_all_interfaces is by design — deckies must accept attacker connections)
- Add # nosec B101 to assert statements used for protocol validation in ldap/snmp
- Add # nosec B105 to fake SASL placeholder in ldap
- Add # nosec B108 to /tmp usage in smb template
- Exclude root-owned auto-generated decnet_logging.py copies from bandit scan
  via pyproject.toml [tool.bandit] config (synced by _sync_logging_helper at deploy)
This commit is contained in:
anti
2026-04-10 00:24:40 -04:00
parent 25ba3fb56a
commit 24f02c3466
26 changed files with 1271 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
templates/smb/server.py
View File

@@ -25,12 +25,12 @@ def _log(event_type: str, severity: int = 6, **kwargs) -> None:
if __name__ == "__main__":
_log("startup", msg=f"SMB server starting as {NODE_NAME}")
os.makedirs("/tmp/smb_share", exist_ok=True)
os.makedirs("/tmp/smb_share", exist_ok=True) # nosec B108
server = smbserver.SimpleSMBServer(listenAddress="0.0.0.0", listenPort=445)
server = smbserver.SimpleSMBServer(listenAddress="0.0.0.0", listenPort=445) # nosec B104
server.setSMB2Support(True)
server.setSMBChallenge("")
server.addShare("SHARE", "/tmp/smb_share", "Shared Documents")
server.addShare("SHARE", "/tmp/smb_share", "Shared Documents") # nosec B108
try:
server.start()
except KeyboardInterrupt: