Merge pull request #5 from 2lambda123/pixeebot/ablesov/fix_field_name

Hardening suggestions for KasperskyLab-TinyCheck / ablesov/fix_field_name

analysis/classes/zeekengine.py

@@ -13,6 +13,7 @@ import os
 import re
 import sys
 import whois
+from security import safe_command
 
 
 class ZeekEngine(object):
@@ -396,7 +397,7 @@ class ZeekEngine(object):
                 # This check can be good if the domain has already been cached by
                 # the device so it wont appear in self.dns.
 
-                if any([cert["cn"].endswith(r["domain"]) for r in self.dns]):
+                if any(cert["cn"].endswith(r["domain"]) for r in self.dns):
                     continue
 
                 for domain in self.bl_domains:
@@ -445,10 +446,10 @@ class ZeekEngine(object):
         """
             Start zeek and check the logs.
         """
-        sp.Popen("cd {} && /opt/zeek/bin/zeek -Cr capture.pcap protocols/ssl/validate-certs".format(
-            self.working_dir), shell=True).wait()
-        sp.Popen("cd {} && mv *.log assets/".format(self.working_dir),
-                 shell=True).wait()
+        safe_command.run(sp.Popen, "cd {} && /opt/zeek/bin/zeek -Cr capture.pcap protocols/ssl/validate-certs".format(
+            self.working_dir), shell=False).wait()
+        safe_command.run(sp.Popen, "cd {} && mv *.log assets/".format(self.working_dir),
+                 shell=False).wait()
         self.fill_dns(self.working_dir + "/assets/")
         self.netflow_check(self.working_dir + "/assets/")
         self.ssl_check(self.working_dir + "/assets/")

assets/requirements.txt

@@ -15,3 +15,6 @@ netifaces==0.11.0
 weasyprint==59.0
 python-whois==0.8.0
 six==1.16.0
+security==1.2.1 \
+    --hash=sha256:4ca5f8cfc6b836e2192a84bb5a28b72c17f3cd1abbfe3281f917394c6e6c9238
+    --hash=sha256:0a9dc7b457330e6d0f92bdae3603fecb85394beefad0fd3b5058758a58781ded