Skip to content

Nettacker code base major refactoring #863

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
securestep9 merged 21 commits into from
Aug 24, 2024
Merged

Nettacker code base major refactoring #863

securestep9 merged 21 commits into from
Aug 24, 2024

Conversation

@arkid15r
Copy link
Collaborator

@arkid15r arkid15r commented Aug 8, 2024

This is a refactor of existing Nettacker code I've been working on this spring/summer.

The (incomplete) list of changes:

  • add pre-commit checks
  • apply OOP approach to the application architecture
  • consolidate common modules logic into a base class
  • extract YAML parsing logic into a separate module
  • fix some typos
  • get rid of (not all) misused try/except blocks
  • migrate to poetry, remove requirements.* files
  • re-design configuration module
  • re-design logging module
  • split application logic into classes
  • use pathlib for path related manipulations
  • use context-based naming for variables, modules, directories, etc
  • use module level imports (vs function level)
  • use the base class for specific protocol libraries

arkid15r added 2 commits August 8, 2024 11:04
@arkid15r
Nettacker code base major refactoring
14f6c06 
This is a refactor of existing Nettacker code I've been working on recently. The (incomplete) list of changes:

          - add pre-commit checks
          - apply OOP approach to the application architecture
          - consolidate common modules logic into a base class
          - extract YAML parsing logic into a separate module
          - fix some typos
          - get rid of (not all) misused try/except blocks
          - migrate to poetry, remove requirements.* files
          - re-design configuration module
          - re-design logging module
          - split application logic into classes
          - use `pathlib` for path related manipulations
          - use context-based naming for variables, modules, directories, etc
          - use module level imports (vs function level)
          - use the base class for specific protocol libraries
@arkid15r
Update dependencies
d006d3b
@arkid15r arkid15r requested a review from securestep9 August 8, 2024 18:33
@arkid15r arkid15r mentioned this pull request Aug 8, 2024
Closed
8 tasks
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 8, 2024
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 11, 2024
View reviewed changes
nettacker/core/lib/socket.py
return None

try:
socket_connection = ssl.wrap_socket(socket_connection)

Check failure

Code scanning / CodeQL

Default version of SSL/TLS may be insecure

Call to deprecated method ssl.wrap_socket does not specify a protocol, which may result in an insecure default being used.
nettacker/core/lib/ssh.py
password = kwargs["password"]

connection = SSHClient()
connection.set_missing_host_key_policy(AutoAddPolicy())

Check failure

Code scanning / CodeQL

Accepting unknown SSH host keys when using Paramiko

Setting missing host key policy to AutoAddPolicy may be unsafe.
nettacker/logger.py

@staticmethod
def log(text):
print(text, end="", flush=True) # noqa: T201

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

This expression logs [sensitive data (password)](1) as clear text.
@Ali-Razmjoo Ali-Razmjoo self-requested a review August 11, 2024 23:20
@securestep9 securestep9 merged commit 477d520 into OWASP:master Aug 24, 2024
@arkid15r arkid15r deleted the code-base-refactoring branch August 24, 2024 23:41
@arkid15r arkid15r mentioned this pull request Sep 1, 2024
Closed
8 tasks
@arkid15r arkid15r mentioned this pull request Sep 13, 2024
Closed
@pUrGe12 pUrGe12 mentioned this pull request Mar 9, 2025
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@securestep9 securestep9 securestep9 approved these changes

@Ali-Razmjoo Ali-Razmjoo Awaiting requested review from Ali-Razmjoo

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@arkid15r @securestep9