I reviewed python-tabulate 0.8.6-0ubuntu2 as checked into focal. This
shouldn't be
considered a full audit but rather a quick gauge of maintainability.
python-tabulate is both a library and command-line utility that pretty-prints
tabular data. It is written in Python and can create tables in a wide variety
of formats.
- CVE History:
None
- Build-Depends?
- dh-python
- python3-all
- python3-nose
- python3-setuptools
- python3-wcwidth
- pre/post inst/rm scripts?
None
- init scripts?
None
- systemd units?
None
- dbus services?
None
- setuid binaries?
None
- binaries in PATH?
/usr/bin/tabulate
- sudo fragments?
None
- polkit files?
None
- udev rules?
None
- unit tests / autopkgtests?
python-tabulate provides a test suite with 83% code coverage. This test suite
runs during the build.
- cron jobs?
None
- Build logs:
- Lintian
W: python-tabulate source: ancient-standards-version 3.9.8 (released
2016-04-06) (current is 4.5.0)
- Build Errors
/usr/lib/python3.8/subprocess.py:838: RuntimeWarning: line buffering
(buffering=1) isn't supported in binary mode, the default buffer size will be
used
subprocess.py is used by the test suite
- Processes spawned?
The test suite invokes `python tabulate.py` using the subprocess module. The
test suite is run during build and does not get included in the .deb.
- Memory management?
All code is written in python.
- File IO?
- Input and output files are specified by the user.
- It may be possible to provide input that causes tabulate.py or the
tabulate() function to crash. Code that calls tabulate() should use try/except
to avoid crashes.
- Logging?
None
- Environment variable usage?
None
- Use of privileged functions?
None
- Use of cryptography / random number sources etc?
None
- Use of temp files?
None
- Use of networking?
None
- Use of WebKit?
None
- Use of PolicyKit?
None
- Any significant bandit results?
tabulate.py:1457: B101[bandit]: LOW: Use of assert detected. The enclosed
code will be removed when compiling to optimised byte code.
- Any significant Coverity results?
Coverity was not run.
In general, the mission of python-tabulate is straight forward: take input,
create table. It therefore has a very limited attack surface. The pace of
development seems reasonable and, coupled with the test suite that covers 83%
of the code, python-tabulate should be fairly maintainable.
Security team ACK for promoting python-tabulate to main.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1862773
Title:
[MIR] python-tabulate (dependency of cinder)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-tabulate/+bug/1862773/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
