57 lines
2.9 KiB
Diff
57 lines
2.9 KiB
Diff
From d39dacc352feb35c89b41225e142dd08e932c0c0 Mon Sep 17 00:00:00 2001
|
|
From: Petr Lautrbach <plautrba@redhat.com>
|
|
Date: Fri, 30 Jul 2021 13:48:18 +0200
|
|
Subject: [PATCH] python/sepolicy: Fix COPY_PASTE_ERROR (CWE-398)
|
|
|
|
Fixes:
|
|
Error: COPY_PASTE_ERROR (CWE-398): [#def3]
|
|
selinux/python/sepolicy/sepolicy/__init__.py:1032: original: ""_key_t"" looks like the original copy.
|
|
selinux/python/sepolicy/sepolicy/__init__.py:1035: copy_paste_error: ""_key_t"" looks like a copy-paste error.
|
|
selinux/python/sepolicy/sepolicy/__init__.py:1035: remediation: Should it say ""_secret_t"" instead?
|
|
# 1033|
|
|
# 1034| if f.endswith("_secret_t"):
|
|
# 1035|-> return txt + "treat the files as %s secret data." % prettyprint(f, "_key_t")
|
|
# 1036|
|
|
# 1037| if f.endswith("_ra_t"):
|
|
|
|
Error: COPY_PASTE_ERROR (CWE-398): [#def4]
|
|
selinux/python/sepolicy/sepolicy/__init__.py:1065: original: ""_tmp_t"" looks like the original copy.
|
|
selinux/python/sepolicy/sepolicy/__init__.py:1067: copy_paste_error: ""_tmp_t"" looks like a copy-paste error.
|
|
selinux/python/sepolicy/sepolicy/__init__.py:1067: remediation: Should it say ""_etc_t"" instead?
|
|
# 1065| return txt + "store %s temporary files in the /tmp directories." % prettyprint(f, "_tmp_t")
|
|
# 1066| if f.endswith("_etc_t"):
|
|
# 1067|-> return txt + "store %s files in the /etc directories." % prettyprint(f, "_tmp_t")
|
|
# 1068| if f.endswith("_home_t"):
|
|
# 1069| return txt + "store %s files in the users home directory." % prettyprint(f, "_home_t")
|
|
|
|
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
---
|
|
python/sepolicy/sepolicy/__init__.py | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
|
index df773a6b314e..6b6160a449df 100644
|
|
--- a/python/sepolicy/sepolicy/__init__.py
|
|
+++ b/python/sepolicy/sepolicy/__init__.py
|
|
@@ -1039,7 +1039,7 @@ def get_description(f, markup=markup):
|
|
return txt + "treat the files as %s key data." % prettyprint(f, "_key_t")
|
|
|
|
if f.endswith("_secret_t"):
|
|
- return txt + "treat the files as %s secret data." % prettyprint(f, "_key_t")
|
|
+ return txt + "treat the files as %s secret data." % prettyprint(f, "_secret_t")
|
|
|
|
if f.endswith("_ra_t"):
|
|
return txt + "treat the files as %s read/append content." % prettyprint(f, "_ra_t")
|
|
@@ -1071,7 +1071,7 @@ def get_description(f, markup=markup):
|
|
if f.endswith("_tmp_t"):
|
|
return txt + "store %s temporary files in the /tmp directories." % prettyprint(f, "_tmp_t")
|
|
if f.endswith("_etc_t"):
|
|
- return txt + "store %s files in the /etc directories." % prettyprint(f, "_tmp_t")
|
|
+ return txt + "store %s files in the /etc directories." % prettyprint(f, "_etc_t")
|
|
if f.endswith("_home_t"):
|
|
return txt + "store %s files in the users home directory." % prettyprint(f, "_home_t")
|
|
if f.endswith("_tmpfs_t"):
|
|
--
|
|
2.32.0
|
|
|