Bu repository, Pardus GNU/Linux işletim sistemine ait 58 GitHub reposunun tam güvenlik denetimini içerir. Amaç, açık kaynak bir dağıtımın kod tabanındaki potansiyel güvenlik açıklarını tespit etmek ve sorumlu ifşa (responsible disclosure) yoluyla bildirmektir.
# Python 3.8+ (sistemde zaten var)
# pyotp — TOTP hesaplama için (OPSİYONEL, yoksa manuel hesaplar)
# Pardus/Debian: sudo apt install python3-pyotp
# pip ile (sistem paketlerini bozmaz): pip install --user pyotp
# Sanal ortam: python3 -m venv venv && source venv/bin/activate && pip install pyotp
git clone https://github.com/385ahmet/pardus-security-vulnerability.git
cd pardus-security-vulnerabilitypython3 scanner.py --path /hedef/dizin # Belirtilen dizini tara
python3 scanner.py # Varsayılan: repos/ dizinini tarapython3 test_all.py # 11 güvenlik açığı PoC'si
python3 test_priv_esc.py # 8 yetki yükseltme PoC'siBu araçlar etik hacking amaçlıdır. Sadece kendi sisteminizde veya izin aldığınız sistemlerde kullanın. Bulgular sorumlu ifşa ile Pardus geliştiricilerine bildirilmiştir.
Pardus GitHub organizasyonundaki (https://github.com/Pardus-Linux-Developers) tüm repo'lar tarandı:
| Kategori | Adet |
|---|---|
| Uygulama (Python/GTK) | ~30 |
| Tema & İkon paketleri | ~12 |
| Sistem araçları (C/C++) | ~6 |
| Web sitesi & dökümantasyon | ~4 |
| Kernel modülleri | ~2 |
| Diğer | ~4 |
| Toplam | 58 |
Her repo için geliştirilen scanner.py aracıyla 23 farklı güvenlik kategorisinde statik analiz yapıldı:
- Command Injection:
os.system(),subprocess(shell=True),os.popen()ile değişken interpolasyonu - Privilege Escalation: Polkit policy'leri (
auth_admin_keep,allow_active=yes), pkexec kullanımı - Deserialization:
pickle.load()(RCE riski) - Path Traversal:
open()ile concat edilmiş yollar - Buffer Overflow:
strcpy(),strcat()C fonksiyonları - TOCTOU: Time-of-check time-of-use yarış koşulları
- Hardcoded Credentials: Açık metin şifre/kimlik bilgileri
- XSS/Markup Injection: GTK
set_markup()ile kullanıcı girdisi - Weak RNG:
rand(),randommodülü - Namespace Pollution: Wildcard import (
from x import *)
Analiz edilen dosya türleri: .py, .sh, .c, .cpp, .js, .policy, .conf, .desktop, .xml, .ui, .glade, .json, .yml, .yaml, .toml, .ini, .cfg, .rules, .service, .socket, .timer, .pc, .prl, .pro, .qml, .java, .vala, .rb, .php
Tüm bulgular elle doğrulanmış, yanlış pozitifler (false positive) elenmiştir.
| Severity | Count | Açıklama |
|---|---|---|
| Critical | 1 | Uzaktan kod çalıştırma (pickle deserialization) |
| High | 85 | Yetki yükseltme, komut enjeksiyonu, buffer overflow |
| Medium | 229 | Markup injection, namespace pollution, weak RNG |
| Total | 315 |
| Repo | Findings | Açıklama |
|---|---|---|
| pardus-software | 93 | Paket yöneticisi — çoğunlukla set_markup |
| pardus-installer | 36 | Sistem kurucusu — os.system injection |
| pardus-update | 30 | Güncelleme yöneticisi — set_markup |
| pardus-mycomputer | 19 | Dosya yöneticisi — path traversal |
| pardus-package-installer | 19 | Paket kurucusu — set_markup |
| pardus-power-manager-advanced | 18 | Güç yönetimi — wildcard imports |
| pardus-lightdm-greeter | 14 | Giriş ekranı — hardcoded credential |
| pardus-daily-wallpaper | 12 | Duvar kağıdı — JS template injection |
| pardus-pen-old | 9 | Ekran görüntüsü — buffer overflow |
| pardus-nvidia-installer | 6 | Nvidia kurucusu — auth_admin_keep |
| Type | Count | Risk |
|---|---|---|
| GTK set_markup with user input risk | 191 | Medium (XSS benzeri) |
| wildcard import - namespace pollution | 33 | Medium |
| os.system with variable interpolation | 14 | High |
| auth_admin_keep policy | 13 | High |
| Possible hardcoded credential | 11 | High |
| open with concat - path traversal risk | 8 | High |
| subprocess.run with shell=True | 8 | High |
| template literal with variables (JS) | 7 | Medium |
| pkexec usage - check argument validation | 6 | Medium |
| strcat - buffer overflow | 6 | High |
| subprocess.Popen with shell=True | 5 | High |
| subprocess.run with shell concat | 3 | High |
| strcpy - buffer overflow | 3 | High |
| random module (not cryptographically secure) | 3 | Medium |
| pickle.load() deserialization | 1 | Critical |
| os.popen with variable interpolation | 1 | High |
| TOCTOU: exists then open | 1 | High |
| Weak random number generation (C) | 1 | Medium |
- Repo:
eta-otp-lock - Dosya:
src/MainWindow.py:98 - Etki:
pickle.load()ile saldırgan kontrolündeki dosyadan okuma → uzaktan kod çalıştırma - PoC:
test_all.py
Aşağıdaki polkit politikaları <allow_active>yes</allow_active> içerir — hiçbir şifre gerektirmez:
| Paket | Action | Çalıştırılan |
|---|---|---|
| pardus-software | AutoAptUpdate | apt update root yetkisiyle |
| pardus-update | apt-update | apt update root yetkisiyle |
| pardus-update | settings-write | Root dosya yazma |
| pardus-about | system-info | ACPI/system komutları |
| pardus-power-manager-old | ppm | Tam root GUI |
Detaylı liste için Privilege Escalation bölümüne bakın.
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/utils.py | 28 | GTK set_markup with user input risk | set_markup( |
position.center) self.set_title(title) self.set_markup(text) def show(self): |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 228 | GTK set_markup with user input risk | set_markup( |
user_real_name = username self.ui_username_label.set_markup("{}".format(user_real_na |
| 2 | src/Utils.py | 131 | GTK set_markup with user input risk | set_markup( |
position.center) self.set_title(title) self.set_markup(text) def show(self): |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 98 | pickle.load() deserialization | pickle.load( |
with open(filename, "rb") as f: data = pickle.load(f) if dat |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | pam/pam_otp.py | 32 | Possible hardcoded credential | Password: ")) pamh.authtok = conv.resp except: r |
= pamh.conversation(pamh.message(pamh.pam_prompt_echo_off, "password: ")) pamh.authtok = |
| 2 | src/actions.py | 27 | Possible hardcoded credential | secret="JBSWY3DPEHPK3PXP |
return line.split(":")[0] return none def save(user, secret="jbswy3dpehpk3pxp"): config[use |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 7 | random module (not cryptographically secure) | import random |
gi import sys import os import threading import subprocess import random import base64 import pyotp |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 249 | GTK set_markup with user input risk | set_markup( |
self.dialog.response(gtk.responsetype.ok) label.set_markup(formatted_message) label |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | libpardus/bin/process/command.py | 4 | subprocess.Popen with shell=True | subprocess.Popen(command, shell=True |
import subprocess def shell_exec(command): return subprocess.popen(command, shell=true, stdout= |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | libpardus/bin/Ptk/Label.py | 32 | GTK set_markup with user input risk | set_markup( |
de[ellipsize]) if len(markup) > 0: self.set_markup(markup) self.set_xali |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | polkit/tr.org.pardus.pkexec.pardus-about.policy | 18 | auth_admin_keep policy | auth_admin_keep |
ow_inactive>auth_admin</allow_inactive> <allow_active>auth_admin_keep</allow_active> </def |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/Main.py | 769 | TOCTOU: exists then open | os.path.exists('/sys/block/{}/removable'.format(block)) and open |
', 'zram', 'fd')): continue if os.path.exists('/sys/block/{}/removable' |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | [email protected]/infoDialog.js | 114 | template literal with variables (JS) | ``© ${metadata.copyright}` | t copyrightlabel = new st.label({ text: © ${metadata.copyright}, |
| 2 | [email protected]/prefs.js | 93 | template literal with variables (JS) | ``${this._metadata.title || _('Untitled')}` | const titlelabel = new gtk.label({ label: `${this._metadata.title || _('untitled')}</ |
| 3 | [email protected]/prefs.js | 151 | template literal with variables (JS) | ``© ${this._metadata.copyright}` | nst copyrightlabel = new gtk.label({ label: © ${this._metadata.copyright}, |
| 4 | [email protected]/prefs.js | 227 | template literal with variables (JS) | ``[Prefs] Error loading metadata for ${sourceId}` | e(contents)); } catch (e) { logerror(e, `[prefs] error loading metadata for ${so |
| 5 | [email protected]/prefs.js | 281 | template literal with variables (JS) | ``${_('Overall Progress')}` | rogress const overalllabel = new gtk.label({ label: <b>${_('overall progress')}</b>, use_m |
| 6 | [email protected]/prefs.js | 596 | template literal with variables (JS) | ``Failed to parse or compare dates: ${nameA}` | tea); } catch (e) { logerror(e, `failed to parse or compare dates: ${nam |
| 7 | [email protected]/settings.js | 150 | template literal with variables (JS) | ``changed::${key}` | ll; } return this._settings.connect(changed::${key}, callback); } |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | [email protected]/extension.js | 19 | wildcard import - namespace pollution | from 'resource:///org/gnome/shell/extensions/extension.js'; import * |
r: gpl-3.0-or-later */ import { extension, gettext as _ } from 'resource:///org/gnome/shell/extens |
| 2 | [email protected]/indicator.js | 13 | wildcard import - namespace pollution | from 'gi://Graphene'; import * |
bject'; import clutter from 'gi://clutter'; import graphene from 'gi://graphene'; import * as popupm |
| 3 | [email protected]/indicator.js | 14 | wildcard import - namespace pollution | from 'resource:///org/gnome/shell/ui/popupMenu.js'; import * |
import graphene from 'gi://graphene'; import * as popupmenu from 'resource:///org/gnome/shell/ui/pop |
| 4 | [email protected]/infoDialog.js | 12 | wildcard import - namespace pollution | from 'gi://Clutter'; import * |
om 'gi://gio'; import glib from 'gi://glib'; import clutter from 'gi://clutter'; import * as modald |
| 5 | [email protected]/worker.js | 9 | wildcard import - namespace pollution | from 'gi://Gio'; import * |
-3.0-or-later */ import glib from 'gi://glib'; import gio from 'gi://gio'; import * as main from ' |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 577 | pkexec usage - check argument validation | pkexec d |
atus == 32512 or status == 126: # cancelled pkexec dialog self.main_ |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 263 | GTK set_markup with user input risk | set_markup( |
_escape_text(self.last_step_logs.strip()) label.set_markup(safe_logs) scrol |
| 2 | src/MainWindow.py | 307 | GTK set_markup with user input risk | set_markup( |
an>' self.last_step_logs += msg + "\n" lbl.set_markup("{}\n{}".format(lbl.get_label |
| 3 | src/MainWindow.py | 527 | GTK set_markup with user input risk | set_markup( |
e lbl = self.joining_log_label lbl.set_markup(lbl.get_label() + line + "\n" |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 572 | GTK set_markup with user input risk | set_markup( |
le}">{lorem_ipsum_text}' self.charmaps_label.set_markup(formatted_lorem_ipsum) |
| 2 | src/MainWindow.py | 587 | GTK set_markup with user input risk | set_markup( |
size in range(8, 49) ) self.charmaps_label.set_markup(waterfall_text) def on_ |
| 3 | src/MainWindow.py | 715 | GTK set_markup with user input risk | set_markup( |
_visible_child_name("error") self.bottom_info_label.set_markup("{}" |
| 4 | src/MainWindow.py | 803 | GTK set_markup with user input risk | set_markup( |
_visible_child_name("error") self.bottom_info_label.set_markup( "<span color='gr |
| 5 | src/add_font.py | 182 | GTK set_markup with user input risk | set_markup( |
ont_names_str, "" ) self.bottom_info_label.set_markup( "<span color='gr |
| 6 | src/add_font.py | 190 | GTK set_markup with user input risk | set_markup( |
t_names_str, error ) self.bottom_info_label.set_markup( "<span color='re |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | data/tr.org.pardus.pkexec.pardus-hotspot.policy | 15 | auth_admin_keep policy | auth_admin_keep |
ctive>auth_admin</allow_inactive> <allow_active>auth_admin_keep</allow_active> < |
| 2 | data/tr.org.pardus.pkexec.pardus-hotspot.policy | 27 | auth_admin_keep policy | auth_admin_keep |
ctive>auth_admin</allow_inactive> <allow_active>auth_admin_keep</allow_active> < |
| 3 | src/MainWindow.py | 886 | pkexec usage - check argument validation | pkexec t |
etdev_button_clicked(self, button): """ run pkexec to add the current user to the ne |
| 4 | src/hotspot.py | 417 | pkexec usage - check argument validation | pkexec d |
# use forwarding_configured flag to prevent repeated pkexec dialogs # after sleep/wake, scre |
| 5 | src/hotspot.py | 426 | pkexec usage - check argument validation | pkexec r |
logger.warning("user cancelled or forwarding config failed (pkexec rc=%d)", res.returncode) |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/main_window.py | 197 | GTK set_markup with user input risk | set_markup( |
el="●") if device.is_trusted: dot_label.set_markup('●</ |
| 2 | src/main_window.py | 199 | GTK set_markup with user input risk | set_markup( |
ound="green">●') else: dot_label.set_markup('●</sp |
| 3 | src/main_window.py | 211 | GTK set_markup with user input risk | set_markup( |
.model or f'{("device")}{device.udid}' name_label.set_markup(f'<span weight="bold" size="l |
| 4 | src/main_window.py | 225 | GTK set_markup with user input risk | set_markup( |
len(device.udid) > 8 else device.udid status_label.set_markup(f'{trust_ |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 370 | GTK set_markup with user input risk | set_markup( |
# ask if it is ok? self.lbl_prewrite_filename.set_markup( "- {}".format(s |
| 2 | src/MainWindow.py | 373 | GTK set_markup with user input risk | set_markup( |
th.split("/")[-1]) ) self.lbl_prewrite_disk.set_markup( "- {} [ {} ]< |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | data/live-installer.sh | 3 | pkexec usage - check argument validation | pkexec / |
#!/usr/bin/env bash if ! [ |
| 2 | live-installer/frontend/gtk_interface.py | 509 | os.system with variable interpolation | os.system('umount -f ' + |
key=lambda disk: disk != preferred)) os.system('umount -f ' + disks) def update_part |
| 3 | live-installer/frontend/gtk_interface.py | 589 | Possible hardcoded credential | password:")) self.builder.get_object( |
_object("label_password").set_text( _("choose a password:")) self.builder.get_ob |
| 4 | live-installer/frontend/gtk_interface.py | 591 | Possible hardcoded credential | password:")) self.builder.get_object( |
ject("label_confirm").set_text( _("confirm your password:")) self.builder.get_o |
| 5 | live-installer/frontend/gtk_interface.py | 1104 | os.system with variable interpolation | os.system("mount -t btrfs % |
ut("mktemp -d").decode("utf-8").strip() os.system("mount -t btrfs %s %s" % |
| 6 | live-installer/frontend/gtk_interface.py | 1106 | os.system with variable interpolation | os.system("btrfs subvolume delete % |
(subvolume.parent.path, mount_point)) os.system("btrfs subvolume delete %s/%s" % |
| 7 | live-installer/frontend/gtk_interface.py | 1108 | os.system with variable interpolation | os.system("umount --force % |
(mount_point, subvolume.name)) os.system("umount --force %s" % mount_point) |
| 8 | live-installer/frontend/gtk_interface.py | 1192 | os.system with variable interpolation | os.system('setxkbmap -model ' + |
self.setup.keyboard_model) = model[active] os.system('setxkbmap -model ' + self.setup.keyboa |
| 9 | live-installer/frontend/gtk_interface.py | 1590 | Possible hardcoded credential | Password: ") + bold(str(_pass1)),)) else: model.appe |
model.append( top, (_("password: ") + bold(str(_pass1)),)) else: |
| 10 | live-installer/frontend/gtk_interface.py | 1593 | Possible hardcoded credential | Password: ") + bold(len(str(_pass1)) * |
model.append( top, (_("password: ") + bold(len(str(_pass1)) * "*"),)) |
| 11 | live-installer/frontend/partitioning.py | 112 | os.system with variable interpolation | os.system("mount % |
rtition.type != "btrfs": return [] try: os.system("mount %s %s" % (partition.pat |
| 12 | live-installer/frontend/partitioning.py | 115 | os.system with variable interpolation | os.system("umount % |
tmp_mountpoint).decode("utf-8").strip().split("\n") os.system("umount %s" % tmp_mountpoint) |
| 13 | live-installer/frontend/partitioning.py | 425 | os.popen with variable interpolation | os.popen('mkdir -p ' + |
[] installer.setup.partition_setup = self os.popen('mkdir -p ' + tmp_mountpoint) |
| 14 | live-installer/frontend/partitioning.py | 425 | open with concat - path traversal risk | open('mkdir -p ' + |
installer.setup.partition_setup = self os.popen('mkdir -p ' + tmp_mountpoint) self. |
| 15 | live-installer/frontend/partitioning.py | 536 | os.system with variable interpolation | os.system("parted -s % |
pen(device.path, "w").write("\x00" * 512) return_code = os.system("parted -s %s mklabel %s" % |
| 16 | live-installer/frontend/partitioning.py | 765 | os.system with variable interpolation | os.system('umount ' + |
(self.path, detail)) while 0 == os.system('umount ' + tmp_mountpoint): true # du |
| 17 | live-installer/installer.py | 944 | subprocess.Popen with shell=True | subprocess.Popen(command, shell=True |
for command in config.get(hook, []): cmd = subprocess.popen(command, shell=true, stdout= |
| 18 | live-installer/installer.py | 981 | os.system with variable interpolation | os.system("umount -lf % |
, mountpoint): ''' unmount a filesystem ''' os.system("umount -lf %s" % mountpoint) |
| 19 | live-installer/utils.py | 82 | os.system with variable interpolation | os.system("which "+ |
): return os.getuid() == 0 def is_cmd(cmd): return os.system("which "+cmd) == 0 def run(cm |
| 20 | live-installer/utils.py | 116 | subprocess.Popen with shell=True | subprocess.Popen(command, shell=True |
(os.path.join(*args)) def shell_exec(command): return subprocess.popen(command, shell=true, st |
| 21 | live-installer/utils.py | 125 | os.system with variable interpolation | os.system("chroot /target/ /bin/bash -c \"% |
command = str(command).replace('"', "'").strip() return os.system("chroot /target/ /bin/bash -c |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | live-installer/frontend/init.py | 7 | wildcard import - namespace pollution | from utils import * |
ort gettext import config import time import math import re from utils import * import gi gi.require |
| 2 | live-installer/frontend/dialogs.py | 2 | wildcard import - namespace pollution | from frontend import * |
from frontend import * class dialog(gtk.messagedialog): def init(self, s |
| 3 | live-installer/frontend/gtk_interface.py | 10 | wildcard import - namespace pollution | from utils import * |
import threading import time import parted import validate from utils import * from frontend import |
| 4 | live-installer/frontend/gtk_interface.py | 11 | wildcard import - namespace pollution | from frontend import * |
port time import parted import validate from utils import * from frontend import * from frontend.dia |
| 5 | live-installer/frontend/gtk_interface.py | 1419 | GTK set_markup with user input risk | set_markup( |
x].help_text) self.builder.get_object("help_label").set_markup( "%s< |
| 6 | live-installer/frontend/partitioning.py | 4 | wildcard import - namespace pollution | from frontend import * |
# coding: utf-8 # import parted from frontend import * gettext.install("live-installer", "/usr/shar |
| 7 | live-installer/frontend/partitioning.py | 796 | GTK set_markup with user input risk | set_markup( |
ition")) self.builder.get_object("label_partition").set_markup( "%s" % _( |
| 8 | live-installer/frontend/partitioning.py | 799 | GTK set_markup with user input risk | set_markup( |
label(path) self.builder.get_object("label_use_as").set_markup(_("format as:")) self |
| 9 | live-installer/frontend/partitioning.py | 801 | GTK set_markup with user input risk | set_markup( |
self.builder.get_object( "label_mount_point").set_markup(_("mount point:")) self |
| 10 | live-installer/frontend/partitioning.py | 885 | GTK set_markup with user input risk | set_markup( |
le) self.builder.get_object("label_subvolume_name").set_markup( "%s" % _( |
| 11 | live-installer/frontend/partitioning.py | 888 | GTK set_markup with user input risk | set_markup( |
builder.get_object( "label_subvol_mount_point").set_markup(_("mount point:")) se |
| 12 | live-installer/frontend/timezones.py | 3 | wildcard import - namespace pollution | from frontend import * |
# coding: utf-8 from frontend import * from subprocess import getoutput from collections import de |
| 13 | live-installer/frontend/welcome.py | 2 | wildcard import - namespace pollution | from frontend import * |
from frontend.gtk_interface import installerwindow from frontend import * gettext.install("live-ins |
| 14 | live-installer/main.py | 4 | wildcard import - namespace pollution | from utils import * |
#!/usr/bin/python3 import sys import traceback from utils import * from frontend import * from front |
| 15 | live-installer/main.py | 5 | wildcard import - namespace pollution | from frontend import * |
bin/python3 import sys import traceback from utils import * from frontend import * from frontend.dia |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | polkit/tr.org.pardus.pkexec.pardus-java-installer.policy | 18 | auth_admin_keep policy | auth_admin_keep |
ow_inactive>auth_admin</allow_inactive> <allow_active>auth_admin_keep</allow_active> </def |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/DatetimeManager.py | 55 | subprocess.run with shell=True | subprocess.run("xfce4-panel -q", shell=True |
(lines) def save_file(): global config_file_data subprocess.run("xfce4-panel -q", shell=t |
| 2 | src/DatetimeManager.py | 62 | subprocess.run with shell=True | subprocess.run("xfce4-panel &", shell=True |
th, "w") as file: file.write(config_file_data) subprocess.run("xfce4-panel &", shell=tr |
| 3 | src/LocaleManager.py | 79 | subprocess.run with shell=True | subprocess.run(f"localectl set-locale LANG={lc}", shell=True |
like this: "tr_tr.utf-8" lc = locale.split(" ")[0] subprocess.run(f"localectl set-locale lan |
| 4 | src/LocaleManager.py | 81 | subprocess.run with shell=True | subprocess.run(f"localectl set-locale LC_CTYPE=en_US.UTF-8", shell=True |
cale lang={lc}", shell=true) # force lc_ctype to en subprocess.run(f"localectl set-locale lc |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | pardus-lightdm-greeter.sh | 10 | open with concat - path traversal risk | open(os.environ["HOME"]+ |
, "3.0") from gi.repository import gtk w = gtk.window() txt=open(os.environ["home"]+"/pardus-lightdm |
| 2 | src/module/gtkwindow.py | 121 | os.system with variable interpolation | os.system(get("screen-keyboard", "onboard", "keyboard")+ |
nt, data): if get("touch-mode", false): os.system(get("screen-keyboard", "onboar |
| 3 | src/module/gtkwindow.py | 496 | subprocess.Popen with shell=True | subprocess.Popen(wm, stdout=subprocess.PIPE, shell=True |
manager") if len(wm) > 0: self.wm_pid = subprocess.popen(wm, stdout=subprocess.p |
| 4 | src/module/keyboard.py | 85 | os.system with variable interpolation | os.system(get("screen-keyboard", "onboard", "keyboard")+ |
numlock_capslock) def _screen_keyboard_event(widget): os.system(get("screen-keyboard", "onboar |
| 5 | src/module/lightdm.py | 27 | Possible hardcoded credential | password:", |
# messages self.__reset_messages = ["current password:", "n |
| 6 | src/module/lightdm.py | 28 | Possible hardcoded credential | password:"] self.__prompt_messages = [ |
"new password:", "retype new password:"] self.__prompt_messages = ["password:"] # li |
| 7 | src/module/lightdm.py | 29 | Possible hardcoded credential | Password:"] # lists self.__ulist = None self.__slist = N |
"retype new password:"] self.__prompt_messages = ["password:"] # lists self. |
| 8 | src/module/lightdm.py | 142 | Possible hardcoded credential | password:": response = self.__password elif text.str |
from prompt message if text.strip() == "current password:": response = s |
| 9 | src/module/lightdm.py | 144 | Possible hardcoded credential | Password:": response = self.__password else: |
esponse = self.__password elif text.strip() == "password:": response = s |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/main.py | 6 | wildcard import - namespace pollution | from util import * |
/python3 import os import sys import time import subprocess from util import * import traceback im |
| 2 | src/wifi/widget.py | 161 | GTK set_markup with user input risk | set_markup( |
twork-wireless-signal-weak-symbolic", 0) self.ssid.set_markup( _("ssid: |
| 3 | src/wifi/widget.py | 163 | GTK set_markup with user input risk | set_markup( |
format(self.wifi_item.wifi_obj.ssid)) self.security.set_markup( _("security:< |
| 4 | src/wifi/widget.py | 165 | GTK set_markup with user input risk | set_markup( |
rmat(self.wifi_item.wifi_obj.security)) self.signal.set_markup( _("signal:</b |
| 5 | src/wifi/widget.py | 262 | GTK set_markup with user input risk | set_markup( |
olic", 0) self.ssid = gtk.label() self.ssid.set_markup("{}".format(self.wifi_ |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 106 | subprocess.run with shell concat | subprocess.run(["pkexec", APPDIR+ |
htdm"].get_value( "autologin-user") subprocess.run(["pkexec", appdir+"/savec |
| 2 | src/data/tr.org.pardus.lightdm-greeter-settings.policy | 14 | auth_admin_keep policy | auth_admin_keep |
_inactive>auth_admin</allow_inactive> <allow_active>auth_admin_keep</allow_active> </d |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 2 | wildcard import - namespace pollution | from widget import * |
import subprocess from widget import * import os import gi gi.require_version("gtk", "3.0") from |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/DiskManager.py | 120 | subprocess.Popen with shell=True | subprocess.Popen(self.cmd, shell=True |
print('thread started') # self.process = subprocess.popen(self.cmd, shell=true) # |
| 2 | src/UserSettings.py | 201 | open with concat - path traversal risk | open(self.user_recent_servers_file, "r+ |
mat(uri, name).strip() def add(): with open(self.user_recent_servers_file, "r+" |
| 3 | src/UserSettings.py | 237 | open with concat - path traversal risk | open(self.user_saved_servers_file, "r+ |
mat(uri, name).strip() def add(): with open(self.user_saved_servers_file, "r+") |
| 4 | src/UserSettings.py | 310 | open with concat - path traversal risk | open(self.user_saved_places_file, "r+ |
con": "' + icon + '"}' def add(): with open(self.user_saved_places_file, "r+") |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 419 | GTK set_markup with user input risk | set_markup( |
label = gtk.label.new() label.set_markup("{}".format(licon)) |
| 2 | src/MainWindow.py | 516 | GTK set_markup with user input risk | set_markup( |
ocs = [] # label = gtk.label.new() # label.set_markup("{}".format(_("places" |
| 3 | src/MainWindow.py | 554 | GTK set_markup with user input risk | set_markup( |
tton) label = gtk.label.new() label.set_markup("{}".format(loc["name"])) |
| 4 | src/MainWindow.py | 611 | GTK set_markup with user input risk | set_markup( |
tton) label = gtk.label.new() label.set_markup("{}".format(dir["name"])) |
| 5 | src/MainWindow.py | 638 | GTK set_markup with user input risk | set_markup( |
tton) label = gtk.label.new() label.set_markup("{}".format(saved["name"])) |
| 6 | src/MainWindow.py | 679 | GTK set_markup with user input risk | set_markup( |
tton) label = gtk.label.new() label.set_markup("{}".format(_("add new"))) |
| 7 | src/MainWindow.py | 954 | GTK set_markup with user input risk | set_markup( |
display_name = "" self.dlg_lbl_name.set_markup("{}".format(glib.markup_es |
| 8 | src/MainWindow.py | 998 | GTK set_markup with user input risk | set_markup( |
ow values on ui row_volume._lbl_volume_name.set_markup( f'{gl |
| 9 | src/MainWindow.py | 1001 | GTK set_markup with user input risk | set_markup( |
)') row_volume._lbl_volume_size_info.set_markup( "<span s |
| 10 | src/MainWindow.py | 1087 | GTK set_markup with user input risk | set_markup( |
lbl_volume_name = gtk.label.new() lbl_volume_name.set_markup("{} ( {} )</small |
| 11 | src/MainWindow.py | 1097 | GTK set_markup with user input risk | set_markup( |
me_size_info = gtk.label.new() lbl_volume_size_info.set_markup( f"<span size="s |
| 12 | src/MainWindow.py | 1296 | GTK set_markup with user input risk | set_markup( |
e.set_label(_("calculating...")) self.lbl_home_path.set_markup("( {} )".forma |
| 13 | src/MainWindow.py | 2079 | GTK set_markup with user input risk | set_markup( |
, uri, name): label = gtk.label.new() label.set_markup("{}\n{} |
| 14 | src/MainWindow.py | 2151 | GTK set_markup with user input risk | set_markup( |
else: self.dialog_mount_error.set_markup("{}".format(_("er |
| 15 | src/MainWindow.py | 2191 | GTK set_markup with user input risk | set_markup( |
passwd_option = 1 self.lbl_mount_message.set_markup("{}".format(_(message))) |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | tr.org.pardus.pkexec.pardus-nvidia-installer.policy | 18 | auth_admin_keep policy | auth_admin_keep |
ow_inactive>auth_admin</allow_inactive> <allow_active>auth_admin_keep</allow_active> </def |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 251 | GTK set_markup with user input risk | set_markup( |
arkup = self.lbl_markup(("driver"), drv_name) name.set_markup(markup) ver = b.get |
| 2 | src/MainWindow.py | 255 | GTK set_markup with user input risk | set_markup( |
markup = self.lbl_markup(_("version"), drv_ver) ver.set_markup(markup) markup = sel |
| 3 | src/MainWindow.py | 263 | GTK set_markup with user input risk | set_markup( |
) lbl = b.get_object("ui_driver_label") lbl.set_markup(markup) repo = b.get |
| 4 | src/MainWindow.py | 267 | GTK set_markup with user input risk | set_markup( |
markup = self.lbl_markup("repo", drv_repo) repo.set_markup(markup) grp = none |
| 5 | src/MainWindow.py | 280 | GTK set_markup with user input risk | set_markup( |
name_label = gtk.label(xalign=0) name_label.set_markup(f"{device_name}") box |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | tr.org.pardus.pkexec.pardus-package-installer.policy | 18 | auth_admin_keep policy | auth_admin_keep |
ow_inactive>auth_admin</allow_inactive> <allow_active>auth_admin_keep</allow_active> </def |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 174 | GTK set_markup with user input risk | set_markup( |
self.errorlabel.set_visible(false) self.pacname.set_markup( "<span size='x-larg |
| 2 | src/MainWindow.py | 180 | GTK set_markup with user input risk | set_markup( |
ename, -1) ) ) self.pacversion.set_markup( "{}</smal |
| 3 | src/MainWindow.py | 186 | GTK set_markup with user input risk | set_markup( |
ersion, -1) ) ) self.shortdesc.set_markup( "{}</smal |
| 4 | src/MainWindow.py | 197 | GTK set_markup with user input risk | set_markup( |
.packagemaintainermail, -1) self.maintainermail.set_markup( f"<a title=' |
| 5 | src/MainWindow.py | 205 | GTK set_markup with user input risk | set_markup( |
pe_text(self.packagehomepage, -1) self.homepage.set_markup( f"<a title=' |
| 6 | src/MainWindow.py | 225 | GTK set_markup with user input risk | set_markup( |
)) pd = "\n\n".join(formatted) self.depends.set_markup("{}".format(gl |
| 7 | src/MainWindow.py | 228 | GTK set_markup with user input risk | set_markup( |
if self.packagemissingdeps: self.missingdeps.set_markup("{}".format( |
| 8 | src/MainWindow.py | 231 | GTK set_markup with user input risk | set_markup( |
agemissingdeps, -1))) self.installed_version_title.set_markup( "<span we |
| 9 | src/MainWindow.py | 237 | GTK set_markup with user input risk | set_markup( |
= pkg.installed.version self.installed_version.set_markup(f" |
| 10 | src/MainWindow.py | 239 | GTK set_markup with user input risk | set_markup( |
") else: self.installed_version.set_markup( "<spa |
| 11 | src/MainWindow.py | 252 | GTK set_markup with user input risk | set_markup( |
lf.errorlabel.set_visible(true) self.errorlabel.set_markup( "<span co |
| 12 | src/MainWindow.py | 558 | GTK set_markup with user input risk | set_markup( |
e_child_name("doneinfo") self.doneinfolabel.set_markup("{}\n</s |
| 13 | src/MainWindow.py | 793 | GTK set_markup with user input risk | set_markup( |
e_child_name("doneinfo") self.doneinfolabel.set_markup("{}".format(_("not com |
| 14 | src/MainWindow.py | 801 | GTK set_markup with user input risk | set_markup( |
terrupt error !") self.doneinfolabel.set_markup(errormessage) sel |
| 15 | src/MainWindow.py | 816 | GTK set_markup with user input risk | set_markup( |
= pkg.installed.version self.installed_version.set_markup(f" |
| 16 | src/MainWindow.py | 818 | GTK set_markup with user input risk | set_markup( |
") else: self.installed_version.set_markup( "<spa |
| 17 | src/MainWindow.py | 830 | GTK set_markup with user input risk | set_markup( |
terrupt error !") self.doneinfolabel.set_markup(errormessage) if |
| 18 | src/MainWindow.py | 839 | GTK set_markup with user input risk | set_markup( |
tude' or 'synaptic' first.") self.doneinfolabel.set_markup(errormessage) if |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | polkit/tr.org.pardus.pkexec.parental-control.policy | 18 | auth_admin_keep policy | auth_admin_keep |
ow_inactive>auth_admin</allow_inactive> <allow_active>auth_admin_keep</allow_active> </def |
| 2 | polkit/tr.org.pardus.pkexec.parental-control.policy | 34 | auth_admin_keep policy | auth_admin_keep |
ow_inactive>auth_admin</allow_inactive> <allow_active>auth_admin_keep</allow_active> </def |
| 3 | src/managers/NetworkFilterManager.py | 33 | subprocess.run with shell concat | subprocess.run(["chattr", "+ |
w") as file1: file1.write(resolv_conf_content) subprocess.run(["chattr", "+i", "/etc/re |
| 4 | src/managers/UsageLogger.py | 31 | open with concat - path traversal risk | open(user_session, "r+ |
# add new login log to the beginning of the file with open(user_session, "r+") as f: con |
| 5 | src/managers/UsageLogger.py | 51 | open with concat - path traversal risk | open(user_session, "r+ |
# add new login log to the beginning of the file with open(user_session, "r+") as f: # r |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/SetupWidgets.cpp | 578 | Weak random number generation (C) | rand() |
mber(butsize/3)+"px;" ); srand(time(null)); if(rand() % 2 == 0) { closemenuconf |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | mainwindow.cpp | 407 | strcpy - buffer overflow | strcpy( |
char cmd = (char)malloc(1024*sizeof(char)); strcpy(cmd,"scrot '"); strcat(cmd,imgn |
| 2 | mainwindow.cpp | 408 | strcat - buffer overflow | strcat( |
(1024*sizeof(char)); strcpy(cmd,"scrot '"); strcat(cmd,imgname.tostdstring().c_str() |
| 3 | mainwindow.cpp | 409 | strcat - buffer overflow | strcat( |
strcat(cmd,imgname.tostdstring().c_str()); strcat(cmd,"'"); system(cmd); } q |
| 4 | mainwindow.cpp | 419 | strcpy - buffer overflow | strcpy( |
o")); char msg = (char)malloc(1024*sizeof(char)); strcpy(msg,_("screenshot saved:")); |
| 5 | mainwindow.cpp | 420 | strcat - buffer overflow | strcat( |
*sizeof(char)); strcpy(msg,_("screenshot saved:")); strcat(msg,"\n"); strcat(msg,imgname |
| 6 | mainwindow.cpp | 421 | strcat - buffer overflow | strcat( |
rcpy(msg,_("screenshot saved:")); strcat(msg,"\n"); strcat(msg,imgname.tostdstring().c_str() |
| 7 | mainwindow.cpp | 442 | strcpy - buffer overflow | strcpy( |
char msg = (char)malloc(1024*sizeof(char)); strcpy(msg,_("record saved:")); strcat |
| 8 | mainwindow.cpp | 443 | strcat - buffer overflow | strcat( |
eof(char)); strcpy(msg,_("record saved:")); strcat(msg,"\n"); strcat(msg,thi |
| 9 | mainwindow.cpp | 444 | strcat - buffer overflow | strcat( |
(msg,_("record saved:")); strcat(msg,"\n"); strcat(msg,this->recordname.c_str()); |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 422 | GTK set_markup with user input risk | set_markup( |
"error")) self.ui_permission_info_label.set_markup( " |
| 2 | src/Utils.py | 26 | GTK set_markup with user input risk | set_markup( |
position.center) self.set_title(title) self.set_markup(text) self.get_messag |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/service/backends/cpu.py | 46 | open with concat - path traversal risk | open("/sys/devices/system/cpu/cpu"+ |
cpu/cpu"+str(core)+"/online"): return false f = open("/sys/devices/system/cpu/cpu"+str(c |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/client/MainWindow.py | 19 | wildcard import - namespace pollution | from common import * |
import send_server, charge_stop_available, register_notify from common import * try: import loc |
| 2 | src/client/main.py | 2 | wildcard import - namespace pollution | from util import * |
#!/usr/bin/env python3 from util import * from mainwindow import * import os, sys import gi, json g |
| 3 | src/client/main.py | 3 | wildcard import - namespace pollution | from MainWindow import * |
#!/usr/bin/env python3 from util import * from mainwindow import * import os, sys import gi, json g |
| 4 | src/client/util.py | 12 | wildcard import - namespace pollution | from common import * |
os.path.dirname( os.path.realpath(file) )+"/../common") from common import * @asynchronous def |
| 5 | src/common/common.py | 4 | wildcard import - namespace pollution | from {} import * |
.py") and file != os.path.basename(file): exec("from {} import *".format(file[:-3])) |
| 6 | src/common/logger.py | 3 | wildcard import - namespace pollution | from config import * |
import os import time from config import * import datetime if os.getuid() == 0: logfile = open( |
| 7 | src/common/power.py | 3 | wildcard import - namespace pollution | from file import * |
import os import sys from file import * from cache import cached def get_ac_online(): if not o |
| 8 | src/service/actions.py | 2 | wildcard import - namespace pollution | from util import * |
#!/usr/bin/env python3 from util import * import sys import subprocess import json if len(sys.argv) |
| 9 | src/service/backends/backlight.py | 3 | wildcard import - namespace pollution | from common import * |
import os from util import readfile from common import * class backlight_devices: def init( |
| 10 | src/service/backends/battery.py | 3 | wildcard import - namespace pollution | from util import * |
import gi from gi.repository import glib from util import * import time class battery: def __ |
| 11 | src/service/backends/cpu.py | 2 | wildcard import - namespace pollution | from common import * |
import os from common import * def list_cpu(): ret = [] for i in range(0, get_num_ |
| 12 | src/service/backends/power.py | 5 | wildcard import - namespace pollution | from common import * |
ge_cpu_status from backends.backlight import set_brightness from common import * _cur_mode = none |
| 13 | src/service/main.py | 2 | wildcard import - namespace pollution | from util import * |
#!/usr/bin/env python3 from util import * from service import main from backends.power import set_mo |
| 14 | src/service/main.py | 10 | wildcard import - namespace pollution | from util import * |
mport enable_usb_wakeups import time import os import json from util import * if not get("enabled" |
| 15 | src/service/service.py | 1 | wildcard import - namespace pollution | from util import * |
from util import * import backends.power as power import backends.backlight as |
| 16 | src/service/util.py | 6 | wildcard import - namespace pollution | from common import * |
os.path.dirname( os.path.realpath(file) )+"/../common") from common import * def listen(main): |
| 17 | src/udev-trigger/main.py | 6 | wildcard import - namespace pollution | from common import * |
os.path.dirname( os.path.realpath(file) )+"/../common") from common import * data={} data["pid"] |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | files/ppm.desktop | 8 | pkexec usage - check argument validation | pkexec / |
ardus comment[tr]=pardus için güç yönetim aracı exec=sh -c "pkexec /usr/share/pardus/power-manager/s |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | tr.org.pardus.pkexec.pardus-software.policy | 17 | auth_admin_keep policy | auth_admin_keep |
ow_inactive>auth_admin</allow_inactive> <allow_active>auth_admin_keep</allow_active> </def |
| 2 | tr.org.pardus.pkexec.pardus-software.policy | 31 | auth_admin_keep policy | auth_admin_keep |
ow_inactive>auth_admin</allow_inactive> <allow_active>auth_admin_keep</allow_active> </def |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 1067 | GTK set_markup with user input risk | set_markup( |
_name.props.halign = gtk.align.start label_name.set_markup("{}</b |
| 2 | src/MainWindow.py | 1075 | GTK set_markup with user input risk | set_markup( |
ellipsize(pango.ellipsizemode.end) label_slogan.set_markup("<span size='x-large' color=' |
| 3 | src/MainWindow.py | 1249 | GTK set_markup with user input risk | set_markup( |
tart label = gtk.label.new() label.set_markup("{}".format(_("updates |
| 4 | src/MainWindow.py | 1255 | GTK set_markup with user input risk | set_markup( |
tes_count = gtk.label.new() label_updates_count.set_markup("{}".format(len(self.upgradab |
| 5 | src/MainWindow.py | 1265 | GTK set_markup with user input risk | set_markup( |
label_updates = gtk.label.new() label_updates.set_markup("{}".format(_("s |
| 6 | src/MainWindow.py | 1298 | GTK set_markup with user input risk | set_markup( |
istbox, -1) self.ui_upgradableapps_count_label.set_markup("({})</ |
| 7 | src/MainWindow.py | 1355 | GTK set_markup with user input risk | set_markup( |
tton) label = gtk.label.new() label.set_markup("{}".format(_("discove |
| 8 | src/MainWindow.py | 1374 | GTK set_markup with user input risk | set_markup( |
label = gtk.label.new() label.set_markup("{}".format(cat["name"].title())) |
| 9 | src/MainWindow.py | 1395 | GTK set_markup with user input risk | set_markup( |
ton) label = gtk.label.new() label.set_markup("{}".format(_("install |
| 10 | src/MainWindow.py | 1437 | GTK set_markup with user input risk | set_markup( |
ent(gtk.adjustment()) self.ui_currentcat_label.set_markup("{}</ |
| 11 | src/MainWindow.py | 1710 | GTK set_markup with user input risk | set_markup( |
tion_button, 3) action_button_label.set_markup("{}".format(_( |
| 12 | src/MainWindow.py | 1715 | GTK set_markup with user input risk | set_markup( |
button, 4) action_button_label.set_markup("{}".format(( |
| 13 | src/MainWindow.py | 1719 | GTK set_markup with user input risk | set_markup( |
utton, 1) # action_button_label.set_markup("{}".format(_( |
| 14 | src/MainWindow.py | 1722 | GTK set_markup with user input risk | set_markup( |
button, 4) action_button_label.set_markup("{}".format(( |
| 15 | src/MainWindow.py | 1726 | GTK set_markup with user input risk | set_markup( |
s(action_button, 0) action_button_label.set_markup("{}".format(_( |
| 16 | src/MainWindow.py | 1841 | GTK set_markup with user input risk | set_markup( |
e app) app_name = gtk.label.new() app_name.set_markup("{}".format(prettyname |
| 17 | src/MainWindow.py | 1869 | GTK set_markup with user input risk | set_markup( |
s(action_button, 3) action_button_label.set_markup("{}".format(_( |
| 18 | src/MainWindow.py | 1874 | GTK set_markup with user input risk | set_markup( |
tion_button, 4) action_button_label.set_markup("{}".format(_( |
| 19 | src/MainWindow.py | 1878 | GTK set_markup with user input risk | set_markup( |
tion_button, 4) action_button_label.set_markup("{}".format(_( |
| 20 | src/MainWindow.py | 1882 | GTK set_markup with user input risk | set_markup( |
class(action_button, 0) action_button_label.set_markup("{}".format(_( |
| 21 | src/MainWindow.py | 1890 | GTK set_markup with user input risk | set_markup( |
summary_label = gtk.label.new() summary_label.set_markup(" |
| 22 | src/MainWindow.py | 1908 | GTK set_markup with user input risk | set_markup( |
number_label = gtk.label.new() number_label.set_markup("{}".format(number)) |
| 23 | src/MainWindow.py | 1945 | GTK set_markup with user input risk | set_markup( |
alse): app_name = gtk.label.new() app_name.set_markup("{}".format(glib.marku |
| 24 | src/MainWindow.py | 1979 | GTK set_markup with user input risk | set_markup( |
button_class(action_button, 4) action_button_label.set_markup("{}".format(( |
| 25 | src/MainWindow.py | 1993 | GTK set_markup with user input risk | set_markup( |
summary_label = gtk.label.new() summary_label.set_markup(" |
| 26 | src/MainWindow.py | 2020 | GTK set_markup with user input risk | set_markup( |
size_request(77, -1) if du: du_static.set_markup("{}".format(("disk us |
| 27 | src/MainWindow.py | 2021 | GTK set_markup with user input risk | set_markup( |
up("{}".format(_("disk usage"))) du_size.set_markup("<span weight='light' size='s |
| 28 | src/MainWindow.py | 2023 | GTK set_markup with user input risk | set_markup( |
ze(app["disk_usage"]))) else: du_static.set_markup("") du_size.set_m |
| 29 | src/MainWindow.py | 2024 | GTK set_markup with user input risk | set_markup( |
e: du_static.set_markup("") du_size.set_markup("") box_h = gtk.box. |
| 30 | src/MainWindow.py | 2062 | GTK set_markup with user input risk | set_markup( |
none): app_name = gtk.label.new() app_name.set_markup("{}".format(glib.marku |
| 31 | src/MainWindow.py | 2103 | GTK set_markup with user input risk | set_markup( |
tion_button, 3) action_button_label.set_markup("{}".format(_( |
| 32 | src/MainWindow.py | 2108 | GTK set_markup with user input risk | set_markup( |
button, 4) action_button_label.set_markup("{}".format(( |
| 33 | src/MainWindow.py | 2112 | GTK set_markup with user input risk | set_markup( |
button, 4) action_button_label.set_markup("{}".format(( |
| 34 | src/MainWindow.py | 2116 | GTK set_markup with user input risk | set_markup( |
s(action_button, 0) action_button_label.set_markup("{}".format(_( |
| 35 | src/MainWindow.py | 2135 | GTK set_markup with user input risk | set_markup( |
summary_label = gtk.label.new() summary_label.set_markup(" |
| 36 | src/MainWindow.py | 2151 | GTK set_markup with user input risk | set_markup( |
() du_static.set_line_wrap(false) du_static.set_markup("") du_size = gtk.la |
| 37 | src/MainWindow.py | 2155 | GTK set_markup with user input risk | set_markup( |
.new() du_size.set_line_wrap(false) du_size.set_markup("") box_du = gtk.box |
| 38 | src/MainWindow.py | 2199 | GTK set_markup with user input risk | set_markup( |
none): app_name = gtk.label.new() app_name.set_markup("{}".format(glib.marku |
| 39 | src/MainWindow.py | 2232 | GTK set_markup with user input risk | set_markup( |
button.add(cancel_button_label) cancel_button_label.set_markup("{}".format(_( |
| 40 | src/MainWindow.py | 2236 | GTK set_markup with user input risk | set_markup( |
summary_label = gtk.label.new() summary_label.set_markup(" |
| 41 | src/MainWindow.py | 2252 | GTK set_markup with user input risk | set_markup( |
version_title.set_line_wrap(false) version_title.set_markup("{}".format(_("version")) |
| 42 | src/MainWindow.py | 2258 | GTK set_markup with user input risk | set_markup( |
et_ellipsize(pango.ellipsizemode.end) version_label.set_markup("<span weight='light' size='s |
| 43 | src/MainWindow.py | 2355 | GTK set_markup with user input risk | set_markup( |
app_name = gtk.label.new() app_name.set_markup("{}".format(editor_app_pretty_name |
| 44 | src/MainWindow.py | 2389 | GTK set_markup with user input risk | set_markup( |
tion_button, 3) action_button_label.set_markup("{}".format(_( |
| 45 | src/MainWindow.py | 2394 | GTK set_markup with user input risk | set_markup( |
button, 4) action_button_label.set_markup("{}".format(( |
| 46 | src/MainWindow.py | 2398 | GTK set_markup with user input risk | set_markup( |
button, 4) action_button_label.set_markup("{}".format(( |
| 47 | src/MainWindow.py | 2402 | GTK set_markup with user input risk | set_markup( |
s(action_button, 0) action_button_label.set_markup("{}".format(_( |
| 48 | src/MainWindow.py | 2410 | GTK set_markup with user input risk | set_markup( |
summary_label = gtk.label.new() summary_label.set_markup("<span weight='light' size='sma |
| 49 | src/MainWindow.py | 2766 | GTK set_markup with user input risk | set_markup( |
"website", "") self.ui_ad_maintainer_name_label.set_markup(m_name) self.ui_a |
| 50 | src/MainWindow.py | 2767 | GTK set_markup with user input risk | set_markup( |
markup(m_name) self.ui_ad_maintainer_mail_label.set_markup("<a title='{}' href='mailto:{ |
| 51 | src/MainWindow.py | 2772 | GTK set_markup with user input risk | set_markup( |
(m_mail, -1))) self.ui_ad_maintainer_web_label.set_markup("{}</ |
| 52 | src/MainWindow.py | 2783 | GTK set_markup with user input risk | set_markup( |
label = gtk.label.new() label.set_markup("{}".format(codename.title())) |
| 53 | src/MainWindow.py | 2793 | GTK set_markup with user input risk | set_markup( |
s_box.show_all() self.ui_comment_appname_label.set_markup("{}".format(app_pretty |
| 54 | src/MainWindow.py | 2794 | GTK set_markup with user input risk | set_markup( |
pretty_name)) self.ui_comment_subcategory_label.set_markup("{}".format(app_subcategory_n |
| 55 | src/MainWindow.py | 2822 | GTK set_markup with user input risk | set_markup( |
tion_button, 3) action_button_label.set_markup("{}".format(_( |
| 56 | src/MainWindow.py | 2827 | GTK set_markup with user input risk | set_markup( |
button, 4) action_button_label.set_markup("{}".format(( |
| 57 | src/MainWindow.py | 2831 | GTK set_markup with user input risk | set_markup( |
button, 4) action_button_label.set_markup("{}".format(( |
| 58 | src/MainWindow.py | 2835 | GTK set_markup with user input risk | set_markup( |
d_action_button, 0) action_button_label.set_markup("{}".format(_( |
| 59 | src/MainWindow.py | 2839 | GTK set_markup with user input risk | set_markup( |
ui_ad_action_button, 2) action_button_label.set_markup("{}".format(_( |
| 60 | src/MainWindow.py | 2874 | GTK set_markup with user input risk | set_markup( |
l = _("open source") self.ui_ad_component_label.set_markup(f"{origin} {component}" if or |
| 61 | src/MainWindow.py | 2875 | GTK set_markup with user input risk | set_markup( |
igin_info else _("none")) self.ui_ad_type_label.set_markup(type_label) # repo a |
| 62 | src/MainWindow.py | 2916 | GTK set_markup with user input risk | set_markup( |
}".format(e)) self.ui_ad_maintainer_name_label.set_markup(maintainer_name) |
| 63 | src/MainWindow.py | 2917 | GTK set_markup with user input risk | set_markup( |
intainer_name) self.ui_ad_maintainer_mail_label.set_markup("<a title='{}' href='mailto:{ |
| 64 | src/MainWindow.py | 2922 | GTK set_markup with user input risk | set_markup( |
mail else "-") self.ui_ad_maintainer_web_label.set_markup("{}</ |
| 65 | src/MainWindow.py | 3290 | GTK set_markup with user input risk | set_markup( |
and details is not none: self.ui_myapp_pop_app.set_markup( "<span size=' |
| 66 | src/MainWindow.py | 3292 | GTK set_markup with user input risk | set_markup( |
cape_text(name, -1))) self.ui_myapp_pop_package.set_markup("{}".format(package)) |
| 67 | src/MainWindow.py | 3299 | GTK set_markup with user input risk | set_markup( |
not none: self.ui_myapp_pop_toremove_label.set_markup( "{}".form |
| 68 | src/MainWindow.py | 3308 | GTK set_markup with user input risk | set_markup( |
not none: self.ui_myapp_pop_toinstall_label.set_markup( "{}".for |
| 69 | src/MainWindow.py | 3313 | GTK set_markup with user input risk | set_markup( |
is not none: self.ui_myapp_pop_broken_label.set_markup( "{}".for |
| 70 | src/MainWindow.py | 3318 | GTK set_markup with user input risk | set_markup( |
d_size"] > 0: self.ui_myapp_pop_fsize_label.set_markup( "{}".for |
| 71 | src/MainWindow.py | 3323 | GTK set_markup with user input risk | set_markup( |
d_size"] > 0: self.ui_myapp_pop_dsize_label.set_markup( "{}".for |
| 72 | src/MainWindow.py | 3328 | GTK set_markup with user input risk | set_markup( |
l_size"] > 0: self.ui_myapp_pop_isize_label.set_markup( "{}".for |
| 73 | src/MainWindow.py | 3349 | GTK set_markup with user input risk | set_markup( |
pixel_size(64) self.ui_myapp_pop_notfound_name.set_markup("{} |
| 74 | src/MainWindow.py | 3467 | GTK set_markup with user input risk | set_markup( |
ge"]))) self.ui_ad_bottom_avgrate_label.set_markup( "<sp |
| 75 | src/MainWindow.py | 3494 | GTK set_markup with user input risk | set_markup( |
else: self.ui_suggest_error_label.set_markup("{}".format(_("error"))) |
| 76 | src/MainWindow.py | 3655 | GTK set_markup with user input risk | set_markup( |
label_author = gtk.label.new() label_author.set_markup("{}".format(author)) l |
| 77 | src/MainWindow.py | 3696 | GTK set_markup with user input risk | set_markup( |
label_distro = gtk.label.new() label_distro.set_markup("{}".format(distro)) label_di |
| 78 | src/MainWindow.py | 3700 | GTK set_markup with user input risk | set_markup( |
label_appversion = gtk.label.new() label_appversion.set_markup("{}: {}".format(_("app"), app |
| 79 | src/MainWindow.py | 3998 | GTK set_markup with user input risk | set_markup( |
mer") self.ui_myapp_pop_disclaimer_remove_label.set_markup("{}".format(", ".join(importa |
| 80 | src/MainWindow.py | 4297 | GTK set_markup with user input risk | set_markup( |
dir, cache_size)) self.ui_settings_cache_size_label.set_markup("({})".format(self.pac |
| 81 | src/MainWindow.py | 4421 | GTK set_markup with user input risk | set_markup( |
("cleared")) self.ui_settings_cache_info_label.set_markup(("cache files cleared, pleas |
| 82 | src/MainWindow.py | 4425 | GTK set_markup with user input risk | set_markup( |
l(_("error")) self.ui_settings_cache_info_label.set_markup("{}".format(message)) |
| 83 | src/MainWindow.py | 4690 | GTK set_markup with user input risk | set_markup( |
tinfo_spinner.start() self.pop_interruptinfo_label.set_markup("{}".format(_("the pro |
| 84 | src/MainWindow.py | 4980 | GTK set_markup with user input risk | set_markup( |
sible_child_name("error") self.bottomerrorlabel.set_markup("{}" |
| 85 | src/MainWindow.py | 4987 | GTK set_markup with user input risk | set_markup( |
sible_child_name("error") self.bottomerrorlabel.set_markup("{}" |
| 86 | src/MainWindow.py | 4990 | GTK set_markup with user input risk | set_markup( |
visible(true) self.bottomerrordetails_label.set_markup( "{}</ |
| 87 | src/MainWindow.py | 4995 | GTK set_markup with user input risk | set_markup( |
name("interrupt") self.bottominterruptlabel.set_markup("{}< |
| 88 | src/MainWindow.py | 5078 | GTK set_markup with user input risk | set_markup( |
atus != 0: self.ui_settings_password_info_label.set_markup( "<spa |
| 89 | src/MainWindow.py | 5227 | GTK set_markup with user input risk | set_markup( |
request dismissed self.pop_interruptinfo_label.set_markup("{}".format(_("error.") |
| 90 | src/MainWindow.py | 5229 | GTK set_markup with user input risk | set_markup( |
"))) else: self.pop_interruptinfo_label.set_markup("{}".format(_("process |
| 91 | src/SysActions.py | 10 | random module (not cryptographically secure) | import random |
on fri sep 18 14:53:00 2020 @author: fatih """ import os import random import string import subpro |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | data/tr.org.pardus.pkexec.pardus-update.policy | 18 | auth_admin_keep policy | auth_admin_keep |
ow_inactive>auth_admin</allow_inactive> <allow_active>auth_admin_keep</allow_active> </def |
| 2 | src/SysActions.py | 76 | subprocess.run with shell concat | subprocess.run(["apt", "full-upgrade"] + |
split(" ") yq_list = yq.split(" ") result = subprocess.run(["apt", "full-upgrade"] + |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 806 | GTK set_markup with user input risk | set_markup( |
f.upgrade_inprogress: self.ui_upgradeinfo_label.set_markup( "{}". |
| 2 | src/MainWindow.py | 834 | GTK set_markup with user input risk | set_markup( |
f.upgrade_inprogress: self.ui_upgradeinfo_label.set_markup( "{}". |
| 3 | src/MainWindow.py | 860 | GTK set_markup with user input risk | set_markup( |
f.upgrade_inprogress: self.ui_upgradeinfo_label.set_markup( "{}". |
| 4 | src/MainWindow.py | 980 | GTK set_markup with user input risk | set_markup( |
repo_name = gtk.label.new() repo_name.set_markup("{} {} {} {}".format(sub["type"], s |
| 5 | src/MainWindow.py | 1131 | GTK set_markup with user input risk | set_markup( |
sw.set_visible(true) self.ui_distupdowninfo_label.set_markup("{}".format(("package |
| 6 | src/MainWindow.py | 1251 | GTK set_markup with user input risk | set_markup( |
t_value(interval) self.ui_settingslastupdate_label.set_markup("{}".format( date |
| 7 | src/MainWindow.py | 1491 | GTK set_markup with user input risk | set_markup( |
.set_sensitive(true) self.ui_dpkgconfigurefix_label.set_markup("{}".format( |
| 8 | src/MainWindow.py | 1501 | GTK set_markup with user input risk | set_markup( |
.set_visible(true) self.ui_dpkgconfigureinfo_label.set_markup("{}".format(_("the pro |
| 9 | src/MainWindow.py | 1640 | GTK set_markup with user input risk | set_markup( |
button) name = gtk.label.new() name.set_markup("{}".format(glib.marku |
| 10 | src/MainWindow.py | 1645 | GTK set_markup with user input risk | set_markup( |
summarylabel = gtk.label.new() summarylabel.set_markup( "{}</smal |
| 11 | src/MainWindow.py | 1651 | GTK set_markup with user input risk | set_markup( |
old_version = gtk.label.new() old_version.set_markup("{}".fo |
| 12 | src/MainWindow.py | 1656 | GTK set_markup with user input risk | set_markup( |
sep_label = gtk.label.new() sep_label.set_markup(">>") |
| 13 | src/MainWindow.py | 1659 | GTK set_markup with user input risk | set_markup( |
new_version = gtk.label.new() new_version.set_markup("{}".fo |
| 14 | src/MainWindow.py | 1784 | GTK set_markup with user input risk | set_markup( |
heck_labels(self): self.ui_settingslastupdate_label.set_markup("{}".format( date |
| 15 | src/MainWindow.py | 1937 | GTK set_markup with user input risk | set_markup( |
name = gtk.label.new() name.set_markup("{}".format(glib.markup_escape_text(pa |
| 16 | src/MainWindow.py | 1942 | GTK set_markup with user input risk | set_markup( |
summarylabel = gtk.label.new() summarylabel.set_markup( " |
| 17 | src/MainWindow.py | 1948 | GTK set_markup with user input risk | set_markup( |
old_version = gtk.label.new() old_version.set_markup("{} |
| 18 | src/MainWindow.py | 1953 | GTK set_markup with user input risk | set_markup( |
sep_label = gtk.label.new() sep_label.set_markup(">>") |
| 19 | src/MainWindow.py | 1956 | GTK set_markup with user input risk | set_markup( |
new_version = gtk.label.new() new_version.set_markup("{} |
| 20 | src/MainWindow.py | 2038 | GTK set_markup with user input risk | set_markup( |
cent"]) self.ui_distrequireddiskinfo_label.set_markup("{}: {}".format( |
| 21 | src/MainWindow.py | 2266 | GTK set_markup with user input risk | set_markup( |
6: # dpkg lock error self.ui_upgradeinfo_label.set_markup("{}< |
| 22 | src/MainWindow.py | 2270 | GTK set_markup with user input risk | set_markup( |
dpkg interrupt error self.ui_upgradeinfo_label.set_markup("{}</ |
| 23 | src/MainWindow.py | 2431 | GTK set_markup with user input risk | set_markup( |
print("down ok") self.ui_distupdowninfo_label.set_markup( "{}".fo |
| 24 | src/MainWindow.py | 2445 | GTK set_markup with user input risk | set_markup( |
ne) else: self.ui_distupdowninfo_label.set_markup("{}".format(_("the dow |
| 25 | src/MainWindow.py | 2528 | GTK set_markup with user input risk | set_markup( |
quest dismissed self.ui_dpkgconfigureinfo_label.set_markup("{}".format(_("error." |
| 26 | src/MainWindow.py | 2530 | GTK set_markup with user input risk | set_markup( |
) else: self.ui_dpkgconfigureinfo_label.set_markup("{}".format(_("process |
| 27 | src/SysActions.py | 10 | random module (not cryptographically secure) | import random |
18 14:53:00 2020 @author: fatih """ import json import os import random import string import subpro |
| 28 | src/Utils.py | 127 | GTK set_markup with user input risk | set_markup( |
position.center) self.set_title(title) self.set_markup(text) def show(self): |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/MainWindow.py | 162 | GTK set_markup with user input risk | set_markup( |
.get_active_iter() ][0] self.dlg_lbl_format.set_markup(f"- {selectedformat}") |
| 2 | src/MainWindow.py | 163 | GTK set_markup with user input risk | set_markup( |
kup(f"- {selectedformat}") self.dlg_lbl_disk.set_markup( f"- {self.usb |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/xfce/KeyboardManager.py | 91 | subprocess.run with shell=True | subprocess.run("cat /etc/default/keyboard | grep XKBLAYOUT | tr -d '\"'", shell= |
keyboard def getsystemkeyboardstate(): layoutprocess = subprocess.run("cat /etc/default/keyboard |
| 2 | src/xfce/KeyboardManager.py | 93 | subprocess.run with shell=True | subprocess.run("cat /etc/default/keyboard | grep XKBVARIANT | tr -d '\"'", shell |
capture_output=true) variantprocess = subprocess.run("cat /etc/default/keyboard | grep xkbvarian |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/utils.py | 28 | GTK set_markup with user input risk | set_markup( |
position.center) self.set_title(title) self.set_markup(text) def show(self): |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/utils.py | 25 | GTK set_markup with user input risk | set_markup( |
position.center) self.set_title(title) self.set_markup(text) def show(self): |
| # | File | Line | Type | Match | Context |
|---|---|---|---|---|---|
| 1 | src/xfce/DatetimeManager.py | 55 | subprocess.run with shell=True | subprocess.run("xfce4-panel -q", shell=True |
oin(lines) def savefile(): global configfiledata subprocess.run("xfce4-panel -q", shell=t |
| 2 | src/xfce/DatetimeManager.py | 62 | subprocess.run with shell=True | subprocess.run("xfce4-panel &", shell=True |
path, "w") as file: file.write(configfiledata) subprocess.run("xfce4-panel &", shell=tr |
| 3 | tr.org.pardus.xfce-tweaks.policy | 20 | auth_admin_keep policy | auth_admin_keep |
ow_inactive>auth_admin</allow_inactive> <allow_active>auth_admin_keep</allow_active> </def |
test_all.py— Confirms 11 vulnerability types with working PoCstest_priv_esc.py— Demonstrates 8 privilege escalation paths
reports/scan_results.json— All 315 findings in JSON format
Generated by PARDUS-VULN-DB scanner
These polkit policies use <allow_active>yes</allow_active> meaning ANY process (even unprivileged) can run these actions as root WITHOUT any password.
| # | Package | Action ID | File | What Runs as Root |
|---|---|---|---|---|
| 1 | pardus-software | tr.org.pardus.pkexec.pardus-software-autoaptupdateaction | tr.org.pardus.pkexec.pardus-software.policy:43 | AutoAptUpdate.py — apt update |
| 2 | pardus-update | tr.org.pardus.pkexec.pardus-update-aptupdateaction | tr.org.pardus.pkexec.pardus-update.policy:31 | AutoAptUpdate.py — apt update |
| 3 | pardus-update | tr.org.pardus.pkexec.pardus-update-settingswrite | tr.org.pardus.pkexec.pardus-update.policy:45 | SystemSettingsWrite.py — root file write |
| 4 | pardus-about | tr.org.pardus.pkexec.pardus-about.system_info | tr.org.pardus.pkexec.pardus-about.policy:31 | Actions.py — ACPI/system commands |
| 5 | pardus-power-manager-old | — | ppm.policy:10 | main.py — Full GUI as root |
Exploit (if packages installed):
# No password prompt — runs as root immediately
pkexec /usr/share/pardus/pardus-software/src/AutoAptUpdate.py
These policies allow ANY authenticated user (not just admins) to run code as root.
| # | Package | Policy File | Risk |
|---|---|---|---|
| 6 | pardus-domain-joiner | tr.org.pardus.pkexec.domain-joiner.policy | os.kill(pid, SIGKILL) as root — kill init/PID 1 |
| 7 | eta-otp-lock | tr.org.etap.otp-settings.policy | write to system files as root |
Exploit:
# Any user with a password can kill init:
pkexec /usr/share/pardus/pardus-domain-joiner/src/Actions.py cancel 1
These policies allow running /usr/bin/kill as root with any PID.
| # | Package | Policy | Executable |
|---|---|---|---|
| 8 | pardus-image-writer | tr.org.pardus.pkexec.pardus-image-writer-kill | /usr/bin/kill |
| 9 | pardus-usb-formatter | tr.org.pardus.pkexec.pardus-usb-formatter-kill | /usr/bin/kill |
Exploit:
pkexec kill -SIGTERM 1 # Kill init as root
- Package: pardus-mycomputer
- File: DiskManager.py:89-92
- Attack: Unprivileged process writes to
/tmp/fstab.tmp, then callspkexec mv /tmp/fstab.tmp /etc/fstab - Race: Attacker replaces
/tmp/fstab.tmpwith symlink to/etc/sudoersbetween write and mv - Result: Root-owned file overwrite
- Package: pardus-power-manager
- File: Brightness.py:14-18
- Code:
subprocess.call(["adduser", user, group]) - Social engineering: Admin thinks they're adjusting brightness but actually adds attacker to sudo group
- Package: pardus-installer
- File: service.py:29-33
- Code:
open("/tmp/.passwd", "w")→ write password →chpasswd→rm -f - Race: Attacker reads /tmp/.passwd before deletion
- Package: pardus-power-manager-advanced
- File: util.py:9-10
- Code:
os.mkfifo("/run/ppm")withos.chmod("/run/ppm", 0o222) - Impact: Any local user writes JSON commands to root service
- Package: pardus-domain-joiner
- File: Actions.py:64
- Code:
os.kill(int(sys.argv[2]), signal.SIGKILL)— kill ANY PID as root - Impact: Denial of service (kill init) or kill security processes
- Package: eta-otp-lock
- File: actions.py:27-32
- Code:
save(user, sys.argv[2])writes to/etc/otp-secrets.jsonas root - Impact: Write arbitrary JSON to system file as root
- Package: pardus-parental-control
- File: dbus/tr.org.pardus.parental-control.conf
- Service: PPCDaemon.py runs as root via D-Bus
- Risk: D-Bus interface allows unprivileged callers limited access
| # | Path | Auth Required | Impact |
|---|---|---|---|
| 1 | pkexec AutoAptUpdate | NONE | Root command execution |
| 2 | pkexec system_info | NONE (active) | Root command execution |
| 3 | pkexec power-manager-old | NONE | Root GUI |
| 4 | pkexec domain-joiner | Any user | Arbitrary PID kill |
| 5 | pkexec eta-otp-lock | Any user | Root file write |
| 6 | pkexec kill | Admin | Denial of service |
| 7 | Symlink TOCTOU | Admin | Root file overwrite |
| 8 | Brightness.py adduser | Admin | Group escalation → root |
| 9 | /tmp/.passwd leak | Race condition | Password disclosure |
| 10 | /run/ppm FIFO | None (world-writable) | Service manipulation |
(See above for complete listing organized by repo)