Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PrismaScan Flags Critical Issue With Private Keys #590

Open
juls858 opened this issue Jul 21, 2021 · 0 comments
Open

PrismaScan Flags Critical Issue With Private Keys #590

juls858 opened this issue Jul 21, 2021 · 0 comments

Comments

@juls858
Copy link

juls858 commented Jul 21, 2021

Actual Behavior

Copied from here

PrismaScan:
https://vscanapidoc.redlock.io

Our company uses PrismaScan to scan container images for vulnerabilities.

The backports test module contains private keys which are causing this alert.

{
"compliances": [
				{
					"id": 425,
					"title": "Private keys stored in image",
					"severity": "high",
					"cause": "Found: /opt/conda/lib/python3.9/site-packages/future/backports/test/badcert.pem, /opt/conda/lib/python3.9/site-packages/future/backports/test/badkey.pem, /opt/conda/lib/python3.9/site-packages/future/backports/test/keycert.passwd.pem, /opt/conda/lib/python3.9/site-packages/future/backports/test/keycert.pem, /opt/conda/lib/python3.9/site-packages/future/backports/test/keycert2.pem, /opt/conda/lib/python3.9/site-packages/future/backports/test/ssl_key.passwd.pem, /opt/conda/lib/python3.9/site-packages/future/backports/test/ssl_key.pem, /opt/conda/pkgs/future-0.18.2-py39h06a4308_1/lib/python3.9/site-packages/future/backports/test/badcert.pem, /opt/conda/pkgs/future-0.18.2-py39h06a4308_1/lib/python3.9/site-packages/future/backports/test/badkey.pem, /opt/conda/pkgs/future-0.18.2-py39h06a4308_1/lib/python3.9/site-packages/future/backports/test/keycert.passwd.pem, /opt/conda/pkgs/future-0.18.2-py39h06a4308_1/lib/python3.9/site-packages/future/backports/test/keycert.pem, /opt/conda/pkgs/future-0.18.2-py39h06a4308_1/lib/python3.9/site-packages/future/backports/test/keycert2.pem, /opt/conda/pkgs/future-0.18.2-py39h06a4308_1/lib/python3.9/site-packages/future/backports/test/ssl_key.passwd.pem, /opt/conda/pkgs/future-0.18.2-py39h06a4308_1/lib/python3.9/site-packages/future/backports/test/ssl_key.pem"
				}
			]
}

Expected Behavior

No security alert should be flagged as these are tests or test distributed code should not include private keys.

Steps to Reproduce

Create container image with Minconda. I am using this image in DockerHub: continuumio/miniconda3
Run PrismaScan

Anaconda or Miniconda version:
Operating System:

Docker Image:
continuumio/miniconda3:4.9.2-alpine

conda info
     active environment : None
       user config file : /home/app/.condarc
 populated config files :
          conda version : 4.10.3
    conda-build version : not installed
         python version : 3.9.5.final.0
       virtual packages : __linux=5.10.25=0
                          __glibc=2.32=0
                          __unix=0=0
                          __archspec=1=x86_64
       base environment : /opt/conda  (read only)
      conda av data dir : /opt/conda/etc/conda
  conda av metadata url : None
           channel URLs : https://repo.anaconda.com/pkgs/main/linux-64
                          https://repo.anaconda.com/pkgs/main/noarch
                          https://repo.anaconda.com/pkgs/r/linux-64
                          https://repo.anaconda.com/pkgs/r/noarch
          package cache : /opt/conda/pkgs
                          /home/app/.conda/pkgs
       envs directories : /home/app/.conda/envs
                          /opt/conda/envs
               platform : linux-64
             user-agent : conda/4.10.3 requests/2.25.1 CPython/3.9.5 Linux/5.10.25-linuxkit alpine/3.12.1 glibc/2.32
                UID:GID : 1000:1000
             netrc file : None
           offline mode : False
conda list --show-channel-urls
# packages in environment at /opt/conda:
#
# Name                    Version                   Build  Channel
_libgcc_mutex             0.1                        main    defaults
aadict                    0.2.3              pyh9f0ad1d_0    conda-forge
aiopg                     1.0.0                      py_0    defaults
arrow-cpp                 3.0.0            py39hced866c_0    defaults
asn1crypto                1.4.0                      py_0    defaults
asset                     0.6.13             pyh9f0ad1d_0    conda-forge
autologging               1.3.2                      py_0    conda-forge
aws-lambda-powertools     1.17.1             pyhd8ed1ab_0    conda-forge
aws-xray-sdk              2.8.0            py39h06a4308_0    defaults
awswrangler               2.9.0              pyhd8ed1ab_0    conda-forge
beautifulsoup4            4.9.3              pyha847dfd_0    defaults
blas                      1.0                         mkl    defaults
boost-cpp                 1.73.0              h27cfd23_11    defaults
boto3                     1.17.109           pyhd3eb1b0_0    defaults
botocore                  1.20.109           pyhd3eb1b0_1    defaults
bottleneck                1.3.2            py39hdd57654_1    defaults
brotli                    1.0.9                he6710b0_2    defaults
brotlipy                  0.7.0           py39h27cfd23_1003    defaults
bzip2                     1.0.8                h7b6447c_0    defaults
c-ares                    1.17.1               h27cfd23_0    defaults
ca-certificates           2021.7.5             h06a4308_1    defaults
certifi                   2021.5.30        py39h06a4308_0    defaults
cffi                      1.14.6           py39h400218f_0    defaults
chardet                   4.0.0           py39h06a4308_1003    defaults
click                     8.0.1              pyhd3eb1b0_0    defaults
conda                     4.10.3           py39h06a4308_0    defaults
conda-package-handling    1.7.3            py39h27cfd23_1    defaults
cryptography              3.4.7            py39hd23ed53_0    defaults
double-conversion         3.1.5                he6710b0_1    defaults
et_xmlfile                1.1.0            py39h06a4308_0    defaults
freetds                   1.00.97              h52ef933_0    defaults
future                    0.18.2           py39h06a4308_1    defaults
gflags                    2.2.2                he6710b0_0    defaults
globre                    0.1.5              pyh9f0ad1d_0    conda-forge
glog                      0.5.0                h2531618_0    defaults
greenlet                  1.1.0            py39h2531618_0    defaults
grpc-cpp                  1.26.0               hf8bcb03_0    defaults
icu                       58.2                 he6710b0_3    defaults
idna                      2.10                       py_0    defaults
importlib-metadata        3.10.0           py39h06a4308_0    defaults
intel-openmp              2021.3.0          h06a4308_3350    defaults
jdcal                     1.4.1                      py_0    defaults
jmespath                  0.10.0                     py_0    defaults
krb5                      1.17.1               h173b8e3_0    defaults
ld_impl_linux-64          2.33.1               h53a641e_7    defaults
libboost                  1.73.0              h3ff78a5_11    defaults
libedit                   3.1.20191231         h14c3975_1    defaults
libevent                  2.1.8                h1ba5d50_1    defaults
libffi                    3.3                  he6710b0_2    defaults
libgcc-ng                 9.1.0                hdf63c60_0    defaults
libpq                     12.2                 h20c2e04_0    defaults
libprotobuf               3.11.2               hd408876_0    defaults
libstdcxx-ng              9.1.0                hdf63c60_0    defaults
libthrift                 0.13.0               hfb8234f_6    defaults
libxml2                   2.9.10               hb55368b_3    defaults
libxslt                   1.1.34               hc22bd24_0    defaults
lxml                      4.6.3            py39h9120a33_0    defaults
lz4-c                     1.9.3                h2531618_0    defaults
mkl                       2021.3.0           h06a4308_520    defaults
mkl-service               2.4.0            py39h7f8727e_0    defaults
mkl_fft                   1.3.0            py39h42c9631_2    defaults
mkl_random                1.2.2            py39h51133e4_0    defaults
ncurses                   6.2                  he6710b0_1    defaults
numexpr                   2.7.3            py39h22e1b3c_1    defaults
numpy                     1.20.3           py39hf144106_0    defaults
numpy-base                1.20.3           py39h74d4b33_0    defaults
openpyxl                  3.0.7              pyhd3eb1b0_0    defaults
openssl                   1.1.1k               h27cfd23_0    defaults
orc                       1.6.5                h973521d_1    defaults
pandas                    1.2.5            py39h295c915_0    defaults
pg8000                    1.19.5             pyhd3eb1b0_0    defaults
pip                       21.1.3           py39h06a4308_0    defaults
psycopg2                  2.8.6            py39h3c74f83_1    defaults
pyarrow                   3.0.0            py39he0739d4_3    defaults
pycosat                   0.6.3            py39h27cfd23_0    defaults
pycparser                 2.20                       py_2    defaults
pyhocon                   0.3.58             pyhd8ed1ab_0    conda-forge
pymssql                   2.1.5            py39hf149a3a_1    conda-forge
pymysql                   1.0.2            py39h06a4308_1    defaults
pyodbc                    4.0.31           py39h295c915_0    defaults
pyopenssl                 19.1.0             pyhd3eb1b0_1    defaults
pyparsing                 2.4.7              pyhd3eb1b0_0    defaults
pysocks                   1.7.1            py39h06a4308_0    defaults
python                    3.9.5                h12debd9_4    defaults
python-dateutil           2.8.2              pyhd3eb1b0_0    defaults
python-dotenv             0.18.0             pyhd8ed1ab_0    conda-forge
python-fastjsonschema     2.15.1             pyhd3eb1b0_0    defaults
python_abi                3.9                      2_cp39    conda-forge
pytz                      2021.1             pyhd3eb1b0_0    defaults
re2                       2020.11.01           h2531618_1    defaults
readline                  8.0                  h7b6447c_0    defaults
redshift_connector        2.0.883            pyhd8ed1ab_0    conda-forge
requests                  2.25.1             pyhd3eb1b0_0    defaults
ruamel_yaml               0.15.100         py39h27cfd23_0    defaults
s3transfer                0.4.2              pyhd3eb1b0_0    defaults
scramp                    1.4.0              pyhd3eb1b0_0    defaults
setuptools                52.0.0           py39h06a4308_0    defaults
six                       1.16.0             pyhd3eb1b0_0    defaults
snappy                    1.1.8                he6710b0_0    defaults
soupsieve                 2.2.1              pyhd3eb1b0_0    defaults
sqlalchemy                1.4.21           py39h7f8727e_0    defaults
sqlite                    3.36.0               hc218d9a_0    defaults
tk                        8.6.10               hbc83047_0    defaults
tqdm                      4.51.0             pyhd3eb1b0_0    defaults
tzdata                    2021a                h52ac0ba_0    defaults
unixodbc                  2.3.9                h7b6447c_0    defaults
uriparser                 0.9.3                he6710b0_1    defaults
urllib3                   1.26.6             pyhd3eb1b0_1    defaults
utf8proc                  2.6.1                h27cfd23_0    defaults
wheel                     0.35.1             pyhd3eb1b0_0    defaults
wrapt                     1.12.1           py39he8ac12f_1    defaults
xz                        5.2.5                h7b6447c_0    defaults
yaml                      0.2.5                h7b6447c_0    defaults
zipp                      3.5.0              pyhd3eb1b0_0    defaults
zlib                      1.2.11               h7b6447c_3    defaults
zstd                      1.4.9                haebb681_0    defaults
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@juls858