On Fri, Jul 30, 2021 at 7:55 AM Petr Lautrbach <plautrba@xxxxxxxxxx> wrote:
>
> Fixes:
> Error: COPY_PASTE_ERROR (CWE-398): [#def3]
> selinux/python/sepolicy/sepolicy/__init__.py:1032: original: ""_key_t"" looks like the original copy.
> selinux/python/sepolicy/sepolicy/__init__.py:1035: copy_paste_error: ""_key_t"" looks like a copy-paste error.
> selinux/python/sepolicy/sepolicy/__init__.py:1035: remediation: Should it say ""_secret_t"" instead?
> # 1033|
> # 1034| if f.endswith("_secret_t"):
> # 1035|-> return txt + "treat the files as %s secret data." % prettyprint(f, "_key_t")
> # 1036|
> # 1037| if f.endswith("_ra_t"):
>
> Error: COPY_PASTE_ERROR (CWE-398): [#def4]
> selinux/python/sepolicy/sepolicy/__init__.py:1065: original: ""_tmp_t"" looks like the original copy.
> selinux/python/sepolicy/sepolicy/__init__.py:1067: copy_paste_error: ""_tmp_t"" looks like a copy-paste error.
> selinux/python/sepolicy/sepolicy/__init__.py:1067: remediation: Should it say ""_etc_t"" instead?
> # 1065| return txt + "store %s temporary files in the /tmp directories." % prettyprint(f, "_tmp_t")
> # 1066| if f.endswith("_etc_t"):
> # 1067|-> return txt + "store %s files in the /etc directories." % prettyprint(f, "_tmp_t")
> # 1068| if f.endswith("_home_t"):
> # 1069| return txt + "store %s files in the users home directory." % prettyprint(f, "_home_t")
>
> Signed-off-by: Petr Lautrbach <plautrba@xxxxxxxxxx>
Acked-by: James Carter <jwcart2@xxxxxxxxx>
> ---
> python/sepolicy/sepolicy/__init__.py | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
> index df773a6b314e..6b6160a449df 100644
> --- a/python/sepolicy/sepolicy/__init__.py
> +++ b/python/sepolicy/sepolicy/__init__.py
> @@ -1039,7 +1039,7 @@ def get_description(f, markup=markup):
> return txt + "treat the files as %s key data." % prettyprint(f, "_key_t")
>
> if f.endswith("_secret_t"):
> - return txt + "treat the files as %s secret data." % prettyprint(f, "_key_t")
> + return txt + "treat the files as %s secret data." % prettyprint(f, "_secret_t")
>
> if f.endswith("_ra_t"):
> return txt + "treat the files as %s read/append content." % prettyprint(f, "_ra_t")
> @@ -1071,7 +1071,7 @@ def get_description(f, markup=markup):
> if f.endswith("_tmp_t"):
> return txt + "store %s temporary files in the /tmp directories." % prettyprint(f, "_tmp_t")
> if f.endswith("_etc_t"):
> - return txt + "store %s files in the /etc directories." % prettyprint(f, "_tmp_t")
> + return txt + "store %s files in the /etc directories." % prettyprint(f, "_etc_t")
> if f.endswith("_home_t"):
> return txt + "store %s files in the users home directory." % prettyprint(f, "_home_t")
> if f.endswith("_tmpfs_t"):
> --
> 2.32.0
>
