During a security audit of napalm, three findings were identified.
Finding 1: Unsafe reflection via importlib.import_module() (High — CWE-470)
importlib.import_module() is called with a dynamic value in two locations:
napalm/base/__init__.py:88 — core librarynapalm/eos/eos.py:174 — Arista EOS driver
If user-controlled input reaches this call — via device hostname, config file, or API parameter — an attacker can load arbitrary code. In a network automation context this runs with access to device credentials and configuration state.
Finding 2: Jinja2 template rendering without autoescaping (High — CWE-79)
napalm/base/helpers.py:112 uses Jinja2 without autoescape=True:
env = jinja2.Environment(loader=jinja2.FileSystemLoader(...))
This is production code, not docs. Three detectors flagged it independently (Semgrep + Bandit B701). If template data originates from device responses, injection is reachable.
Fix: jinja2.Environment(loader=..., autoescape=True)
Finding 3: Unpinned GitHub Actions in CI/CD workflows (Medium — CWE-1357)
Both pythonpublish.yml and commit.yaml use tag-pinned actions instead of SHA-pinned:
- uses: actions/checkout@v3
The publish workflow has access to PyPI credentials. A compromised upstream action tag silently injects into the release pipeline.
Fix: Pin to full commit SHA, e.g. actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
During a security audit of napalm, three findings were identified.
Finding 1: Unsafe reflection via
importlib.import_module()(High — CWE-470)importlib.import_module()is called with a dynamic value in two locations:napalm/base/__init__.py:88— core librarynapalm/eos/eos.py:174— Arista EOS driverIf user-controlled input reaches this call — via device hostname, config file, or API parameter — an attacker can load arbitrary code. In a network automation context this runs with access to device credentials and configuration state.
Finding 2: Jinja2 template rendering without autoescaping (High — CWE-79)
napalm/base/helpers.py:112uses Jinja2 withoutautoescape=True:This is production code, not docs. Three detectors flagged it independently (Semgrep + Bandit B701). If template data originates from device responses, injection is reachable.
Fix:
jinja2.Environment(loader=..., autoescape=True)Finding 3: Unpinned GitHub Actions in CI/CD workflows (Medium — CWE-1357)
Both
pythonpublish.ymlandcommit.yamluse tag-pinned actions instead of SHA-pinned:The publish workflow has access to PyPI credentials. A compromised upstream action tag silently injects into the release pipeline.
Fix: Pin to full commit SHA, e.g.
actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683