diff options
| author | CY Chiang <cychiang@cht.com.tw> | 2019-07-30 11:42:45 +0800 |
|---|---|---|
| committer | CY Chiang <cychiang@cht.com.tw> | 2019-07-30 13:46:01 +0800 |
| commit | c0035ed82e52756c9c04097fabba561a86da200a (patch) | |
| tree | b4fc06cdaebd3ac0f465b9b07596ef95de5d7b1b /bandit.yaml | |
| parent | 6a1b2de6bbb6e8e3f7632f857b4ac5f2dcb662d0 (diff) | |
| download | swift-c0035ed82e52756c9c04097fabba561a86da200a.tar.gz | |
Update the bandit.yaml available tests list
According to the bandit current version document,
the B109 and B111 plugin has been removed.
And Add the following tests:
Complete Test Plugin Listing: B507, B610, B611, B703
Blacklist Plugins Listing: B322, B323, B325, B413, B414
Reference URL: https://bandit.readthedocs.io/en/latest/plugins/index.html
Change-Id: I5e9365f9147776d7d90c6ba889acbde3c0e6c19d
Closes-Bug: #1838361
Diffstat (limited to 'bandit.yaml')
| -rw-r--r-- | bandit.yaml | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/bandit.yaml b/bandit.yaml index b5b1482df..e21301446 100644 --- a/bandit.yaml +++ b/bandit.yaml @@ -16,9 +16,7 @@ # B106 : hardcoded_password_funcarg # B107 : hardcoded_password_default # B108 : hardcoded_tmp_directory -# B109 : password_config_option_not_marked_secret # B110 : try_except_pass -# B111 : execute_with_run_as_root_equals_true # B112 : try_except_continue # B201 : flask_debug_true # B301 : pickle @@ -42,6 +40,9 @@ # B319 : xml_bad_pulldom # B320 : xml_bad_etree # B321 : ftplib +# B322 : input +# B323 : unverified_context +# B325 : tempnam # B401 : import_telnetlib # B402 : import_ftplib # B403 : import_pickle @@ -54,12 +55,15 @@ # B410 : import_lxml # B411 : import_xmlrpclib # B412 : import_httpoxy +# B413 : import_pycrypto +# B414 : import_pycryptodome # B501 : request_with_no_cert_validation # B502 : ssl_with_bad_version # B503 : ssl_with_bad_defaults # B504 : ssl_with_no_version # B505 : weak_cryptographic_key # B506 : yaml_load +# B507 : ssh_no_host_key_verification # B601 : paramiko_calls # B602 : subprocess_popen_with_shell_equals_true # B603 : subprocess_without_shell_equals_true @@ -69,8 +73,11 @@ # B607 : start_process_with_partial_path # B608 : hardcoded_sql_expressions # B609 : linux_commands_wildcard_injection +# B610 : django_extra_used +# B611 : django_rawsql_used # B701 : jinja2_autoescape_false # B702 : use_of_mako_templates +# B703 : django_mark_safe # (optional) list included test IDs here, eg '[B101, B406]': tests: [B102, B103, B302, B306, B308, B309, B310, B401, B501, B502, B506, B601, B602, B609] |