PyCQA · ericwb · Feb 8, 2022 · Dec 20, 2021 · Dec 22, 2021 · Feb 8, 2022
diff --git a/bandit/plugins/general_hardcoded_password.py b/bandit/plugins/general_hardcoded_password.py
@@ -36,6 +36,7 @@ def hardcoded_password_string(context):
 
     - assigned to a variable that looks like a password
     - assigned to a dict key that looks like a password
+    - assigned to a class attribute that looks like a password
     - used in a comparison with a variable that looks like a password
 
     Variables are considered to look like a password if they have match any one
@@ -79,6 +80,9 @@ def hardcoded_password_string(context):
         for targ in node._bandit_parent.targets:
             if isinstance(targ, ast.Name) and RE_CANDIDATES.search(targ.id):
                 return _report(node.s)
+            elif isinstance(targ, ast.Attribute) \
+                    and RE_CANDIDATES.search(targ.attr):
+                return _report(node.s)
 
     elif (isinstance(node._bandit_parent, ast.Subscript)
           and RE_CANDIDATES.search(node.s)):
@@ -105,6 +109,10 @@ def hardcoded_password_string(context):
             if RE_CANDIDATES.search(comp.left.id):
                 if isinstance(comp.comparators[0], ast.Str):
                     return _report(comp.comparators[0].s)
+        elif isinstance(comp.left, ast.Attribute):
+            if RE_CANDIDATES.search(comp.left.attr):
+                if isinstance(comp.comparators[0], ast.Str):
+                    return _report(comp.comparators[0].s)
 
 
 @test.checks('Call')