Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement Proposal: Plugin "assert_used" config skip-snippet #1

Open
wants to merge 107 commits into
base: master
Choose a base branch
from
Open

Enhancement Proposal: Plugin "assert_used" config skip-snippet #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
107 commits
Select commit Hold shift + click to select a range
0afaffa
Update asserts.py
marianomartinelli Mar 6, 2021
1eff509
Add string options for severity and confidence (#702)
nathanstocking Apr 2, 2021
193c355
#694 Bandit fails when using importlib with named arguments (#701)
maciejstromich Apr 5, 2021
0e23506
Add license to package installation metadata (#705)
RobbeSneyders Apr 12, 2021
5ecc4f5
Mock part of python 3.x (#685)
ericwb Jun 15, 2021
9a99388
Update README.rst (#713)
ericwb Jun 15, 2021
55b8834
Use new issue template format (#717)
ericwb Jun 29, 2021
a99b4c7
Fix syntax error in bug report (#718)
ericwb Jun 29, 2021
c31ab29
Update bug_report.yaml (#719)
ericwb Jun 29, 2021
2bd1ffa
Fix syntax errors in bug report (#720)
ericwb Jun 29, 2021
d4faa78
document that random.choices() isn't secure either (#728)
taybin Aug 24, 2021
44f5c41
PEP-518 support: configure bandit via pyproject.toml (#401)
orsinium Aug 24, 2021
aac3f16
Always use a Loader in yaml.load (#745)
ericwb Oct 24, 2021
a83c53f
fix reading initial values from .bandit (#722)
alipqb Nov 11, 2021
3dca782
Fix broken reported URL link for B107 (#751)
bagerard Nov 12, 2021
e0a12a9
test_help_arg: remove assert on 'optional arguments' (#752)
mikelolasagasti Nov 13, 2021
78543ff
Create FUNDING.yml (#774)
ericwb Jan 21, 2022
9fcf66b
Start using auto-formatters (#754)
sigmavirus24 Jan 22, 2022
1327cfa
Drop end-of-life Python 3.5 (#746)
ericwb Jan 25, 2022
0096bee
Merge branch 'master' into assert-used-doc-enhancement
ericwb Jan 25, 2022
fb8c32e
Drop end-of-life Python 3.6 (#777)
ericwb Jan 25, 2022
0d05d40
Fixup typo (#769)
spagh-eddie Jan 25, 2022
68f43eb
Fix README.rst (#365)
stannum-l Jan 25, 2022
ca4475f
Added snmp_security check plugin for various SNMP checks (#403)
Jed-Giblin Jan 25, 2022
6270185
Remove leftover openstack code (#778)
ericwb Jan 25, 2022
25fde24
Correctly define extras in `setup.cfg` (#755)
mkniewallner Jan 25, 2022
458b4a1
Rely on toml conditionally
sigmavirus24 Jan 27, 2022
e85f5fd
Update issue template with latest versions (#783)
ericwb Jan 28, 2022
f820372
Delete release-drafter.yml (#781)
ericwb Jan 28, 2022
626c845
Use released version of gh-action-pypi-publish (#784)
ericwb Jan 29, 2022
8f075da
Update publish-to-pypi.yml (#785)
ericwb Jan 29, 2022
02f206b
Delete releasenotes directory (more openstack leftovers) (#786)
ericwb Jan 29, 2022
6c94c85
Add Getting Started chapter (migrate from README) (#773)
bittner Jan 30, 2022
7d6ab4a
Including CWE information (#613)
julianthome Jan 30, 2022
fafa822
Removal of the CWEMAP dict (#789)
ericwb Feb 2, 2022
c405e4e
Fix up warnings in output of tox (#793)
ericwb Feb 4, 2022
4bc8155
Avoid printing metrics as float point numbers (#794)
ericwb Feb 4, 2022
05c7d89
Add functional test of snmp_security_check (#791)
ericwb Feb 4, 2022
11fd1a2
Suport disabling individual tests
mikespallino Feb 4, 2022
1c407d4
Change up how CWE is formatted (#788)
ericwb Feb 4, 2022
6b6b896
Check value of usedforsecurity for hashlib (#798)
ericwb Feb 7, 2022
9131162
Remove redundant Python 3.6 code (#802)
ericwb Feb 7, 2022
d1622bf
Add new plugin to check use of pyghmi (#803)
ericwb Feb 7, 2022
a9eaafa
Check for hardcoded passwords in class attributes (#766)
noliverio Feb 8, 2022
c4372a0
Better hashlib check for Python 3.9 (#805)
ericwb Feb 10, 2022
dbefd04
Fix references to the default branch name (#810)
ericwb Feb 14, 2022
b8ff685
Cleanup the README
ericwb Feb 14, 2022
a3d8b4b
Show usage with no arguments (#814)
ericwb Feb 15, 2022
1691b93
Respect color environment variables if set (#813)
ericwb Feb 17, 2022
0f4a495
Cannot seek stdin on pipe (#496)
tylerwince Feb 18, 2022
e2fa501
Test on operating systems we can support (#804)
ericwb Feb 18, 2022
78b0bc1
Fix up some warnings and errors in docs (#817)
ericwb Feb 20, 2022
4a18a92
Fix root doc for readthedocs (#818)
ericwb Feb 20, 2022
7fbf9d5
Use versioned links to docs (#819)
ericwb Feb 22, 2022
528c540
Use CWE link in HTML formatter (#825)
ericwb Feb 25, 2022
8bad6fa
Improve performance of linerange (#629)
Krock21 Feb 26, 2022
09a6ace
Inaccurate message in hashlib check (#827)
ericwb Feb 26, 2022
a65ae17
Target Python >= 3.7 in pre-commit hooks (#830)
mkniewallner Feb 27, 2022
d8c7e3c
Center the bandit logo in readme (#823)
ericwb Feb 27, 2022
20a0510
Build of artifact fails if raw directive used (#831)
ericwb Feb 27, 2022
fbaf2ce
Fix traceback in hashlib_insecure_functions (#834)
ericwb Feb 28, 2022
fcde9b5
Add version 1.7.3 to dropdown (#833)
ericwb Feb 28, 2022
71bc67c
core/config: Fix ConfigError missing argument if toml is missing (#845)
Holzhaus Mar 4, 2022
1ed7906
Add 1.7.4 in issue template (#846)
ericwb Mar 4, 2022
af06609
Add an example screen shot of Bandit to README (#847)
ericwb Mar 5, 2022
808bac2
Bad link to screen shot (#848)
ericwb Mar 5, 2022
a65c5b6
Use a constant for weak hashes (#850)
ericwb Mar 6, 2022
29bc186
Group location line with code output (#822)
ericwb Mar 6, 2022
1c0fc80
Fix line range using Python 3.8 end_lineno (#821)
ericwb Mar 6, 2022
8379bcc
Add classifier to indicate Py3 only (#853)
ericwb Mar 9, 2022
130a467
Removal of blacklist call B309 httpsconnection (#858)
ericwb Mar 19, 2022
dd423ff
Remove blacklist call check for os.tempnam (#859)
ericwb Mar 19, 2022
4d93e8a
Indiciate hash type in message (#860)
ericwb Mar 20, 2022
dd14b8f
Add the httpx module check for verify (#861)
ericwb Mar 21, 2022
4d4358b
Add doc for hashlib plugin (#862)
ericwb Mar 23, 2022
af9f8dc
Make use of rich for the progress bar (#863)
ericwb Mar 25, 2022
5a8f105
Replace `toml` with `tomli` (#829)
mkniewallner Mar 25, 2022
def9928
Fix up B109 and B111 removed plugins docs (#864)
ericwb Mar 26, 2022
5ff73ff
add check for "requests" calls without timeout (#743)
mschfh Mar 28, 2022
7c39add
Fix for build breaks in format job (#869)
ericwb Apr 1, 2022
c166855
Add license and contributing links to docs (#867)
ericwb Apr 1, 2022
05707b3
Remove redundant word Bandit in titles of sections (#873)
ericwb Apr 2, 2022
b177a3e
Add request for feedback via 👍 (#871)
ericwb Apr 2, 2022
83df96c
Add a Discord link to the docs (#870)
ericwb Apr 2, 2022
d2fa394
Adding logging.config.listen() plugin with examples (#874)
raj3shp Apr 2, 2022
d343053
Removal of ghugo (#881)
ericwb Apr 7, 2022
cd26ded
Remove redundant pip line (#884)
ericwb Apr 18, 2022
a2ac371
Corrected documentation on configuration (#868)
a-takahashi223 Apr 24, 2022
87ecc40
Test against Python 3.11 (#887)
mkniewallner Apr 24, 2022
9bbb46a
Add myself to sponsor list (#885)
ericwb Apr 28, 2022
8419fb6
Add Discord link to README (#875)
ericwb May 1, 2022
80eebd5
Update action versions in Actions workflows (#890) (#893)
mportesdev May 4, 2022
c6b3db7
Add dependency review action (#891)
ericwb May 4, 2022
cc82cec
Close the <b> tag in HTML formatter (#896)
mportesdev May 9, 2022
0e3f6e7
Test plugin listing incorrectly pointing b612 to plugin ref of b1022 …
rajaramsrn May 9, 2022
7104b33
Make small fixes in docs (#899)
mportesdev May 15, 2022
9705a71
Specify semver range for Python 3.11 (#901)
mportesdev May 18, 2022
232d52d
Add another bad example of yaml load (#905)
ericwb May 24, 2022
0f5d2b2
Add releases link in "Version control integration" (#909)
travisjungroth Jun 13, 2022
44c05fc
Update version of dependency-review-action (#911)
mportesdev Jun 17, 2022
e15fe9b
Avoid redundant message if debug on (#913)
ericwb Jun 25, 2022
0b56c57
Remove invalid checking on hashlib (#914)
ericwb Jun 27, 2022
5aae21e
Add some missing curve types (#920)
ericwb Jul 3, 2022
9832461
add jsonpickle deserialization blacklist (#707)
SugarP1g Jul 7, 2022
39cdfab
Fix reading the number argument from config file (#923)
KAUTH Jul 7, 2022
da58ceb
Add end_col_offset if available (#851)
ericwb Jul 8, 2022
715a459
Merge branch 'main' into assert-used-doc-enhancement
ericwb Jul 8, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 0 additions & 3 deletions .coveragerc
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion .github/CODEOWNERS
View file
Open in desktop
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -1 +1 @@
* @ericwb @lukehinds @ghugo @sigmavirus24
* @ericwb @lukehinds @sigmavirus24
3 changes: 3 additions & 0 deletions .github/FUNDING.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# These are supported funding model platforms
open_collective: bandit-sast
github: [ericwb]
30 changes: 0 additions & 30 deletions .github/ISSUE_TEMPLATE/Bug_report.md
View file
Open in desktop

This file was deleted.

2 changes: 2 additions & 0 deletions .github/ISSUE_TEMPLATE/Feature_request.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,5 @@ A clear and concise description of any alternative solutions or features you've

**Additional context**
Add any other context or screenshots about the feature request here.

Love this idea? Give it a 👍. We prioritize fulfilling features with the most 👍.
83 changes: 83 additions & 0 deletions .github/ISSUE_TEMPLATE/bug-report.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
name: 🐛 Bug report
description: Create a report to help us improve
labels: bug

body:
- type: markdown
attributes:
value: |
Thanks for taking the time to fill out this bug report!

- type: textarea
id: describe-bug
attributes:
label: Describe the bug
description: A clear and concise description of what the bug is.
validations:
required: true

- type: textarea
id: reproduction-steps
attributes:
label: Reproduction steps
description: Steps to reproduce the behavior
value: |
1.
2.
3.
...
render: bash
validations:
required: true

- type: textarea
id: expected-behavior
attributes:
label: Expected behavior
description: A clear and concise description of what you expected to happen.
validations:
required: true

- type: dropdown
id: bandit-version
attributes:
label: Bandit version
description: Run "bandit --version" if unsure of version number
options:
- 1.7.4 (Default)
- 1.7.3
- 1.7.2
- 1.7.1
- 1.7.0
- 1.6.3
- 1.6.2
- 1.6.1
- 1.6.0
- 1.5.1
- 1.5.0
- 1.4.0
- 1.3.0
- 0.17.0-eol
validations:
required: true

- type: dropdown
id: python-version
attributes:
label: Python version
description: Run "bandit --version" if unsure of version number
options:
- 3.10 (Default)
- 3.9
- 3.8
- 3.7
- 3.6
- 3.5
validations:
required: true

- type: textarea
id: additional-context
attributes:
label: Additional context
description: Add any other context about the problem here.
7 changes: 0 additions & 7 deletions .github/release-drafter.yml
View file
Open in desktop

This file was deleted.

14 changes: 14 additions & 0 deletions .github/workflows/dependency-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
name: 'Dependency Review'
on: [pull_request]

permissions:
contents: read

jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v2
8 changes: 4 additions & 4 deletions .github/workflows/publish-to-pypi.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,11 @@ jobs:
name: Build and publish to PyPI
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Python 3.7
uses: actions/setup-python@v2
uses: actions/setup-python@v3
with:
python-version: 3.7

Expand All @@ -24,6 +24,6 @@ jobs:

- name: Publish distribution to PyPI
if: startsWith(github.ref, 'refs/tags')
uses: pypa/gh-action-pypi-publish@master
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.pypi_password }}
password: ${{ secrets.PYPI_PASSWORD }}
8 changes: 4 additions & 4 deletions .github/workflows/publish-to-test-pypi.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,11 @@ jobs:
name: Build and publish to Test PyPI
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Python 3.7
uses: actions/setup-python@v2
uses: actions/setup-python@v3
with:
python-version: 3.7

Expand All @@ -23,7 +23,7 @@ jobs:
python setup.py sdist bdist_wheel

- name: Publish distribution to Test PyPI
uses: pypa/gh-action-pypi-publish@master
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.test_pypi_password }}
password: ${{ secrets.TEST_PYPI_PASSWORD }}
repository_url: https://test.pypi.org/legacy/
119 changes: 24 additions & 95 deletions .github/workflows/pythonpackage.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,16 @@ name: Build and Test Bandit
on: [push, pull_request]

jobs:
pylint:
format:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [3.5]
python-version: [3.7]
steps:
- uses: actions/checkout@v1
- name: Checkout repository
uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v1
uses: actions/setup-python@v3
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
Expand All @@ -21,97 +22,20 @@ jobs:
pip install -r test-requirements.txt
pip install tox
- name: Run tox
run: tox -e pylint
run: tox -e format

pep8:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [3.5]
steps:
- uses: actions/checkout@v1
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v1
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r test-requirements.txt
pip install tox
- name: Run tox
run: tox -e pep8

py35:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [3.5]
steps:
- uses: actions/checkout@v1
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v1
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r test-requirements.txt
pip install tox
- name: Run tox
run: tox -e py35

py36:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [3.6]
steps:
- uses: actions/checkout@v1
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v1
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r test-requirements.txt
pip install tox
- name: Run tox
run: tox -e py36

py37:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [3.7]
steps:
- uses: actions/checkout@v1
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v1
- name: Checkout repository
uses: actions/checkout@v3
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r test-requirements.txt
pip install tox
- name: Run tox
run: tox -e py37

py38:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [3.8]
steps:
- uses: actions/checkout@v1
fetch-depth: 2
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v1
uses: actions/setup-python@v3
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
Expand All @@ -121,24 +45,29 @@ jobs:
pip install -r test-requirements.txt
pip install tox
- name: Run tox
run: tox -e py38
run: tox -e pep8

py39:
runs-on: ubuntu-latest
tests:
strategy:
matrix:
python-version: [3.9]
python-version: [
["3.7", "37"], ["3.8", "38"], ["3.9", "39"], ["3.10", "310"], ["3.11.0-a - 3.11", "311"]
]
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
name: ${{ matrix.os }} (${{ matrix.python-version[0] }})
steps:
- uses: actions/checkout@v1
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v1
- name: Checkout repository
uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version[0] }}
uses: actions/setup-python@v3
with:
python-version: ${{ matrix.python-version }}
python-version: ${{ matrix.python-version[0] }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r test-requirements.txt
pip install tox
- name: Run tox
run: tox -e py39
run: tox -e py${{ matrix.python-version[1] }}
1 change: 0 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,3 @@ ChangeLog
doc/source/api
.*.sw?
AUTHORS
releasenotes/build