openstack/bandit
Code Issues Proposed changes
bandit/setup.cfg
Tim Kelsey a9839d4266 Breaking out blacklists 
This change removes the old blacklist plugins and replaces them
with new built in functionality that loads blacklist item data
from a new plugin entry point. The new test also improve on the
old functionality that was broken in the following way:

import xml.sax # issue found OK
from xml import sax # no issue found, wrong

Finally, this patch removes the use of filename style wild cards
such as * from the import blacklist matching, as this was not being
used. Both this test and the old ones will alert on any import from
within the blacklisted namespace.

Change-Id: I98af6daf3c54561c0e4b399605ea615b42b7b283
2016-01-19 13:33:00 +00:00

125 lines
5.0 KiB
INI
Raw Blame History

[metadata]
name = bandit
summary = Security oriented static analyser for python code.
description-file =
README.rst
author = OpenStack Security Group
author-email = openstack-dev@lists.openstack.org
home-page = https://wiki.openstack.org/wiki/Security/Projects/Bandit
classifier =
Environment :: OpenStack
Intended Audience :: Information Technology
Intended Audience :: System Administrators
Intended Audience :: Developers
License :: OSI Approved :: Apache Software License
Operating System :: POSIX :: Linux
Operating System :: MacOS :: MacOS X
Programming Language :: Python
Programming Language :: Python :: 2
Programming Language :: Python :: 2.7
Programming Language :: Python :: 3
Programming Language :: Python :: 3.4
Topic :: Security
[entry_points]
console_scripts =
bandit = bandit.cli.main:main
bandit-config-generator = bandit.cli.config_generator:main
bandit-baseline = bandit.cli.baseline:main
bandit.blacklists =
calls = bandit.blacklists.calls:gen_blacklist
imports = bandit.blacklists.imports:gen_blacklist
bandit.formatters =
csv = bandit.formatters.csv:report
json = bandit.formatters.json:report
txt = bandit.formatters.text:report
xml = bandit.formatters.xml:report
html = bandit.formatters.html:report
screen = bandit.formatters.screen:report
bandit.plugins =
# bandit/plugins/app_debug.py
flask_debug_true = bandit.plugins.app_debug:flask_debug_true
# bandit/plugins/asserts.py
assert_used = bandit.plugins.asserts:assert_used
# bandit/plugins/crypto_request_no_cert_validation.py
request_with_no_cert_validation = bandit.plugins.crypto_request_no_cert_validation:request_with_no_cert_validation
# bandit/plugins/exec_as_root.py
execute_with_run_as_root_equals_true = bandit.plugins.exec_as_root:execute_with_run_as_root_equals_true
# bandit/plugins/exec.py
exec_used = bandit.plugins.exec:exec_used
# bandit/plugins/general_bad_File_permissions.py
set_bad_file_permissions = bandit.plugins.general_bad_file_permissions:set_bad_file_permissions
# bandit/plugins/general_bind_all_interfaces.py
hardcoded_bind_all_interfaces = bandit.plugins.general_bind_all_interfaces:hardcoded_bind_all_interfaces
# bandit/plugins/general_hardcoded_password.py
hardcoded_password_string = bandit.plugins.general_hardcoded_password:hardcoded_password_string
hardcoded_password_funcarg = bandit.plugins.general_hardcoded_password:hardcoded_password_funcarg
hardcoded_password_default = bandit.plugins.general_hardcoded_password:hardcoded_password_default
# bandit/plugins/general_hardcoded_tmp.py
hardcoded_tmp_directory = bandit.plugins.general_hardcoded_tmp:hardcoded_tmp_directory
# bandit/plugins/injection_paramiko.py
paramiko_calls = bandit.plugins.injection_paramiko:paramiko_calls
# bandit/plugins/injection_shell.py
subprocess_popen_with_shell_equals_true = bandit.plugins.injection_shell:subprocess_popen_with_shell_equals_true
subprocess_without_shell_equals_true = bandit.plugins.injection_shell:subprocess_without_shell_equals_true
any_other_function_with_shell_equals_true = bandit.plugins.injection_shell:any_other_function_with_shell_equals_true
start_process_with_a_shell = bandit.plugins.injection_shell:start_process_with_a_shell
start_process_with_no_shell = bandit.plugins.injection_shell:start_process_with_no_shell
start_process_with_partial_path = bandit.plugins.injection_shell:start_process_with_partial_path
# bandit/plugins/injection_sql.py
hardcoded_sql_expressions = bandit.plugins.injection_sql:hardcoded_sql_expressions
# bandit/plugins/injection_wildcard.py
linux_commands_wildcard_injection = bandit.plugins.injection_wildcard:linux_commands_wildcard_injection
# bandit/plugins/insecure_ssl_tls.py
ssl_with_bad_version = bandit.plugins.insecure_ssl_tls:ssl_with_bad_version
ssl_with_bad_defaults = bandit.plugins.insecure_ssl_tls:ssl_with_bad_defaults
ssl_with_no_version = bandit.plugins.insecure_ssl_tls:ssl_with_no_version
# bandit/plugins/jinja2_templates.py
jinja2_autoescape_false = bandit.plugins.jinja2_templates:jinja2_autoescape_false
# bandit/plugins/mako_templates.py
use_of_mako_templates = bandit.plugins.mako_templates:use_of_mako_templates
# bandit/plugins/secret_config_options.py
password_config_option_not_marked_secret = bandit.plugins.secret_config_option:password_config_option_not_marked_secret
# bandit/plugins/try_except_pass.py
try_except_pass = bandit.plugins.try_except_pass:try_except_pass
# bandit/plugins/weak_cryptographic_key.py
weak_cryptographic_key = bandit.plugins.weak_cryptographic_key:weak_cryptographic_key
# bandit/plugins/yaml_load.py
yaml_load = bandit.plugins.yaml_load:yaml_load
[files]
data_files =
bandit =
etc/bandit/ = bandit/config/bandit.yaml
share/bandit/wordlist/ = wordlist/default-passwords
[build_sphinx]
all_files = 1
build-dir = doc/build
source-dir = doc/source
[pbr]
autodoc_tree_index_modules = True
[wheel]
universal = 1
View Git Blame Copy Permalink