openstack
/
bandit
Code Issues Proposed changes
bandit/examples
History
Tin Lam 90f031c973 Fix infinite loop issue 
Running bandit using relative paths inside a subdirectory when the current
directory contains __init__.py causes bandit to be stuck in an infinite
loop.

Co-Authored-By: Calvin Li
Closes-Bug: #1743042
Change-Id: I247108c1365847134ee561073ea0eb43c57b54cc
 		2018-02-01 13:10:16 -06:00
..
init-py-test Fix infinite loop issue 2018-02-01 13:10:16 -06:00
__init__.py Fix infinite loop issue 2018-02-01 13:10:16 -06:00
assert.py Adding a check for the use of Assert 2015-05-06 14:06:44 +01:00
binding.py First test targeting Str nodes (binding to all interfaces) 2014-08-14 15:46:50 -07:00
cipher-modes.py Check for insecure cipher modes 2015-10-08 23:16:38 -07:00
ciphers.py Add Cryptodome to blacklist and weak ciphers/hash 2017-01-12 23:53:24 -08:00
crypto-md5.py Add sha-1 to list of insecure hashes 2017-02-25 15:39:37 -08:00
eval.py Update the config file, and use yaml.safe_load() 2015-03-12 17:11:46 -05:00
exec-as-root.py Add ceilometer to rootwrap check 2015-02-26 10:19:26 -08:00
exec-py2.py Clean up tests and examples for Python 3.4 2015-06-03 16:47:25 -05:00
exec-py3.py Clean up tests and examples for Python 3.4 2015-06-03 16:47:25 -05:00
flask_debug.py Add check for Flask app debug=True usage 2015-10-13 13:56:35 -04:00
ftplib.py Add functional tests for B308, B321, and B402 2016-12-19 09:41:12 -08:00
hardcoded-passwords.py Refactor check_example to be clearer on error 2017-02-23 19:01:46 -08:00
hardcoded-tmp.py Making the /tmp file test more accurate 2015-10-07 15:51:28 +02:00
hashlib_new_insecure_functions.py Plugin to flag insecure hash functions created using hashlib.new() 2017-09-28 21:50:27 -07:00
httplib_https.py blacklist_calls: add Python3 and six versions of some functions 2015-11-06 18:04:44 +01:00
httpoxy_cgihandler.py Add check for httpoxy vulnerability 2016-07-31 21:25:47 -07:00
httpoxy_twisted_directory.py Add check for httpoxy vulnerability 2016-07-31 21:25:47 -07:00
httpoxy_twisted_script.py Add check for httpoxy vulnerability 2016-07-31 21:25:47 -07:00
imports-aliases.py Adding a test for partial paths in exec functions 2015-07-02 19:20:16 +01:00
imports-from.py Fix relative imports and error handling 2014-07-17 11:52:33 -07:00
imports-function.py [Trivialfix]Fix typos 2017-09-13 00:12:18 -07:00
imports-with-importlib.py Add module loaded through importlib 2017-12-28 04:12:35 -06:00
imports.py initial commit 2014-07-16 10:27:50 -07:00
input.py Adding "input()" to the blacklist calls list 2016-09-20 11:19:43 +01:00
jinja2_templating.py Do not flag new way of escaping in jinja2 plugin 2017-08-02 15:54:56 -07:00
mako_templating.py Add mako templating plugin and XSS profile 2015-03-05 08:44:09 -08:00
mark_safe.py Add functional tests for B308, B321, and B402 2016-12-19 09:41:12 -08:00
marshal_deserialize.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
mktemp.py Support dynamic loading of tests 2014-07-17 11:23:57 -07:00
multiline_statement.py Making the /tmp file test more accurate 2015-10-07 15:51:28 +02:00
new_candidates-all.py Functional tests for baseline comparisons 2016-02-19 12:15:25 -06:00
new_candidates-none.py Additional baseline candidate test coverage 2016-02-25 10:43:26 -06:00
new_candidates-nosec.py Additional baseline candidate test coverage 2016-02-25 10:43:26 -06:00
new_candidates-some.py Additional baseline candidate test coverage 2016-02-25 10:43:26 -06:00
nonsense.py Add support for skipping files 2014-07-17 12:10:18 -07:00
nonsense2.py Catch general exception on per-file basis 2016-04-13 09:39:21 -07:00
nosec.py Allow precise #nosec placement 2016-01-08 10:06:22 +11:00
okay.py Rework case where no findings are found 2014-07-25 11:20:20 -07:00
os-chmod-py2.py bad_file_permissions check: Use correct filename 2015-09-04 14:58:49 -07:00
os-chmod-py3.py Clean up tests and examples for Python 3.4 2015-06-03 16:47:25 -05:00
os-exec.py Modify call_bad_names test to use regex and add to blacklist 2014-07-25 11:10:03 -07:00
os-popen.py os.system et al. all spawn a shell so we should use the same logic 2015-11-11 14:29:17 +00:00
os-spawn.py Modify call_bad_names test to use regex and add to blacklist 2014-07-25 11:10:03 -07:00
os-startfile.py Adding a test for partial paths in exec functions 2015-07-02 19:20:16 +01:00
os_system.py Adding a test for partial paths in exec functions 2015-07-02 19:20:16 +01:00
paramiko_injection.py Some spelling error need to be fixed 2016-08-04 05:31:32 +00:00
partial_path_process.py Fixing partial path detection for Windows 2016-12-20 09:57:33 -08:00
pickle_deserialize.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
popen_wrappers.py Adding a test for partial paths in exec functions 2015-07-02 19:20:16 +01:00
random_module.py Fixing up random to be less noisy 2015-07-16 10:26:31 +01:00
requests-ssl-verify-disabled.py Added missing HTTP verbs to the requests checks 2015-10-30 15:02:08 +09:00
secret-config-option.py Some spelling error need to be fixed 2016-08-04 05:31:32 +00:00
skip.py Adding a test for partial paths in exec functions 2015-07-02 19:20:16 +01:00
sql_statements.py Alter SQL injection plugin to consider .format strings 2017-01-22 13:59:24 +00:00
ssl-insecure-version.py Remove the check for PROTOCOL_SSLv23 2015-02-12 11:33:26 -06:00
subprocess_shell.py Remove checking for special characters in shells 2016-12-19 13:17:55 -08:00
telnetlib.py Introduce wildcards to blacklist_calls plugin 2015-09-03 10:46:57 -07:00
try_except_continue.py Added try_except_continue plugin 2016-03-24 12:09:12 -05:00
try_except_pass.py Adding test for Try, Except, Pass 2015-07-14 13:12:01 +01:00
unverified_context.py Blacklist call of ssl._create_unverified_context 2017-03-20 12:19:36 -07:00
urlopen.py Some spelling error need to be fixed 2016-08-04 05:31:32 +00:00
utils-shell.py Adding a test for partial paths in exec functions 2015-07-02 19:20:16 +01:00
weak_cryptographic_key_sizes.py Add Cryptodome to blacklist and weak ciphers/hash 2017-01-12 23:53:24 -08:00
wildcard-injection.py Adding a test for partial paths in exec functions 2015-07-02 19:20:16 +01:00
xml_etree_celementtree.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
xml_etree_elementtree.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
xml_expatbuilder.py Add XML vulnerability checking 2015-04-24 09:58:26 -07:00
xml_expatreader.py Add XML vulnerability checking 2015-04-24 09:58:26 -07:00
xml_lxml.py Add XML vulnerability checking 2015-04-24 09:58:26 -07:00
xml_minidom.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
xml_pulldom.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
xml_sax.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
xml_xmlrpc.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
yaml_load.py Use qualname list to avoid false positive on load() 2016-10-06 16:18:07 -04:00