..
assert.py
Adding a check for the use of Assert
2015-05-06 14:06:44 +01:00
binding.py
First test targeting Str nodes (binding to all interfaces)
2014-08-14 15:46:50 -07:00
cipher-modes.py
Check for insecure cipher modes
2015-10-08 23:16:38 -07:00
ciphers.py
Add known weak ciphers to blacklisted calls
2015-09-04 13:09:27 -07:00
crypto-md5.py
Add other known weak MD hash modules
2015-08-09 02:43:37 -07:00
eval.py
Update the config file, and use yaml.safe_load()
2015-03-12 17:11:46 -05:00
exec-as-root.py
Add ceilometer to rootwrap check
2015-02-26 10:19:26 -08:00
exec-py2.py
Clean up tests and examples for Python 3.4
2015-06-03 16:47:25 -05:00
exec-py3.py
Clean up tests and examples for Python 3.4
2015-06-03 16:47:25 -05:00
flask_debug.py
Add check for Flask app debug=True usage
2015-10-13 13:56:35 -04:00
hardcoded-passwords.py
Fixing bug when encountering tuple params
2015-11-11 11:32:46 +00:00
hardcoded-tmp.py
Making the /tmp file test more accurate
2015-10-07 15:51:28 +02:00
httplib_https.py
blacklist_calls: add Python3 and six versions of some functions
2015-11-06 18:04:44 +01:00
httpoxy_cgihandler.py
Add check for httpoxy vulnerability
2016-07-31 21:25:47 -07:00
httpoxy_twisted_directory.py
Add check for httpoxy vulnerability
2016-07-31 21:25:47 -07:00
httpoxy_twisted_script.py
Add check for httpoxy vulnerability
2016-07-31 21:25:47 -07:00
imports-aliases.py
Adding a test for partial paths in exec functions
2015-07-02 19:20:16 +01:00
imports-from.py
Fix relative imports and error handling
2014-07-17 11:52:33 -07:00
imports-function.py
Fixing a bug and cleaning up in blacklisting code
2016-01-21 15:29:21 +00:00
imports.py
initial commit
2014-07-16 10:27:50 -07:00
input.py
Adding "input()" to the blacklist calls list
2016-09-20 11:19:43 +01:00
jinja2_templating.py
Update jinja2 plugin to be more accurate
2015-02-23 17:42:58 -08:00
mako_templating.py
Add mako templating plugin and XSS profile
2015-03-05 08:44:09 -08:00
marshal_deserialize.py
Update example files to work on Python 2 & 3
2015-06-03 16:28:36 +00:00
mktemp.py
Support dynamic loading of tests
2014-07-17 11:23:57 -07:00
multiline_statement.py
Making the /tmp file test more accurate
2015-10-07 15:51:28 +02:00
new_candidates-all.py
Functional tests for baseline comparisons
2016-02-19 12:15:25 -06:00
new_candidates-none.py
Additional baseline candidate test coverage
2016-02-25 10:43:26 -06:00
new_candidates-nosec.py
Additional baseline candidate test coverage
2016-02-25 10:43:26 -06:00
new_candidates-some.py
Additional baseline candidate test coverage
2016-02-25 10:43:26 -06:00
nonsense.py
Add support for skipping files
2014-07-17 12:10:18 -07:00
nonsense2.py
Catch general exception on per-file basis
2016-04-13 09:39:21 -07:00
nosec.py
Allow precise #nosec placement
2016-01-08 10:06:22 +11:00
okay.py
Rework case where no findings are found
2014-07-25 11:20:20 -07:00
os-chmod-py2.py
bad_file_permissions check: Use correct filename
2015-09-04 14:58:49 -07:00
os-chmod-py3.py
Clean up tests and examples for Python 3.4
2015-06-03 16:47:25 -05:00
os-exec.py
Modify call_bad_names test to use regex and add to blacklist
2014-07-25 11:10:03 -07:00
os-popen.py
os.system et al. all spawn a shell so we should use the same logic
2015-11-11 14:29:17 +00:00
os-spawn.py
Modify call_bad_names test to use regex and add to blacklist
2014-07-25 11:10:03 -07:00
os-startfile.py
Adding a test for partial paths in exec functions
2015-07-02 19:20:16 +01:00
os_system.py
Adding a test for partial paths in exec functions
2015-07-02 19:20:16 +01:00
paramiko_injection.py
Some spelling error need to be fixed
2016-08-04 05:31:32 +00:00
partial_path_process.py
Adding a test for partial paths in exec functions
2015-07-02 19:20:16 +01:00
pickle_deserialize.py
Update example files to work on Python 2 & 3
2015-06-03 16:28:36 +00:00
popen_wrappers.py
Adding a test for partial paths in exec functions
2015-07-02 19:20:16 +01:00
random_module.py
Fixing up random to be less noisy
2015-07-16 10:26:31 +01:00
requests-ssl-verify-disabled.py
Added missing HTTP verbs to the requests checks
2015-10-30 15:02:08 +09:00
secret-config-option.py
Some spelling error need to be fixed
2016-08-04 05:31:32 +00:00
skip.py
Adding a test for partial paths in exec functions
2015-07-02 19:20:16 +01:00
sql_statements.py
Bug fix for SQL tests
2015-08-03 14:03:57 +01:00
ssl-insecure-version.py
Remove the check for PROTOCOL_SSLv23
2015-02-12 11:33:26 -06:00
subprocess_shell.py
Test for bug 1513091
2015-11-05 16:47:51 +11:00
telnetlib.py
Introduce wildcards to blacklist_calls plugin
2015-09-03 10:46:57 -07:00
try_except_continue.py
Added try_except_continue plugin
2016-03-24 12:09:12 -05:00
try_except_pass.py
Adding test for Try, Except, Pass
2015-07-14 13:12:01 +01:00
urlopen.py
Some spelling error need to be fixed
2016-08-04 05:31:32 +00:00
utils-shell.py
Adding a test for partial paths in exec functions
2015-07-02 19:20:16 +01:00
weak_cryptographic_key_sizes.py
Skip key checks where size is not constant
2016-08-15 16:43:13 +10:00
wildcard-injection.py
Adding a test for partial paths in exec functions
2015-07-02 19:20:16 +01:00
xml_etree_celementtree.py
Update example files to work on Python 2 & 3
2015-06-03 16:28:36 +00:00
xml_etree_elementtree.py
Update example files to work on Python 2 & 3
2015-06-03 16:28:36 +00:00
xml_expatbuilder.py
Add XML vulnerability checking
2015-04-24 09:58:26 -07:00
xml_expatreader.py
Add XML vulnerability checking
2015-04-24 09:58:26 -07:00
xml_lxml.py
Add XML vulnerability checking
2015-04-24 09:58:26 -07:00
xml_minidom.py
Update example files to work on Python 2 & 3
2015-06-03 16:28:36 +00:00
xml_pulldom.py
Update example files to work on Python 2 & 3
2015-06-03 16:28:36 +00:00
xml_sax.py
Update example files to work on Python 2 & 3
2015-06-03 16:28:36 +00:00
xml_xmlrpc.py
Update example files to work on Python 2 & 3
2015-06-03 16:28:36 +00:00
yaml_load.py
Use qualname list to avoid false positive on load()
2016-10-06 16:18:07 -04:00
e98515faf0