openstack
/
bandit
Code Issues Proposed changes
bandit/examples
History
Rajath Agasthya 8f1b50b5cc Do not flag new way of escaping in jinja2 plugin 
Makes escaping using select_autoescape function valid by checking
for ast.Call instance and if func id == select_autoescape.

Example:

from jinja2 import Environment, select_autoescape
env = Environment(autoescape=select_autoescape(['html', 'htm', 'xml']),
                    loader=PackageLoader('mypackage'))

Change-Id: I47c6b346332a6d9f7c4c57dd45ab7636c78996a1
Closes-Bug: #1684249
 		2017-08-02 15:54:56 -07:00
..
assert.py Adding a check for the use of Assert 2015-05-06 14:06:44 +01:00
binding.py First test targeting Str nodes (binding to all interfaces) 2014-08-14 15:46:50 -07:00
cipher-modes.py Check for insecure cipher modes 2015-10-08 23:16:38 -07:00
ciphers.py Add Cryptodome to blacklist and weak ciphers/hash 2017-01-12 23:53:24 -08:00
crypto-md5.py Add Cryptodome to blacklist and weak ciphers/hash 2017-01-12 23:53:24 -08:00
eval.py Update the config file, and use yaml.safe_load() 2015-03-12 17:11:46 -05:00
exec-as-root.py Add ceilometer to rootwrap check 2015-02-26 10:19:26 -08:00
exec-py2.py Clean up tests and examples for Python 3.4 2015-06-03 16:47:25 -05:00
exec-py3.py Clean up tests and examples for Python 3.4 2015-06-03 16:47:25 -05:00
flask_debug.py Add check for Flask app debug=True usage 2015-10-13 13:56:35 -04:00
ftplib.py Add functional tests for B308, B321, and B402 2016-12-19 09:41:12 -08:00
hardcoded-passwords.py Refactor check_example to be clearer on error 2017-02-23 19:01:46 -08:00
hardcoded-tmp.py Making the /tmp file test more accurate 2015-10-07 15:51:28 +02:00
httplib_https.py blacklist_calls: add Python3 and six versions of some functions 2015-11-06 18:04:44 +01:00
httpoxy_cgihandler.py Add check for httpoxy vulnerability 2016-07-31 21:25:47 -07:00
httpoxy_twisted_directory.py Add check for httpoxy vulnerability 2016-07-31 21:25:47 -07:00
httpoxy_twisted_script.py Add check for httpoxy vulnerability 2016-07-31 21:25:47 -07:00
imports-aliases.py Adding a test for partial paths in exec functions 2015-07-02 19:20:16 +01:00
imports-from.py Fix relative imports and error handling 2014-07-17 11:52:33 -07:00
imports-function.py Fixing a bug and cleaning up in blacklisting code 2016-01-21 15:29:21 +00:00
imports.py initial commit 2014-07-16 10:27:50 -07:00
input.py Adding "input()" to the blacklist calls list 2016-09-20 11:19:43 +01:00
jinja2_templating.py Do not flag new way of escaping in jinja2 plugin 2017-08-02 15:54:56 -07:00
mako_templating.py Add mako templating plugin and XSS profile 2015-03-05 08:44:09 -08:00
mark_safe.py Add functional tests for B308, B321, and B402 2016-12-19 09:41:12 -08:00
marshal_deserialize.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
mktemp.py Support dynamic loading of tests 2014-07-17 11:23:57 -07:00
multiline_statement.py Making the /tmp file test more accurate 2015-10-07 15:51:28 +02:00
new_candidates-all.py Functional tests for baseline comparisons 2016-02-19 12:15:25 -06:00
new_candidates-none.py Additional baseline candidate test coverage 2016-02-25 10:43:26 -06:00
new_candidates-nosec.py Additional baseline candidate test coverage 2016-02-25 10:43:26 -06:00
new_candidates-some.py Additional baseline candidate test coverage 2016-02-25 10:43:26 -06:00
nonsense.py Add support for skipping files 2014-07-17 12:10:18 -07:00
nonsense2.py Catch general exception on per-file basis 2016-04-13 09:39:21 -07:00
nosec.py Allow precise #nosec placement 2016-01-08 10:06:22 +11:00
okay.py Rework case where no findings are found 2014-07-25 11:20:20 -07:00
os-chmod-py2.py bad_file_permissions check: Use correct filename 2015-09-04 14:58:49 -07:00
os-chmod-py3.py Clean up tests and examples for Python 3.4 2015-06-03 16:47:25 -05:00
os-exec.py Modify call_bad_names test to use regex and add to blacklist 2014-07-25 11:10:03 -07:00
os-popen.py os.system et al. all spawn a shell so we should use the same logic 2015-11-11 14:29:17 +00:00
os-spawn.py Modify call_bad_names test to use regex and add to blacklist 2014-07-25 11:10:03 -07:00
os-startfile.py Adding a test for partial paths in exec functions 2015-07-02 19:20:16 +01:00
os_system.py Adding a test for partial paths in exec functions 2015-07-02 19:20:16 +01:00
paramiko_injection.py Some spelling error need to be fixed 2016-08-04 05:31:32 +00:00
partial_path_process.py Fixing partial path detection for Windows 2016-12-20 09:57:33 -08:00
pickle_deserialize.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
popen_wrappers.py Adding a test for partial paths in exec functions 2015-07-02 19:20:16 +01:00
random_module.py Fixing up random to be less noisy 2015-07-16 10:26:31 +01:00
requests-ssl-verify-disabled.py Added missing HTTP verbs to the requests checks 2015-10-30 15:02:08 +09:00
secret-config-option.py Some spelling error need to be fixed 2016-08-04 05:31:32 +00:00
skip.py Adding a test for partial paths in exec functions 2015-07-02 19:20:16 +01:00
sql_statements.py Alter SQL injection plugin to consider .format strings 2017-01-22 13:59:24 +00:00
ssl-insecure-version.py Remove the check for PROTOCOL_SSLv23 2015-02-12 11:33:26 -06:00
subprocess_shell.py Remove checking for special characters in shells 2016-12-19 13:17:55 -08:00
telnetlib.py Introduce wildcards to blacklist_calls plugin 2015-09-03 10:46:57 -07:00
try_except_continue.py Added try_except_continue plugin 2016-03-24 12:09:12 -05:00
try_except_pass.py Adding test for Try, Except, Pass 2015-07-14 13:12:01 +01:00
unverified_context.py Blacklist call of ssl._create_unverified_context 2017-03-20 12:19:36 -07:00
urlopen.py Some spelling error need to be fixed 2016-08-04 05:31:32 +00:00
utils-shell.py Adding a test for partial paths in exec functions 2015-07-02 19:20:16 +01:00
weak_cryptographic_key_sizes.py Add Cryptodome to blacklist and weak ciphers/hash 2017-01-12 23:53:24 -08:00
wildcard-injection.py Adding a test for partial paths in exec functions 2015-07-02 19:20:16 +01:00
xml_etree_celementtree.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
xml_etree_elementtree.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
xml_expatbuilder.py Add XML vulnerability checking 2015-04-24 09:58:26 -07:00
xml_expatreader.py Add XML vulnerability checking 2015-04-24 09:58:26 -07:00
xml_lxml.py Add XML vulnerability checking 2015-04-24 09:58:26 -07:00
xml_minidom.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
xml_pulldom.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
xml_sax.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
xml_xmlrpc.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
yaml_load.py Use qualname list to avoid false positive on load() 2016-10-06 16:18:07 -04:00