Bringing the Sahara Bandit config current
There have been several changes in Bandit since the Sahara profile was implemented. This commit brings the Sahara config up to date by: - changing info to severity to low - adding a couple of plugin configs - currently unused It should be noted that upstream Bandit config has recently had some changes to make it more organized and readable. It's probably worth implementing a new profile for Sahara, based on upstream Bandit's example profile, soon. Change-Id: I37d62708282a4aa830d84e2a1749ac53d3923a0a
This commit is contained in:
parent
d479d2ece4
commit
2e3a28eeb5
12
bandit.yaml
12
bandit.yaml
@ -11,7 +11,7 @@ plugin_name_pattern: '*.py'
|
||||
#output_colors:
|
||||
# DEFAULT: '\033[0m'
|
||||
# HEADER: '\033[95m'
|
||||
# INFO: '\033[94m'
|
||||
# LOW: '\033[94m'
|
||||
# WARN: '\033[93m'
|
||||
# ERROR: '\033[91m'
|
||||
|
||||
@ -42,7 +42,7 @@ profiles:
|
||||
- jinja2_autoescape_false
|
||||
- use_of_mako_templates
|
||||
|
||||
blacklist_functions:
|
||||
blacklist_calls:
|
||||
bad_name_sets:
|
||||
- pickle:
|
||||
qualnames: [pickle.loads, pickle.load, pickle.Unpickler,
|
||||
@ -95,9 +95,12 @@ blacklist_imports:
|
||||
message: "Telnet is considered insecure. Use SSH or some other encrypted protocol."
|
||||
- info_libs:
|
||||
imports: [pickle, cPickle, subprocess, Crypto]
|
||||
level: INFO
|
||||
level: LOW
|
||||
message: "Consider possible security implications associated with {module} module."
|
||||
|
||||
hardcoded_tmp_directory:
|
||||
tmp_dirs: [/tmp, /var/tmp, /dev/shm]
|
||||
|
||||
hardcoded_password:
|
||||
word_list: "wordlist/default-passwords"
|
||||
|
||||
@ -123,3 +126,6 @@ execute_with_run_as_root_equals_true:
|
||||
- neutron.agent.linux.utils.execute
|
||||
- nova.utils.execute
|
||||
- nova.utils.trycmd
|
||||
|
||||
try_except_pass:
|
||||
check_typed_exception: True
|
||||
|
Loading…
Reference in New Issue
Block a user