Bringing the Sahara Bandit config current
There have been several changes in Bandit since the Sahara profile was implemented. This commit brings the Sahara config up to date by: - changing info to severity to low - adding a couple of plugin configs - currently unused It should be noted that upstream Bandit config has recently had some changes to make it more organized and readable. It's probably worth implementing a new profile for Sahara, based on upstream Bandit's example profile, soon. Change-Id: I37d62708282a4aa830d84e2a1749ac53d3923a0a
This commit is contained in:
parent
d479d2ece4
commit
2e3a28eeb5
12
bandit.yaml
12
bandit.yaml
@ -11,7 +11,7 @@ plugin_name_pattern: '*.py'
|
|||||||
#output_colors:
|
#output_colors:
|
||||||
# DEFAULT: '\033[0m'
|
# DEFAULT: '\033[0m'
|
||||||
# HEADER: '\033[95m'
|
# HEADER: '\033[95m'
|
||||||
# INFO: '\033[94m'
|
# LOW: '\033[94m'
|
||||||
# WARN: '\033[93m'
|
# WARN: '\033[93m'
|
||||||
# ERROR: '\033[91m'
|
# ERROR: '\033[91m'
|
||||||
|
|
||||||
@ -42,7 +42,7 @@ profiles:
|
|||||||
- jinja2_autoescape_false
|
- jinja2_autoescape_false
|
||||||
- use_of_mako_templates
|
- use_of_mako_templates
|
||||||
|
|
||||||
blacklist_functions:
|
blacklist_calls:
|
||||||
bad_name_sets:
|
bad_name_sets:
|
||||||
- pickle:
|
- pickle:
|
||||||
qualnames: [pickle.loads, pickle.load, pickle.Unpickler,
|
qualnames: [pickle.loads, pickle.load, pickle.Unpickler,
|
||||||
@ -95,9 +95,12 @@ blacklist_imports:
|
|||||||
message: "Telnet is considered insecure. Use SSH or some other encrypted protocol."
|
message: "Telnet is considered insecure. Use SSH or some other encrypted protocol."
|
||||||
- info_libs:
|
- info_libs:
|
||||||
imports: [pickle, cPickle, subprocess, Crypto]
|
imports: [pickle, cPickle, subprocess, Crypto]
|
||||||
level: INFO
|
level: LOW
|
||||||
message: "Consider possible security implications associated with {module} module."
|
message: "Consider possible security implications associated with {module} module."
|
||||||
|
|
||||||
|
hardcoded_tmp_directory:
|
||||||
|
tmp_dirs: [/tmp, /var/tmp, /dev/shm]
|
||||||
|
|
||||||
hardcoded_password:
|
hardcoded_password:
|
||||||
word_list: "wordlist/default-passwords"
|
word_list: "wordlist/default-passwords"
|
||||||
|
|
||||||
@ -123,3 +126,6 @@ execute_with_run_as_root_equals_true:
|
|||||||
- neutron.agent.linux.utils.execute
|
- neutron.agent.linux.utils.execute
|
||||||
- nova.utils.execute
|
- nova.utils.execute
|
||||||
- nova.utils.trycmd
|
- nova.utils.trycmd
|
||||||
|
|
||||||
|
try_except_pass:
|
||||||
|
check_typed_exception: True
|
||||||
|
Loading…
Reference in New Issue
Block a user