93 lines
2.8 KiB
YAML
93 lines
2.8 KiB
YAML
### Bandit config file generated from:
|
|
# '/usr/local/bin/bandit-config-generator -o bandit.yaml'
|
|
|
|
### This config may optionally select a subset of tests to run or skip by
|
|
### filling out the 'tests' and 'skips' lists given below. If no tests are
|
|
### specified for inclusion then it is assumed all tests are desired. The skips
|
|
### set will remove specific tests from the include set. This can be controlled
|
|
### using the -t/-s CLI options. Note that the same test ID should not appear
|
|
### in both 'tests' and 'skips', this would be nonsensical and is detected by
|
|
### Bandit at runtime.
|
|
|
|
# Available tests:
|
|
# B101 : assert_used
|
|
# B102 : exec_used
|
|
# B103 : set_bad_file_permissions
|
|
# B104 : hardcoded_bind_all_interfaces
|
|
# B105 : hardcoded_password_string
|
|
# B106 : hardcoded_password_funcarg
|
|
# B107 : hardcoded_password_default
|
|
# B108 : hardcoded_tmp_directory
|
|
# B109 : password_config_option_not_marked_secret
|
|
# B110 : try_except_pass
|
|
# B111 : execute_with_run_as_root_equals_true
|
|
# B112 : try_except_continue
|
|
# B201 : flask_debug_true
|
|
# B301 : pickle
|
|
# B302 : marshal
|
|
# B303 : md5
|
|
# B304 : ciphers
|
|
# B305 : cipher_modes
|
|
# B306 : mktemp_q
|
|
# B307 : eval
|
|
# B308 : mark_safe
|
|
# B309 : httpsconnection
|
|
# B310 : urllib_urlopen
|
|
# B311 : random
|
|
# B312 : telnetlib
|
|
# B313 : xml_bad_cElementTree
|
|
# B314 : xml_bad_ElementTree
|
|
# B315 : xml_bad_expatreader
|
|
# B316 : xml_bad_expatbuilder
|
|
# B317 : xml_bad_sax
|
|
# B318 : xml_bad_minidom
|
|
# B319 : xml_bad_pulldom
|
|
# B320 : xml_bad_etree
|
|
# B321 : ftplib
|
|
# B322 : input
|
|
# B401 : import_telnetlib
|
|
# B402 : import_ftplib
|
|
# B403 : import_pickle
|
|
# B404 : import_subprocess
|
|
# B405 : import_xml_etree
|
|
# B406 : import_xml_sax
|
|
# B407 : import_xml_expat
|
|
# B408 : import_xml_minidom
|
|
# B409 : import_xml_pulldom
|
|
# B410 : import_lxml
|
|
# B411 : import_xmlrpclib
|
|
# B412 : import_httpoxy
|
|
# B501 : request_with_no_cert_validation
|
|
# B502 : ssl_with_bad_version
|
|
# B503 : ssl_with_bad_defaults
|
|
# B504 : ssl_with_no_version
|
|
# B505 : weak_cryptographic_key
|
|
# B506 : yaml_load
|
|
# B601 : paramiko_calls
|
|
# B602 : subprocess_popen_with_shell_equals_true
|
|
# B603 : subprocess_without_shell_equals_true
|
|
# B604 : any_other_function_with_shell_equals_true
|
|
# B605 : start_process_with_a_shell
|
|
# B606 : start_process_with_no_shell
|
|
# B607 : start_process_with_partial_path
|
|
# B608 : hardcoded_sql_expressions
|
|
# B609 : linux_commands_wildcard_injection
|
|
# B701 : jinja2_autoescape_false
|
|
# B702 : use_of_mako_templates
|
|
|
|
# (optional) list included test IDs here, eg '[B101, B406]':
|
|
tests:
|
|
|
|
# (optional) list skipped test IDs here, eg '[B101, B406]':
|
|
skips: [B101, B404, B603, B606]
|
|
|
|
# globs of files which should be analyzed
|
|
include:
|
|
- '*.py'
|
|
- '*.pyw'
|
|
|
|
# a list of strings, which if found in the path will cause files to be excluded
|
|
# for example /tests/ - will exclude all files in test folder.
|
|
exclude_dirs:
|
|
- '/tests/'
|