Skip to content

PyCQA/bandit

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
2 branches 40 tags
Code

Latest commit

@ericwb
ericwb Handle variant in how policy is passed in paramiko (#1078)
5ec806d Dec 13, 2023
Handle variant in how policy is passed in paramiko (#1078) 
Paramiko permits various ways of importing the missing host key
policy. It allows paramiko.client.AutoAddPolicy or paramiko.AutoAddPolicy.
The later isn't being handled in Bandit.

This change adds news tests and modifies the plugin to inspect the
AST to determine whether the argument is an Attribute, Name, or
Call.

Fixes #1077

Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
5ec806d

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github
Bump actions/setup-python from 4 to 5 (#1076)
December 11, 2023 08:01
bandit
Handle variant in how policy is passed in paramiko (#1078)
December 12, 2023 19:49
doc
Fixes for sphinx build (#1063)
December 8, 2023 17:18
examples
Handle variant in how policy is passed in paramiko (#1078)
December 12, 2023 19:49
logo
Redo logo on the README
March 13, 2019 22:10
scripts
Start using auto-formatters (#754)
January 22, 2022 11:38
tests
Handle variant in how policy is passed in paramiko (#1078)
December 12, 2023 19:49
.gitignore
Delete releasenotes directory (more openstack leftovers) (#786)
January 29, 2022 16:10
.pre-commit-config.yaml
Use mirror repository for black pre-commit hook (#1070)
October 25, 2023 17:45
.pre-commit-hooks.yaml
Make pre-commit run Bandit hook using a single process (#1029)
June 15, 2023 13:02
.readthedocs.yaml
Fixes for sphinx build (#1063)
December 8, 2023 17:18
.stestr.conf
Re-eanble functional tests as part of CI (#348)
August 6, 2018 10:22
CODE_OF_CONDUCT.md
Update CODE_OF_CONDUCT.md
March 21, 2020 20:08
CONTRIBUTING.md
Switch to tox 4 (#1020)
April 13, 2023 07:34
LICENSE
Start using auto-formatters (#754)
January 22, 2022 11:38
README.rst
Correct build status badge in README (#980)
February 10, 2023 19:07
bandit-terminal.png
Add an example screen shot of Bandit to README (#847)
March 5, 2022 08:19
pylintrc
language and linting updates (#1015)
April 5, 2023 20:34
requirements.txt
refactor: remove importlib-metadata fallback (#1066)
December 8, 2023 11:15
setup.cfg
Add official support of Python 3.12 (#1068)
November 10, 2023 10:12
setup.py
Remove support for Python 3.7 due to end-of-life (#1034)
June 29, 2023 10:01
test-requirements.txt
Replace toml with tomli (#829)
March 25, 2022 15:27
tox.ini
Fixes for sphinx build (#1063)
December 8, 2023 17:18
Overview Show Your Style References

README.rst

Bandit

Build Status Docs Status Latest Version Python Versions Format License Discord

A security linter from PyCQA

Overview

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.

Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA.

Bandit Example Screen Shot

Show Your Style

Security Status

Use our badge in your project's README!

using Markdown:

[![security: bandit](https://img.shields.io/badge/security-bandit-yellow.svg)](https://github.com/PyCQA/bandit)

using RST:

.. image:: https://img.shields.io/badge/security-bandit-yellow.svg
    :target: https://github.com/PyCQA/bandit
    :alt: Security Status

References

Python AST module documentation: https://docs.python.org/3/library/ast.html

Green Tree Snakes - the missing Python AST docs: https://greentreesnakes.readthedocs.org/en/latest/

Documentation of the various types of AST nodes that Bandit currently covers or could be extended to cover: https://greentreesnakes.readthedocs.org/en/latest/nodes.html

About

Bandit is a tool designed to find common security issues in Python code.

bandit.readthedocs.io

Topics

python security static-code-analysis linter security-scanner security-tools bandit

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity

Stars

5.7k stars

Watchers

67 watching

Forks

560 forks
Report repository

Releases 13

1.7.6 Latest
Dec 9, 2023
+ 12 releases

Sponsor this project

  •  
Learn more about GitHub Sponsors

Used by 44k

  • @tinovyatkin
  • @patrick-pc
  • @mohankumar003-1
  • @ObelusFamily
  • @ObelusFamily
  • @kaiqui
  • @willson810
  • @michalrudypl
+ 44,020

Contributors 135

+ 121 contributors

Languages