Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feat] Ignore Bandit's random generators not suitable for security #3553

Closed
wenzeslaus opened this issue Apr 2, 2024 · 0 comments · Fixed by #3554
Closed

[Feat] Ignore Bandit's random generators not suitable for security #3553

wenzeslaus opened this issue Apr 2, 2024 · 0 comments · Fixed by #3554
Labels
CI Continuous integration enhancement New feature or request

Comments

@wenzeslaus
Copy link
Member

Bandit checks such as "Standard pseudo-random generators are not suitable for security/cryptographic purposes." should be ignored in the configuration because we are generating a lot of random numbers at different places for other than cryptographic purposes. Ignoring per line would not be practical. If we do cryptography on this level, that's a different problem (which may or may not be caught by this check). Overall, we can assume that all random numbers are used for other than cryptographic purposes.

Screenshot

Right now, the issue needs to be dismissed for every PR and even an existing dismissal does not apply when running Bandit locally.

Screenshot from 2024-04-02 14-36-14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CI Continuous integration enhancement New feature or request
Projects
None yet
Milestone
No milestone
2 participants
@wenzeslaus @echoix