Pytorch fix (#1231)

* Fix pytorch weights check

* B614: Fix PyTorch plugin to handle weights_only parameter correctly

The PyTorch plugin (B614) has been updated to properly handle the weights_only
parameter in torch.load calls. When weights_only=True is specified, PyTorch will
only deserialize known safe types, making the operation more secure.

I also removed torch.save as there is no certain insecure element as
such, saving any file or artifact requires consideration of what it is
you are saving.

Changes:
- Update plugin to only check torch.load calls (not torch.save)
- Fix weights_only check to handle both string and boolean True values
- Remove map_location check as it doesn't affect security
- Update example file to demonstrate both safe and unsafe cases
- Update plugin documentation to mention weights_only as a safe alternative

The plugin now correctly identifies unsafe torch.load calls while allowing safe
usage with weights_only=True to pass without warning.

Fixes: #1224

* Fix  E501 line too long

* Rename files to new test scope

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* Update doc/source/plugins/b614_pytorch_load.rst

Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>

* Update pytorch_load.py

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>

Revert "Start testing with 3.14 alphas" (#1217)

Revert "Start testing with 3.14 alphas (#1189)"

This reverts commit 13d3406.

Clarify "getting started" docs (#963)

* Clarify "getting started" docs

This makes it clearer that you don't need to use both virtualenv and venv at the same time

* Update doc/source/start.rst

---------

Co-authored-by: Luke Hinds <7058938+lukehinds@users.noreply.github.com>
Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>

Remove more leftover OpenStack references (#1195)

The tox.ini still had some test environments specifically for
testing within OpenStack. This is no longer needed. Also no
longer necessary is stestr configuration that used OpenStack
variables.

Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>

Pytorch Load / Save Plugin (#1114)

* Pytorch Load / Save Plugin

This plugin checks for the use of `torch.load` and `torch.save`.
Using `torch.load` with untrusted data can lead to arbitrary code
execution, and improper use of `torch.save` might expose sensitive
data or lead to data corruption.

Signed-off-by: Luke Hinds <luke@stacklok.com>

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* Add missing save check

Signed-off-by: Luke Hinds <luke@stacklok.com>

* Review fixes from 8b92a02

Signed-off-by: Luke Hinds <luke@stacklok.com>

* Fix tox issues

Signed-off-by: Luke Hinds <luke@stacklok.com>

* Review fixes

Signed-off-by: Luke Hinds <luke@stacklok.com>

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* Update test_functional.py

* Update bandit/plugins/pytorch_load_save.py

Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>

* Update bandit/plugins/pytorch_load_save.py

Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>

* Update doc/source/plugins/b704_pytorch_load_save.rst

Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>

* Update bandit/plugins/pytorch_load_save.py

Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>

---------

Signed-off-by: Luke Hinds <luke@stacklok.com>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>

Support `configfile` in `.bandit` file (#1052)

* Support `(--)config` in `.bandit` file

* Use `configfile` instead of `config`

---------

Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>

Add a SARIF output formatter (#1113)

This commit adds a formatter that outputs JSON in a specific
SARIF format according to spec at [1].

This code is largely leveraged from an existing implementation
found here [2].

SARIF format is very useful for integration into ecosystems such
as GitHub's Actions.

[1] https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html
[2] https://github.com/microsoft/bandit-sarif-formatter

Closes #646

Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>

Downsize the org:repo name (#1104)

Currently we fail with:

`ERROR: invalid tag "ghcr.io/PyCQA/bandit/bandit:latest": repository name
must be lowercase`

This is from the capitalized org name: PyCQA

This change lowercases the entire string

Fixes for sphinx build (#1063)

* Switch to sphinx-build

The build_sphinx command has long since replaced with
sphinx-build.

* Update requirements.txt

* Update requirements.txt

* Update conf.py

* Update conf.py

* Update conf.py

* Update conf.py

* Update __init__.py

* Update __init__.py

* Update __init__.py

* Update __init__.py

* Update __init__.py

* Update conf.py

* Update conf.py

* Update conf.py

* Update __init__.py

* Update __init__.py

* Update __init__.py

* Update __init__.py

* Update __init__.py

* Update __init__.py

* Update .readthedocs.yaml

* Update .readthedocs.yaml

* Update __init__.py

* Update __init__.py

* Update __init__.py

* Update __init__.py

* Update .readthedocs.yaml

* Update __init__.py

* Update .readthedocs.yaml

Added a bit more `project_urls` (#985)