./security/py-bandit, Security oriented static analyser for Python code

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.7.10, Package name: py312-bandit-1.7.10, Maintainer: pkgsrc-users

Bandit is a tool designed to find common security issues in Python code. To do
this Bandit processes each file, builds an AST from it, and runs appropriate
plugins against the AST nodes. Once Bandit has finished scanning all the files
it generates a report.


Master sites:

Filesize: 4129.434 KB

Version history: (Expand)


CVS history: (Expand)


   2024-03-09 07:56:18 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-bandit: updated to 1.7.8

1.7.8

* Add a SARIF output formatter
* [B605] Add functions that are vulnerable to shell injection.
* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0
* filter data is safe for tarfile extractall
* Use datetime to avoid updating copyright year
* Add 1.7.7 to versions of bug template
* Bump sigstore/cosign-installer from 3.3.0 to 3.4.0
* Utilize PyPI's trusted publishing
* Incorrect tag naming in readme
   2024-02-14 04:37:57 by David H. Gutteridge | Files touched by this commit (1)
Log message:
py-bandit: py-setuptools is also a tool dependency (fix builds)
   2024-01-24 07:50:34 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-bandit: updated to 1.7.7

1.7.7

* Downsize the org:repo name
* Remove markdown formatting in reStructuredText formatted README
* Introduce Official Bandit Images
* Bump actions/dependency-review-action from 3 to 4
* Rework GitPython dependency to be an extra for bandit-baseline
* Prepend ./ for files specified as CLI args
* Add random.randbytes to blacklist calls
* Fix up issues found running Bandit on itself
* Create a security policy
* Add tidelift to the sponsor funding list
* defusedxml: Show correct module name
* Flag str.replace as possible sql injection
* Handle variant in how policy is passed in paramiko
* Bump actions/setup-python from 4 to 5
* Add the new release to bandit versions of bug template
   2023-12-17 09:36:01 by Thomas Klausner | Files touched by this commit (1)
Log message:
py-bandit: add missing tool
   2023-12-11 18:18:36 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-bandit: updated to 1.7.6

1.7.6

* Fixes for sphinx build
* refactor: remove \`importlib-metadata\` fallback
* Fix crash on pyproject.toml without bandit config
* Add official support of Python 3.12
* Use mirror repository for black pre-commit hook
* fix(plugins/B507): also detect class instances
* Fix for ReadtheDocs build
* Bump actions/checkout from 3 to 4
* Fix dependabot to update github actions
* Support ignoring blacklists by name
* Update blacklist call documentation
* Avoid gitpyhon CVE-2022-24439
* django\_rawsql\_used: support keyword arguments used in \`RawSQL\`
* Simplify \`wrap\_file\_object\`
* Update asserts.py documentation
* Remove support for Python 3.7 due to end-of-life
* Make pre-commit run Bandit hook using a single process
* Switch from open collective to PSF
* Replace pbr in favor of importlib
* Add a copy button to all code snippets in docs
* Add \`random.Random\` to B311 checks
* Update pre-commit hooks
* Update versions of used GitHub Actions
* Skip unnecessary \`pip install\` commands in the pythonpackage.yml workflow
* Switch to tox 4
* Adds check for crypt module usage as weak hash
* language and linting updates
* xmlrpclib replaced with xmlrpc in Python3
* Improper detection of non-requests module
* Remove checks for Python2 urllib
* Render Python 3.10 in drop down correctly
* Update bug report to include version 1.7.5
   2023-11-07 23:38:10 by Thomas Klausner | Files touched by this commit (112)
Log message:
*: latest py-sphinx only support Python 3.9+
   2023-03-29 12:47:50 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-bandit: updated to 1.7.5

1.7.5
-----

* Added a bit more \`project\_urls\`
* Check for github action updates monthly
* Improve handling nosec for multi-line strings
* Improve detecting SQL injections in f-strings
* Correct build status badge in README
* Fix breaking build due to new tox
* DOC: Add explanation on how to use pre-commit with config file
* Add official Python 3.11 support
* remove py2 exec example in docs
* Typo fix
* [docs] Mention \`exclude\_dirs\` option available in TOML and YAML
* Fix AttributeError on detect of tuple assign condition
* Fix json and yaml formatters to respect num lines
* Fixup some invalid pickle testing
* Pass correct number of arguments to match the \`%s\` placeholders.
* Remove python 2 reference in docs
* Fix filename of B202 in docs
* weak\_cryptographic\_key assumes positional arg
* Check for deprecated TLS 1.1
* Adding tarfile.extractall() plugin with examples
* Fix issue: jinja2 template select\_autoescape when using jinja2.select\_autoescape
* Fix a false positive condition yaml\_load
* Add case for global exec
* Docs for request without timeout has dead link
* Blacklist pandas read\_pickle and add functional test for it
* Enhancement Proposal: Plugin "assert\_used" config-skip snippet
* Add end\_col\_offset if available
* Fix reading the number argument from config file
* add jsonpickle deserialization blacklist
* Add some missing curve types
* Remove invalid checking on hashlib
* Avoid redundant message if debug on
* Update version of dependency-review-action
* Add releases link in "Version control integration"
* Add another bad example of yaml load
* Specify semver range for Python 3.11
* Make small fixes in docs
* Test plugin listing incorrectly pointing b612 to plugin ref of b1022
* Close the <b> tag in HTML formatter
* Add dependency review action
* Update action versions in Actions workflows
* Add Discord link to README
* Add myself to sponsor list
* Test against Python 3.11
* Corrected documentation on configuration
* Remove redundant pip line
* Removal of ghugo
* Adding logging.config.listen() plugin with examples
* Add a Discord link to the docs
* Add request for feedback via 👍
* Remove redundant word Bandit in titles of sections
* Add license and contributing links to docs
* Fix for build breaks in format job
* add check for "requests" calls without timeout
* Fix up B109 and B111 removed plugins docs
* Replace \`toml\` with \`tomli\`
* Make use of rich for the progress bar
* Add doc for hashlib plugin
* Add the httpx module check for verify
* Indiciate hash type in message
* Remove blacklist call check for os.tempnam
* Removal of blacklist call B309 httpsconnection
* Add classifier to indicate Py3 only
* Fix line range using Python 3.8 end\_lineno
* Group location line with code output
* Use a constant for weak hashes
* Bad link to screen shot
* Add an example screen shot of Bandit to README
   2023-03-01 19:20:23 by Adam Ciarcinski | Files touched by this commit (5)
Log message:
py-bandit: added version 1.7.4

Bandit is a tool designed to find common security issues in Python code. To do
this Bandit processes each file, builds an AST from it, and runs appropriate
plugins against the AST nodes. Once Bandit has finished scanning all the files
it generates a report.