64 lines
1.7 KiB
YAML
64 lines
1.7 KiB
YAML
# Bandit security scanning configuration
|
|
exclude_dirs: ['tests', 'venv', '.venv', 'migrations']
|
|
skips: ['B101', 'B601'] # Skip specific test IDs if needed
|
|
|
|
# Test configuration
|
|
tests:
|
|
- B101: assert_used
|
|
- B102: exec_used
|
|
- B103: set_bad_file_permissions
|
|
- B104: hardcoded_bind_all_interfaces
|
|
- B105: hardcoded_password_string
|
|
- B106: hardcoded_password_funcarg
|
|
- B107: hardcoded_password_default
|
|
- B110: try_except_pass
|
|
- B112: try_except_continue
|
|
- B201: flask_debug_true
|
|
- B301: pickle
|
|
- B302: marshal
|
|
- B303: md5
|
|
- B304: md5_insecure
|
|
- B305: sha1
|
|
- B306: mktemp_q
|
|
- B307: eval
|
|
- B308: mark_safe
|
|
- B309: httpsconnection
|
|
- B310: urllib_urlopen
|
|
- B311: random
|
|
- B312: telnetlib
|
|
- B313: xml_bad_cElementTree
|
|
- B314: xml_bad_ElementTree
|
|
- B315: xml_bad_expatreader
|
|
- B316: xml_bad_expatbuilder
|
|
- B317: xml_bad_sax
|
|
- B318: xml_bad_minidom
|
|
- B319: xml_bad_pulldom
|
|
- B320: xml_bad_etree
|
|
- B321: ftplib
|
|
- B322: input
|
|
- B323: unverified_context
|
|
- B324: hashlib_new_insecure_functions
|
|
- B325: tempnam
|
|
- B401: import_telnetlib
|
|
- B402: import_ftplib
|
|
- B403: import_pickle
|
|
- B404: import_subprocess
|
|
- B405: import_xml_etree
|
|
- B406: import_xml_sax
|
|
- B407: import_xml_expat
|
|
- B408: import_xml_minidom
|
|
- B409: import_xml_pulldom
|
|
- B410: import_lxml
|
|
- B411: import_xmlrpclib
|
|
- B412: import_httpoxy
|
|
- B413: import_pycrypto
|
|
- B501: request_with_no_cert_validation
|
|
- B601: paramiko_calls
|
|
- B602: subprocess_popen_with_shell_equals_true
|
|
- B603: subprocess_without_shell_equals_true
|
|
- B604: any_other_function_with_shell_equals_true
|
|
- B605: start_process_with_a_shell
|
|
- B606: start_process_with_no_shell
|
|
- B607: start_process_with_partial_path
|
|
- B701: jinja2_autoescape_false
|