| blob | 33966c9ac3231601087ec0923c52325d2a4d05d3 |
2 ### Bandit config file generated from:
3 # 'PIPENV_VENV_IN_PROJECT=true pipenv run bandit-config-generator -o ../bandit.yaml'
5 ### This config may optionally select a subset of tests to run or skip by
6 ### filling out the 'tests' and 'skips' lists given below. If no tests are
7 ### specified for inclusion then it is assumed all tests are desired. The skips
8 ### set will remove specific tests from the include set. This can be controlled
9 ### using the -t/-s CLI options. Note that the same test ID should not appear
10 ### in both 'tests' and 'skips', this would be nonsensical and is detected by
11 ### Bandit at runtime.
13 # Available tests:
14 # B101 : assert_used
15 # B102 : exec_used
16 # B103 : set_bad_file_permissions
17 # B104 : hardcoded_bind_all_interfaces
18 # B105 : hardcoded_password_string
19 # B106 : hardcoded_password_funcarg
20 # B107 : hardcoded_password_default
21 # B108 : hardcoded_tmp_directory
22 # B110 : try_except_pass
23 # B112 : try_except_continue
24 # B201 : flask_debug_true
25 # B301 : pickle
26 # B302 : marshal
27 # B303 : md5
28 # B304 : ciphers
29 # B305 : cipher_modes
30 # B306 : mktemp_q
31 # B307 : eval
32 # B308 : mark_safe
33 # B309 : httpsconnection
34 # B310 : urllib_urlopen
35 # B311 : random
36 # B312 : telnetlib
37 # B313 : xml_bad_cElementTree
38 # B314 : xml_bad_ElementTree
39 # B315 : xml_bad_expatreader
40 # B316 : xml_bad_expatbuilder
41 # B317 : xml_bad_sax
42 # B318 : xml_bad_minidom
43 # B319 : xml_bad_pulldom
44 # B320 : xml_bad_etree
45 # B321 : ftplib
46 # B322 : input
47 # B323 : unverified_context
48 # B324 : hashlib_new_insecure_functions
49 # B325 : tempnam
50 # B401 : import_telnetlib
51 # B402 : import_ftplib
52 # B403 : import_pickle
53 # B404 : import_subprocess
54 # B405 : import_xml_etree
55 # B406 : import_xml_sax
56 # B407 : import_xml_expat
57 # B408 : import_xml_minidom
58 # B409 : import_xml_pulldom
59 # B410 : import_lxml
60 # B411 : import_xmlrpclib
61 # B412 : import_httpoxy
62 # B413 : import_pycrypto
63 # B414 : import_pycryptodome
64 # B501 : request_with_no_cert_validation
65 # B502 : ssl_with_bad_version
66 # B503 : ssl_with_bad_defaults
67 # B504 : ssl_with_no_version
68 # B505 : weak_cryptographic_key
69 # B506 : yaml_load
70 # B507 : ssh_no_host_key_verification
71 # B601 : paramiko_calls
72 # B602 : subprocess_popen_with_shell_equals_true
73 # B603 : subprocess_without_shell_equals_true
74 # B604 : any_other_function_with_shell_equals_true
75 # B605 : start_process_with_a_shell
76 # B606 : start_process_with_no_shell
77 # B607 : start_process_with_partial_path
78 # B608 : hardcoded_sql_expressions
79 # B609 : linux_commands_wildcard_injection
80 # B610 : django_extra_used
81 # B611 : django_rawsql_used
82 # B701 : jinja2_autoescape_false
83 # B702 : use_of_mako_templates
84 # B703 : django_mark_safe
86 # (optional) list included test IDs here, eg '[B101, B406]':
87 tests:
89 # (optional) list skipped test IDs here, eg '[B101, B406]':
90 skips:
91 # NOTE: We have to work around a highly obscure effect: If you add any of
92 # those test below (md5, ciphers, import_pycryptodome), Bandit's runtime goes
93 # up by a factor of 15! Strangely enough, using the tests separately is no
94 # problem at all, so there must be some unlucky interaction between some
95 # tests. :-/ We should investigate this further at some point...
96 - B303
97 - B304
98 - B414
100 ### (optional) plugin settings - some test plugins require configuration data
101 ### that may be given here, per-plugin. All bandit test plugins have a built in
102 ### set of sensible defaults and these will be used if no configuration is
103 ### provided. It is not necessary to provide settings for every (or any) plugin
104 ### if the defaults are acceptable.
106 any_other_function_with_shell_equals_true:
107 no_shell:
108 - os.execl
109 - os.execle
110 - os.execlp
111 - os.execlpe
112 - os.execv
113 - os.execve
114 - os.execvp
115 - os.execvpe
116 - os.spawnl
117 - os.spawnle
118 - os.spawnlp
119 - os.spawnlpe
120 - os.spawnv
121 - os.spawnve
122 - os.spawnvp
123 - os.spawnvpe
124 - os.startfile
125 shell:
126 - os.system
127 - os.popen
128 - os.popen2
129 - os.popen3
130 - os.popen4
131 - popen2.popen2
132 - popen2.popen3
133 - popen2.popen4
134 - popen2.Popen3
135 - popen2.Popen4
136 - commands.getoutput
137 - commands.getstatusoutput
138 subprocess:
139 - subprocess.Popen
140 - subprocess.call
141 - subprocess.check_call
142 - subprocess.check_output
143 - subprocess.run
144 hardcoded_tmp_directory:
145 tmp_dirs:
146 - /tmp
147 - /var/tmp
148 - /dev/shm
149 linux_commands_wildcard_injection:
150 no_shell:
151 - os.execl
152 - os.execle
153 - os.execlp
154 - os.execlpe
155 - os.execv
156 - os.execve
157 - os.execvp
158 - os.execvpe
159 - os.spawnl
160 - os.spawnle
161 - os.spawnlp
162 - os.spawnlpe
163 - os.spawnv
164 - os.spawnve
165 - os.spawnvp
166 - os.spawnvpe
167 - os.startfile
168 shell:
169 - os.system
170 - os.popen
171 - os.popen2
172 - os.popen3
173 - os.popen4
174 - popen2.popen2
175 - popen2.popen3
176 - popen2.popen4
177 - popen2.Popen3
178 - popen2.Popen4
179 - commands.getoutput
180 - commands.getstatusoutput
181 subprocess:
182 - subprocess.Popen
183 - subprocess.call
184 - subprocess.check_call
185 - subprocess.check_output
186 - subprocess.run
187 ssl_with_bad_defaults:
188 bad_protocol_versions:
189 - PROTOCOL_SSLv2
190 - SSLv2_METHOD
191 - SSLv23_METHOD
192 - PROTOCOL_SSLv3
193 - PROTOCOL_TLSv1
194 - SSLv3_METHOD
195 - TLSv1_METHOD
196 ssl_with_bad_version:
197 bad_protocol_versions:
198 - PROTOCOL_SSLv2
199 - SSLv2_METHOD
200 - SSLv23_METHOD
201 - PROTOCOL_SSLv3
202 - PROTOCOL_TLSv1
203 - SSLv3_METHOD
204 - TLSv1_METHOD
205 start_process_with_a_shell:
206 no_shell:
207 - os.execl
208 - os.execle
209 - os.execlp
210 - os.execlpe
211 - os.execv
212 - os.execve
213 - os.execvp
214 - os.execvpe
215 - os.spawnl
216 - os.spawnle
217 - os.spawnlp
218 - os.spawnlpe
219 - os.spawnv
220 - os.spawnve
221 - os.spawnvp
222 - os.spawnvpe
223 - os.startfile
224 shell:
225 - os.system
226 - os.popen
227 - os.popen2
228 - os.popen3
229 - os.popen4
230 - popen2.popen2
231 - popen2.popen3
232 - popen2.popen4
233 - popen2.Popen3
234 - popen2.Popen4
235 - commands.getoutput
236 - commands.getstatusoutput
237 subprocess:
238 - subprocess.Popen
239 - subprocess.call
240 - subprocess.check_call
241 - subprocess.check_output
242 - subprocess.run
243 start_process_with_no_shell:
244 no_shell:
245 - os.execl
246 - os.execle
247 - os.execlp
248 - os.execlpe
249 - os.execv
250 - os.execve
251 - os.execvp
252 - os.execvpe
253 - os.spawnl
254 - os.spawnle
255 - os.spawnlp
256 - os.spawnlpe
257 - os.spawnv
258 - os.spawnve
259 - os.spawnvp
260 - os.spawnvpe
261 - os.startfile
262 shell:
263 - os.system
264 - os.popen
265 - os.popen2
266 - os.popen3
267 - os.popen4
268 - popen2.popen2
269 - popen2.popen3
270 - popen2.popen4
271 - popen2.Popen3
272 - popen2.Popen4
273 - commands.getoutput
274 - commands.getstatusoutput
275 subprocess:
276 - subprocess.Popen
277 - subprocess.call
278 - subprocess.check_call
279 - subprocess.check_output
280 - subprocess.run
281 start_process_with_partial_path:
282 no_shell:
283 - os.execl
284 - os.execle
285 - os.execlp
286 - os.execlpe
287 - os.execv
288 - os.execve
289 - os.execvp
290 - os.execvpe
291 - os.spawnl
292 - os.spawnle
293 - os.spawnlp
294 - os.spawnlpe
295 - os.spawnv
296 - os.spawnve
297 - os.spawnvp
298 - os.spawnvpe
299 - os.startfile
300 shell:
301 - os.system
302 - os.popen
303 - os.popen2
304 - os.popen3
305 - os.popen4
306 - popen2.popen2
307 - popen2.popen3
308 - popen2.popen4
309 - popen2.Popen3
310 - popen2.Popen4
311 - commands.getoutput
312 - commands.getstatusoutput
313 subprocess:
314 - subprocess.Popen
315 - subprocess.call
316 - subprocess.check_call
317 - subprocess.check_output
318 - subprocess.run
319 subprocess_popen_with_shell_equals_true:
320 no_shell:
321 - os.execl
322 - os.execle
323 - os.execlp
324 - os.execlpe
325 - os.execv
326 - os.execve
327 - os.execvp
328 - os.execvpe
329 - os.spawnl
330 - os.spawnle
331 - os.spawnlp
332 - os.spawnlpe
333 - os.spawnv
334 - os.spawnve
335 - os.spawnvp
336 - os.spawnvpe
337 - os.startfile
338 shell:
339 - os.system
340 - os.popen
341 - os.popen2
342 - os.popen3
343 - os.popen4
344 - popen2.popen2
345 - popen2.popen3
346 - popen2.popen4
347 - popen2.Popen3
348 - popen2.Popen4
349 - commands.getoutput
350 - commands.getstatusoutput
351 subprocess:
352 - subprocess.Popen
353 - subprocess.call
354 - subprocess.check_call
355 - subprocess.check_output
356 - subprocess.run
357 subprocess_without_shell_equals_true:
358 no_shell:
359 - os.execl
360 - os.execle
361 - os.execlp
362 - os.execlpe
363 - os.execv
364 - os.execve
365 - os.execvp
366 - os.execvpe
367 - os.spawnl
368 - os.spawnle
369 - os.spawnlp
370 - os.spawnlpe
371 - os.spawnv
372 - os.spawnve
373 - os.spawnvp
374 - os.spawnvpe
375 - os.startfile
376 shell:
377 - os.system
378 - os.popen
379 - os.popen2
380 - os.popen3
381 - os.popen4
382 - popen2.popen2
383 - popen2.popen3
384 - popen2.popen4
385 - popen2.Popen3
386 - popen2.Popen4
387 - commands.getoutput
388 - commands.getstatusoutput
389 subprocess:
390 - subprocess.Popen
391 - subprocess.call
392 - subprocess.check_call
393 - subprocess.check_output
394 - subprocess.run
395 try_except_continue:
396 check_typed_exception: false
397 try_except_pass:
398 check_typed_exception: false
399 weak_cryptographic_key:
400 weak_key_size_dsa_high: 1024
401 weak_key_size_dsa_medium: 2048
402 weak_key_size_ec_high: 160
403 weak_key_size_ec_medium: 224
404 weak_key_size_rsa_high: 1024
405 weak_key_size_rsa_medium: 2048