PyCQA/bandit issues and pull requests

#1093 - Fix up issues found running Bandit on itself

Pull Request - State: closed - Opened by ericwb 9 months ago

#1092 - # nosec with bandit ID doesn't work properly sometimes

Issue - State: open - Opened by ericwb 9 months ago - 4 comments
Labels: bug

#1091 - Create a security policy

Pull Request - State: closed - Opened by ericwb 9 months ago

#1090 - Use .gitignore as part of the excluded file list

Pull Request - State: open - Opened by ericwb 9 months ago - 9 comments

#1089 - Add tidelift to the sponsor funding list

Pull Request - State: closed - Opened by ericwb 9 months ago

#1088 - Introduce Official Bandit Images

Pull Request - State: closed - Opened by lukehinds 9 months ago - 5 comments

#1087 - Bandit container image.

Issue - State: closed - Opened by lukehinds 9 months ago
Labels: enhancement

#1086 - Document adding a job to GitLab CICD

Pull Request - State: open - Opened by Bengt 9 months ago

#1083 - One test fails

Issue - State: closed - Opened by yurivict 9 months ago - 2 comments
Labels: bug

#1082 - B411 error can't be resolved by the suggested change

Issue - State: open - Opened by kajinamit 9 months ago
Labels: bug

#1081 - defusedxml: Show correct module name

Pull Request - State: closed - Opened by kajinamit 9 months ago

#1080 - Fix defusedxml lib name typo

Pull Request - State: closed - Opened by tkopecek 10 months ago - 1 comment

#1079 - OSSFuzz Integration

Issue - State: closed - Opened by capuanob 10 months ago - 1 comment
Labels: enhancement

#1078 - Handle variant in how policy is passed in paramiko

Pull Request - State: closed - Opened by ericwb 10 months ago

#1077 - ssh_no_host_key_verification is failing on Python 3.12

Issue - State: closed - Opened by dolfinus 10 months ago
Labels: bug

#1076 - Bump actions/setup-python from 4 to 5

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies

#1075 - Add the new release to bandit versions of bug template

Pull Request - State: closed - Opened by ericwb 10 months ago

#1074 - B314 since Python 3.6 is not valid

Issue - State: open - Opened by CyberKatze 10 months ago - 5 comments
Labels: bug

#1073 - Fix crash on pyproject.toml without bandit config

Pull Request - State: closed - Opened by javajawa 10 months ago

#1072 - Add Trunk Check Instructions

Pull Request - State: closed - Opened by joshmarinacci 10 months ago - 2 comments

#1071 - Mark use of `PKCS1v15` for encryption and decryption a vulnerability

Issue - State: open - Opened by tomato42 11 months ago - 7 comments
Labels: enhancement

#1070 - Use mirror repository for black pre-commit hook

Pull Request - State: closed - Opened by mportesdev 11 months ago

#1068 - Add official support of Python 3.12

Pull Request - State: closed - Opened by ericwb 12 months ago - 4 comments

#1067 - Flag `markupsafe.Markup` on non-literal content

Issue - State: open - Opened by xmo-odoo 12 months ago - 5 comments
Labels: enhancement

#1066 - refactor: remove `importlib-metadata` fallback

Pull Request - State: closed - Opened by mkniewallner 12 months ago - 2 comments

#1064 - fix(plugins/B507): also detect class instances

Pull Request - State: closed - Opened by mkniewallner about 1 year ago

#1063 - Fixes for sphinx build

Pull Request - State: closed - Opened by ericwb about 1 year ago - 7 comments

#1062 - Issue: [B113:request_without_timeout]

Issue - State: closed - Opened by Rolstenhouse about 1 year ago - 1 comment
Labels: bug

#1061 - Fix for ReadtheDocs build

Pull Request - State: closed - Opened by ericwb about 1 year ago - 1 comment

#1060 - feat(plugins): add support for `httpx` in `B113`

Pull Request - State: closed - Opened by mkniewallner about 1 year ago

#1059 - Add support for `httpx` in `B113` (`request_without_timeout`)

Issue - State: closed - Opened by mkniewallner about 1 year ago
Labels: enhancement

#1058 - Bump actions/checkout from 3 to 4

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago
Labels: dependencies

#1057 - Fix dependabot to update github actions

Pull Request - State: closed - Opened by ericwb about 1 year ago

#1056 - Move .github/dependabot.yml to .github/workflows/dependabot.yml

Pull Request - State: closed - Opened by ericwb about 1 year ago - 4 comments

#1055 - dependabot.yml should be in .github/workflows

Issue - State: closed - Opened by ericwb about 1 year ago
Labels: bug

#1053 - Upgrade `actions/checkout`

Pull Request - State: closed - Opened by mportesdev about 1 year ago - 7 comments

#1052 - Support `configfile` in `.bandit` file

Pull Request - State: closed - Opened by bersbersbers about 1 year ago - 1 comment

#1051 - Update GitPython to mitigate vulnerability.

Pull Request - State: closed - Opened by rjdbcm about 1 year ago - 1 comment

#1050 - gitpython version <=3.1.32 has arbitrary code execution vulnerability (CVE-2023-40590)

Issue - State: closed - Opened by igirardi about 1 year ago - 2 comments
Labels: bug

#1049 - Avoid GitPython CVE-2023-40267

Pull Request - State: closed - Opened by tvalenta about 1 year ago - 6 comments

#1048 - Avoid gitpyhon CVE-2022-24439

Pull Request - State: closed - Opened by carlosduelo about 1 year ago - 4 comments

#1048 - Avoid gitpyhon CVE-2022-24439

Pull Request - State: closed - Opened by carlosduelo about 1 year ago

#1047 - Support multiple output formats

Issue - State: closed - Opened by srgoni about 1 year ago - 1 comment
Labels: enhancement

#1046 - Support ignoring blacklists by name

Pull Request - State: closed - Opened by costaparas about 1 year ago

#1045 - Update blacklist call documentation

Pull Request - State: closed - Opened by costaparas about 1 year ago

#1044 - Flag str.replace as possible sql injection

Pull Request - State: closed - Opened by costaparas about 1 year ago - 1 comment

#1043 - Add file permission check for pathlib chmod

Pull Request - State: open - Opened by costaparas about 1 year ago

#1042 - Account for pathlib chmod setting insecure permissions

Issue - State: open - Opened by costaparas about 1 year ago
Labels: enhancement

#1041 - False nosec encountered warning

Issue - State: open - Opened by costaparas about 1 year ago - 2 comments
Labels: bug

#1040 - Reports that contain Unicode will cause Bandit pre-commit hook to crash

Issue - State: open - Opened by Dantos7 about 1 year ago - 3 comments
Labels: bug

#1039 - Not installing Bandit using Python3.11

Issue - State: closed - Opened by pythonbyte about 1 year ago - 3 comments
Labels: bug

#1038 - Incorrect result for B202:tarfile_unsafe_members

Issue - State: open - Opened by behnazh-w about 1 year ago - 4 comments
Labels: bug

#1037 - Simplify `wrap_file_object`

Pull Request - State: closed - Opened by mportesdev about 1 year ago

#1036 - Update asserts.py documentation

Pull Request - State: closed - Opened by deronnax about 1 year ago

#1035 - -c setup.cfg error [config] ERROR expected '<document start>', but found '<scalar>'

Issue - State: open - Opened by Woocash7 about 1 year ago
Labels: bug

#1034 - Remove support for Python 3.7 due to end-of-life

Pull Request - State: closed - Opened by ericwb over 1 year ago

#1033 - #nosec directive not applied to entire expression split across multiple lines by Black formatter

Issue - State: open - Opened by pawin35 over 1 year ago
Labels: bug

#1032 - Unable to install Bandit with pre-commit

Issue - State: closed - Opened by jmgate over 1 year ago - 1 comment
Labels: bug

#1031 - Switch from open collective to PSF

Pull Request - State: closed - Opened by ericwb over 1 year ago

#1030 - Add a copy button to all code snippets in docs

Pull Request - State: closed - Opened by ericwb over 1 year ago

#1029 - Make pre-commit run Bandit hook using a single process

Pull Request - State: closed - Opened by Klavionik over 1 year ago

#1028 - fix: correct no-prefix no-suffix exclude for top-level dirs (#975)

Pull Request - State: open - Opened by b-kamphorst over 1 year ago - 2 comments

#1027 - Asking bandit to use `pyproject.toml` without a bandit config section causes exception

Issue - State: closed - Opened by apirogov over 1 year ago
Labels: bug

#1026 - Update pre-commit hooks

Pull Request - State: closed - Opened by mportesdev over 1 year ago

#1025 - Python 3.12 adds further protection for tarfile module

Issue - State: closed - Opened by ericwb over 1 year ago
Labels: enhancement

#1024 - Update versions of used GitHub Actions

Pull Request - State: closed - Opened by mportesdev over 1 year ago

#1023 - Docs request: B311 `random` suggesting fixes

Issue - State: closed - Opened by jamesbraza over 1 year ago - 1 comment
Labels: enhancement

#1021 - Skip unnecessary `pip install` commands in the pythonpackage.yml workflow

Pull Request - State: closed - Opened by mportesdev over 1 year ago - 1 comment

#1020 - Switch to tox 4

Pull Request - State: closed - Opened by mportesdev over 1 year ago

#1019 - Wrongly formatted json output

Issue - State: open - Opened by eyaranossian over 1 year ago - 1 comment
Labels: bug

#1018 - Adds check for crypt module usage as weak hash

Pull Request - State: closed - Opened by ericwb over 1 year ago

#1017 - Use of crypt should be flagged

Issue - State: closed - Opened by ericwb over 1 year ago
Labels: bug

#1016 - Replace pbr in favor of importlib

Pull Request - State: closed - Opened by ericwb over 1 year ago - 1 comment

#1015 - language and linting updates

Pull Request - State: closed - Opened by marksmayo over 1 year ago

#1014 - Mybranch

Pull Request - State: closed - Opened by Omarosman2000 over 1 year ago

#1013 - Add Additional testing on functionality of the Bandit tool #1005

Pull Request - State: closed - Opened by OClark23 over 1 year ago

#1012 - xmlrpclib replaced with xmlrpc in Python3

Pull Request - State: closed - Opened by ericwb over 1 year ago

#1011 - Improper detection of non-requests module

Pull Request - State: closed - Opened by ericwb over 1 year ago

#1010 - [B113:request_without_timeout]: False positive issue

Issue - State: closed - Opened by Niraj-Kamdar over 1 year ago - 2 comments
Labels: bug

#1009 - Extra spaces added by bandit.code.utils.concat_string

Issue - State: open - Opened by alistairwatts over 1 year ago - 6 comments
Labels: bug

#1008 - Extra results printed, when running bandit on file that doesnt exist

Issue - State: open - Opened by Stapes23 over 1 year ago
Labels: bug

#1007 - Add Additional testing on functionality of the Bandit tool #1005

Pull Request - State: closed - Opened by OClark23 over 1 year ago

#1006 - Add Additional testing on functionality of the Bandit tool #1005

Pull Request - State: closed - Opened by OClark23 over 1 year ago

#1005 - Add Additional testing on functionality of the Bandit tool

Issue - State: open - Opened by OClark23 over 1 year ago
Labels: enhancement

#1004 - Fix nosec for nested dicts

Pull Request - State: open - Opened by kfrydel over 1 year ago

#1003 - Using `# nosec BXXX` annotation in a nested dict causes "higher" annotations to be ignored

Issue - State: open - Opened by 0xDEC0DE over 1 year ago - 4 comments
Labels: bug

#1002 - Make use of rich for formatters

Issue - State: open - Opened by ericwb over 1 year ago - 1 comment
Labels: enhancement

#1001 - Suggest fixes for issues

Pull Request - State: open - Opened by ericwb over 1 year ago - 2 comments

#1000 - Broken JSON on standard output

Issue - State: open - Opened by muszalski over 1 year ago - 4 comments
Labels: bug

#999 - Remove checks for Python2 urllib

Pull Request - State: closed - Opened by ericwb over 1 year ago

#998 - urllib.urlopen does not exist in Python 3

Issue - State: closed - Opened by ericwb over 1 year ago
Labels: bug

#997 - Render Python 3.10 in drop down correctly

Pull Request - State: closed - Opened by ericwb over 1 year ago - 1 comment

#996 - Bandit 1.7.5 false positive for request_without_timeout (B113)

Issue - State: open - Opened by volans- over 1 year ago - 7 comments
Labels: bug

#995 - False positive / regression: [B314:blacklist] Using xml.etree.ElementTree.fromstring to parse untrusted XML - while defusedxml is used

Issue - State: open - Opened by Lucas-C over 1 year ago
Labels: bug

#994 - False positive: [B324:hashlib] Use of insecure MD5 hash function when usedforsecurity=False

Issue - State: closed - Opened by Lucas-C over 1 year ago - 1 comment
Labels: bug

#993 - Update bug report to include version 1.7.5

Pull Request - State: closed - Opened by ericwb over 1 year ago

#992 - Remove Python 3.7 support for EOL

Issue - State: closed - Opened by ericwb over 1 year ago - 2 comments
Labels: enhancement

#991 - Next Release

Issue - State: closed - Opened by rbebb over 1 year ago - 1 comment
Labels: enhancement

#989 - Check for github action updates monthly

Pull Request - State: closed - Opened by jlosito over 1 year ago

#988 - B410: import_lxml not ignorable by name

Issue - State: closed - Opened by tvuotila over 1 year ago - 2 comments
Labels: bug

GitHub / PyCQA/bandit issues and pull requests