Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / PyCQA/bandit issues and pull requests
#1093 - Fix up issues found running Bandit on itself
Pull Request -
State: closed - Opened by ericwb 9 months ago
#1092 - # nosec with bandit ID doesn't work properly sometimes
Issue -
State: open - Opened by ericwb 9 months ago
- 4 comments
Labels: bug
#1091 - Create a security policy
Pull Request -
State: closed - Opened by ericwb 9 months ago
#1090 - Use .gitignore as part of the excluded file list
Pull Request -
State: open - Opened by ericwb 9 months ago
- 9 comments
#1089 - Add tidelift to the sponsor funding list
Pull Request -
State: closed - Opened by ericwb 9 months ago
#1088 - Introduce Official Bandit Images
Pull Request -
State: closed - Opened by lukehinds 9 months ago
- 5 comments
#1087 - Bandit container image.
Issue -
State: closed - Opened by lukehinds 9 months ago
Labels: enhancement
#1086 - Document adding a job to GitLab CICD
Pull Request -
State: open - Opened by Bengt 9 months ago
#1083 - One test fails
Issue -
State: closed - Opened by yurivict 9 months ago
- 2 comments
Labels: bug
#1082 - B411 error can't be resolved by the suggested change
Issue -
State: open - Opened by kajinamit 9 months ago
Labels: bug
#1081 - defusedxml: Show correct module name
Pull Request -
State: closed - Opened by kajinamit 9 months ago
#1080 - Fix defusedxml lib name typo
Pull Request -
State: closed - Opened by tkopecek 10 months ago
- 1 comment
#1079 - OSSFuzz Integration
Issue -
State: closed - Opened by capuanob 10 months ago
- 1 comment
Labels: enhancement
#1078 - Handle variant in how policy is passed in paramiko
Pull Request -
State: closed - Opened by ericwb 10 months ago
#1077 - ssh_no_host_key_verification is failing on Python 3.12
Issue -
State: closed - Opened by dolfinus 10 months ago
Labels: bug
#1076 - Bump actions/setup-python from 4 to 5
Pull Request -
State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies
#1075 - Add the new release to bandit versions of bug template
Pull Request -
State: closed - Opened by ericwb 10 months ago
#1074 - B314 since Python 3.6 is not valid
Issue -
State: open - Opened by CyberKatze 10 months ago
- 5 comments
Labels: bug
#1073 - Fix crash on pyproject.toml without bandit config
Pull Request -
State: closed - Opened by javajawa 10 months ago
#1072 - Add Trunk Check Instructions
Pull Request -
State: closed - Opened by joshmarinacci 10 months ago
- 2 comments
#1071 - Mark use of `PKCS1v15` for encryption and decryption a vulnerability
Issue -
State: open - Opened by tomato42 11 months ago
- 7 comments
Labels: enhancement
#1070 - Use mirror repository for black pre-commit hook
Pull Request -
State: closed - Opened by mportesdev 11 months ago
#1068 - Add official support of Python 3.12
Pull Request -
State: closed - Opened by ericwb 12 months ago
- 4 comments
#1067 - Flag `markupsafe.Markup` on non-literal content
Issue -
State: open - Opened by xmo-odoo 12 months ago
- 5 comments
Labels: enhancement
#1066 - refactor: remove `importlib-metadata` fallback
Pull Request -
State: closed - Opened by mkniewallner 12 months ago
- 2 comments
#1064 - fix(plugins/B507): also detect class instances
Pull Request -
State: closed - Opened by mkniewallner about 1 year ago
#1063 - Fixes for sphinx build
Pull Request -
State: closed - Opened by ericwb about 1 year ago
- 7 comments
#1062 - Issue: [B113:request_without_timeout]
Issue -
State: closed - Opened by Rolstenhouse about 1 year ago
- 1 comment
Labels: bug
#1061 - Fix for ReadtheDocs build
Pull Request -
State: closed - Opened by ericwb about 1 year ago
- 1 comment
#1060 - feat(plugins): add support for `httpx` in `B113`
Pull Request -
State: closed - Opened by mkniewallner about 1 year ago
#1059 - Add support for `httpx` in `B113` (`request_without_timeout`)
Issue -
State: closed - Opened by mkniewallner about 1 year ago
Labels: enhancement
#1058 - Bump actions/checkout from 3 to 4
Pull Request -
State: closed - Opened by dependabot[bot] about 1 year ago
Labels: dependencies
#1057 - Fix dependabot to update github actions
Pull Request -
State: closed - Opened by ericwb about 1 year ago
#1056 - Move .github/dependabot.yml to .github/workflows/dependabot.yml
Pull Request -
State: closed - Opened by ericwb about 1 year ago
- 4 comments
#1055 - dependabot.yml should be in .github/workflows
Issue -
State: closed - Opened by ericwb about 1 year ago
Labels: bug
#1053 - Upgrade `actions/checkout`
Pull Request -
State: closed - Opened by mportesdev about 1 year ago
- 7 comments
#1052 - Support `configfile` in `.bandit` file
Pull Request -
State: closed - Opened by bersbersbers about 1 year ago
- 1 comment
#1051 - Update GitPython to mitigate vulnerability.
Pull Request -
State: closed - Opened by rjdbcm about 1 year ago
- 1 comment
#1050 - gitpython version <=3.1.32 has arbitrary code execution vulnerability (CVE-2023-40590)
Issue -
State: closed - Opened by igirardi about 1 year ago
- 2 comments
Labels: bug
#1049 - Avoid GitPython CVE-2023-40267
Pull Request -
State: closed - Opened by tvalenta about 1 year ago
- 6 comments
#1048 - Avoid gitpyhon CVE-2022-24439
Pull Request -
State: closed - Opened by carlosduelo about 1 year ago
- 4 comments
#1048 - Avoid gitpyhon CVE-2022-24439
Pull Request -
State: closed - Opened by carlosduelo about 1 year ago
#1047 - Support multiple output formats
Issue -
State: closed - Opened by srgoni about 1 year ago
- 1 comment
Labels: enhancement
#1046 - Support ignoring blacklists by name
Pull Request -
State: closed - Opened by costaparas about 1 year ago
#1045 - Update blacklist call documentation
Pull Request -
State: closed - Opened by costaparas about 1 year ago
#1044 - Flag str.replace as possible sql injection
Pull Request -
State: closed - Opened by costaparas about 1 year ago
- 1 comment
#1043 - Add file permission check for pathlib chmod
Pull Request -
State: open - Opened by costaparas about 1 year ago
#1042 - Account for pathlib chmod setting insecure permissions
Issue -
State: open - Opened by costaparas about 1 year ago
Labels: enhancement
#1041 - False nosec encountered warning
Issue -
State: open - Opened by costaparas about 1 year ago
- 2 comments
Labels: bug
#1040 - Reports that contain Unicode will cause Bandit pre-commit hook to crash
Issue -
State: open - Opened by Dantos7 about 1 year ago
- 3 comments
Labels: bug
#1039 - Not installing Bandit using Python3.11
Issue -
State: closed - Opened by pythonbyte about 1 year ago
- 3 comments
Labels: bug
#1038 - Incorrect result for B202:tarfile_unsafe_members
Issue -
State: open - Opened by behnazh-w about 1 year ago
- 4 comments
Labels: bug
#1037 - Simplify `wrap_file_object`
Pull Request -
State: closed - Opened by mportesdev about 1 year ago
#1036 - Update asserts.py documentation
Pull Request -
State: closed - Opened by deronnax about 1 year ago
#1035 - -c setup.cfg error [config] ERROR expected '<document start>', but found '<scalar>'
Issue -
State: open - Opened by Woocash7 about 1 year ago
Labels: bug
#1034 - Remove support for Python 3.7 due to end-of-life
Pull Request -
State: closed - Opened by ericwb over 1 year ago
#1033 - #nosec directive not applied to entire expression split across multiple lines by Black formatter
Issue -
State: open - Opened by pawin35 over 1 year ago
Labels: bug
#1032 - Unable to install Bandit with pre-commit
Issue -
State: closed - Opened by jmgate over 1 year ago
- 1 comment
Labels: bug
#1031 - Switch from open collective to PSF
Pull Request -
State: closed - Opened by ericwb over 1 year ago
#1030 - Add a copy button to all code snippets in docs
Pull Request -
State: closed - Opened by ericwb over 1 year ago
#1029 - Make pre-commit run Bandit hook using a single process
Pull Request -
State: closed - Opened by Klavionik over 1 year ago
#1028 - fix: correct no-prefix no-suffix exclude for top-level dirs (#975)
Pull Request -
State: open - Opened by b-kamphorst over 1 year ago
- 2 comments
#1027 - Asking bandit to use `pyproject.toml` without a bandit config section causes exception
Issue -
State: closed - Opened by apirogov over 1 year ago
Labels: bug
#1026 - Update pre-commit hooks
Pull Request -
State: closed - Opened by mportesdev over 1 year ago
#1025 - Python 3.12 adds further protection for tarfile module
Issue -
State: closed - Opened by ericwb over 1 year ago
Labels: enhancement
#1024 - Update versions of used GitHub Actions
Pull Request -
State: closed - Opened by mportesdev over 1 year ago
#1023 - Docs request: B311 `random` suggesting fixes
Issue -
State: closed - Opened by jamesbraza over 1 year ago
- 1 comment
Labels: enhancement
#1021 - Skip unnecessary `pip install` commands in the pythonpackage.yml workflow
Pull Request -
State: closed - Opened by mportesdev over 1 year ago
- 1 comment
#1020 - Switch to tox 4
Pull Request -
State: closed - Opened by mportesdev over 1 year ago
#1019 - Wrongly formatted json output
Issue -
State: open - Opened by eyaranossian over 1 year ago
- 1 comment
Labels: bug
#1018 - Adds check for crypt module usage as weak hash
Pull Request -
State: closed - Opened by ericwb over 1 year ago
#1017 - Use of crypt should be flagged
Issue -
State: closed - Opened by ericwb over 1 year ago
Labels: bug
#1016 - Replace pbr in favor of importlib
Pull Request -
State: closed - Opened by ericwb over 1 year ago
- 1 comment
#1015 - language and linting updates
Pull Request -
State: closed - Opened by marksmayo over 1 year ago
#1014 - Mybranch
Pull Request -
State: closed - Opened by Omarosman2000 over 1 year ago
#1013 - Add Additional testing on functionality of the Bandit tool #1005
Pull Request -
State: closed - Opened by OClark23 over 1 year ago
#1012 - xmlrpclib replaced with xmlrpc in Python3
Pull Request -
State: closed - Opened by ericwb over 1 year ago
#1011 - Improper detection of non-requests module
Pull Request -
State: closed - Opened by ericwb over 1 year ago
#1010 - [B113:request_without_timeout]: False positive issue
Issue -
State: closed - Opened by Niraj-Kamdar over 1 year ago
- 2 comments
Labels: bug
#1009 - Extra spaces added by bandit.code.utils.concat_string
Issue -
State: open - Opened by alistairwatts over 1 year ago
- 6 comments
Labels: bug
#1008 - Extra results printed, when running bandit on file that doesnt exist
Issue -
State: open - Opened by Stapes23 over 1 year ago
Labels: bug
#1007 - Add Additional testing on functionality of the Bandit tool #1005
Pull Request -
State: closed - Opened by OClark23 over 1 year ago
#1006 - Add Additional testing on functionality of the Bandit tool #1005
Pull Request -
State: closed - Opened by OClark23 over 1 year ago
#1005 - Add Additional testing on functionality of the Bandit tool
Issue -
State: open - Opened by OClark23 over 1 year ago
Labels: enhancement
#1004 - Fix nosec for nested dicts
Pull Request -
State: open - Opened by kfrydel over 1 year ago
#1003 - Using `# nosec BXXX` annotation in a nested dict causes "higher" annotations to be ignored
Issue -
State: open - Opened by 0xDEC0DE over 1 year ago
- 4 comments
Labels: bug
#1002 - Make use of rich for formatters
Issue -
State: open - Opened by ericwb over 1 year ago
- 1 comment
Labels: enhancement
#1001 - Suggest fixes for issues
Pull Request -
State: open - Opened by ericwb over 1 year ago
- 2 comments
#1000 - Broken JSON on standard output
Issue -
State: open - Opened by muszalski over 1 year ago
- 4 comments
Labels: bug
#999 - Remove checks for Python2 urllib
Pull Request -
State: closed - Opened by ericwb over 1 year ago
#998 - urllib.urlopen does not exist in Python 3
Issue -
State: closed - Opened by ericwb over 1 year ago
Labels: bug
#997 - Render Python 3.10 in drop down correctly
Pull Request -
State: closed - Opened by ericwb over 1 year ago
- 1 comment
#996 - Bandit 1.7.5 false positive for request_without_timeout (B113)
Issue -
State: open - Opened by volans- over 1 year ago
- 7 comments
Labels: bug
#995 - False positive / regression: [B314:blacklist] Using xml.etree.ElementTree.fromstring to parse untrusted XML - while defusedxml is used
Issue -
State: open - Opened by Lucas-C over 1 year ago
Labels: bug
#994 - False positive: [B324:hashlib] Use of insecure MD5 hash function when usedforsecurity=False
Issue -
State: closed - Opened by Lucas-C over 1 year ago
- 1 comment
Labels: bug
#993 - Update bug report to include version 1.7.5
Pull Request -
State: closed - Opened by ericwb over 1 year ago
#992 - Remove Python 3.7 support for EOL
Issue -
State: closed - Opened by ericwb over 1 year ago
- 2 comments
Labels: enhancement
#991 - Next Release
Issue -
State: closed - Opened by rbebb over 1 year ago
- 1 comment
Labels: enhancement
#989 - Check for github action updates monthly
Pull Request -
State: closed - Opened by jlosito over 1 year ago
#988 - B410: import_lxml not ignorable by name
Issue -
State: closed - Opened by tvuotila over 1 year ago
- 2 comments
Labels: bug