PyCQA/bandit issues and pull requests

#987 - False positive for B105 / Possible hardcoded password

Issue - State: open - Opened by linusjf over 1 year ago - 3 comments
Labels: bug

#986 - Move the metadata into `pyproject.toml`.

Pull Request - State: closed - Opened by KOLANICH over 1 year ago - 1 comment

#985 - Added a bit more `project_urls`

Pull Request - State: closed - Opened by KOLANICH over 1 year ago

#984 - S608: false positive SQL injection detected

Issue - State: open - Opened by spaceone over 1 year ago - 4 comments
Labels: enhancement

#983 - Fix breaking build due to new tox

Pull Request - State: closed - Opened by ericwb over 1 year ago

#982 - Add the ability to skip files and directories to other tests

Issue - State: open - Opened by simple-nathan over 1 year ago
Labels: enhancement

#981 - Correct passenv in tox

Pull Request - State: closed - Opened by gliptak over 1 year ago - 5 comments

#980 - Correct build status badge in README

Pull Request - State: closed - Opened by gliptak over 1 year ago

#979 - Update config.rst pre-commit section to new format

Pull Request - State: closed - Opened by Jaciss over 1 year ago - 1 comment

#977 - some SQL injections not detected

Issue - State: open - Opened by lightsgoout almost 2 years ago - 2 comments
Labels: bug

#976 - Make GitPython dependency optional?

Issue - State: closed - Opened by bachya almost 2 years ago - 3 comments
Labels: bug

#975 - Exclusion filter not working correctly with relative paths

Issue - State: open - Opened by kenahoo almost 2 years ago
Labels: bug

#974 - Got error: IndexError: list index out of range

Issue - State: closed - Opened by goto110 almost 2 years ago - 2 comments
Labels: bug

#973 - New `exclude_regex` Filter to Address False Positives on Password Tests

Issue - State: open - Opened by comc almost 2 years ago
Labels: enhancement

#971 - gitpython version 3.1.29 has a RCE vulnerability (CVE-2022-24439)

Issue - State: closed - Opened by CrypticGuru almost 2 years ago - 3 comments
Labels: bug

#970 - Match sql strings from the beginning to avoid FPs

Pull Request - State: closed - Opened by tushar-deepsource almost 2 years ago - 2 comments

#969 - Merge pull request #1 from PyCQA/master

Pull Request - State: closed - Opened by metalcode03 almost 2 years ago

#968 - DOC: Add explanation on how to use pre-commit with config file

Pull Request - State: closed - Opened by phofl almost 2 years ago

#966 - Unable to exclude directories when running the CLI

Issue - State: open - Opened by mpas almost 2 years ago - 2 comments
Labels: bug

#964 - Add official Python 3.11 support

Pull Request - State: closed - Opened by ericwb almost 2 years ago - 3 comments

#963 - Clarify "getting started" docs

Pull Request - State: open - Opened by Flimm almost 2 years ago

#962 - Allow using test_name in custom formatter

Issue - State: open - Opened by krishan711 almost 2 years ago
Labels: enhancement

#961 - UnicodeError Parsing TOML

Issue - State: closed - Opened by adam-grant-hendry almost 2 years ago - 2 comments
Labels: bug

#960 - Bandit with python 3.6 cannot be installed

Issue - State: closed - Opened by AbdealiLoKo almost 2 years ago - 1 comment
Labels: bug

#959 - Add explicit pbr requirement

Pull Request - State: closed - Opened by mikelolasagasti almost 2 years ago - 6 comments

#956 - Tests do not load on Python 3.7 with `importlib-metadata` 5.0.0 and `stevedore` 3.5.1

Issue - State: closed - Opened by mcdonnnj almost 2 years ago - 10 comments
Labels: bug

#953 - Bandit throwing error on Python 3.7

Issue - State: closed - Opened by muaz-jasman almost 2 years ago - 3 comments
Labels: bug

#952 - Set constraint for importlib-metadata

Pull Request - State: closed - Opened by mportesdev almost 2 years ago - 5 comments

#951 - Bandit broken via `stevedore` dependency with `importlib-metadata>=5`.

Issue - State: closed - Opened by emcd almost 2 years ago - 9 comments
Labels: bug

#949 - Create SECURITY.md

Issue - State: closed - Opened by benharvie about 2 years ago - 1 comment

#948 - Bandit should deprecate xml.etree use

Issue - State: closed - Opened by clavedeluna about 2 years ago
Labels: bug

#947 - remove py2 exec example in docs

Pull Request - State: closed - Opened by clavedeluna about 2 years ago

#946 - Resolve #714

Pull Request - State: closed - Opened by meuzgebre about 2 years ago - 2 comments

#944 - Make -c support ini as well.

Pull Request - State: open - Opened by CTimmerman about 2 years ago - 3 comments

#942 - Erroneous "no test failure on line" warning from plugin alert nosec?

Issue - State: open - Opened by fiendish about 2 years ago - 3 comments
Labels: bug

#941 - * bandit/cli/main.py: Set log level to ERROR if -q option is passed.

Pull Request - State: open - Opened by bje- about 2 years ago - 4 comments

#940 - Add `random.Random` to B311 checks

Pull Request - State: closed - Opened by shiftinv about 2 years ago - 1 comment

#936 - general_bad_file_permission only works for mode as int

Issue - State: open - Opened by ericwb about 2 years ago - 2 comments
Labels: bug

#935 - More precise testing of plugins

Pull Request - State: open - Opened by ericwb about 2 years ago

#926 - Inconsistency of `random.Random` detection between different platforms

Issue - State: closed - Opened by shiftinv about 2 years ago
Labels: bug

#917 - Improve detecting SQL injections in f-strings

Pull Request - State: closed - Opened by kfrydel over 2 years ago - 4 comments

#916 - bandit does not detect SQL injection (B608) if FormattedValue is between "select" and "from" clauses

Issue - State: closed - Opened by kfrydel over 2 years ago - 1 comment
Labels: bug

#915 - Improve handling nosec for multi-line strings

Pull Request - State: closed - Opened by kfrydel over 2 years ago - 9 comments

#912 - Skip tests folder on pre-commit

Issue - State: open - Opened by wellingtonf-souza over 2 years ago - 6 comments
Labels: bug

#907 - Unable to find qualified name

Issue - State: closed - Opened by bje- over 2 years ago - 5 comments
Labels: bug

#904 - Adding option to not print line's number: --no-line-numbers

Pull Request - State: open - Opened by mayblo over 2 years ago - 4 comments

#902 - Bandit can't read config file when run in pre-commit

Issue - State: closed - Opened by RNKuhns over 2 years ago - 7 comments
Labels: bug

#900 - Combine coverage data before generating report

Pull Request - State: closed - Opened by mportesdev over 2 years ago - 2 comments

#888 - Add a configuration option to prohibit `# nosec` without specific error codes

Issue - State: open - Opened by mkniewallner over 2 years ago - 1 comment
Labels: enhancement

#882 - Non-utf8 character causes crash when scanning

Issue - State: closed - Opened by EstevamArantes over 2 years ago - 3 comments
Labels: bug

#880 - #nosec doesn't work with multi-line strings and Python 3.10

Issue - State: closed - Opened by marcinbarczynski over 2 years ago - 1 comment
Labels: bug

#877 - Add flask.Markup XSS plugin

Pull Request - State: open - Opened by raj3shp over 2 years ago - 4 comments

#863 - Make use of rich for progress bar

Pull Request - State: closed - Opened by ericwb over 2 years ago - 5 comments

#840 - Replace pbr in favor of importlib

Pull Request - State: closed - Opened by ericwb over 2 years ago - 1 comment

#839 - Remove pbr runtime dependency in favor of importlib.metadata?

Issue - State: closed - Opened by cjolowicz over 2 years ago - 6 comments
Labels: enhancement

#826 - Use .gitignore as basis of default excludes

Issue - State: open - Opened by ericwb over 2 years ago - 1 comment
Labels: enhancement

#824 - Suggest fixes for issues

Pull Request - State: closed - Opened by ericwb over 2 years ago - 1 comment

#820 - Line range incorrect for a mult-line call (Python 3.7 only)

Issue - State: closed - Opened by ericwb over 2 years ago - 2 comments
Labels: bug

#801 - Translation of output messages

Issue - State: closed - Opened by ericwb over 2 years ago - 1 comment
Labels: enhancement

#767 - lxml guidance is not useful

Issue - State: open - Opened by mwichmann over 2 years ago - 6 comments
Labels: bug

#765 - django_rawsql_used: support keyword arguments used in `RawSQL`

Pull Request - State: closed - Opened by kevinmarsh almost 3 years ago - 3 comments

#764 - Django's `RawSQL` raises error if you use kwargs rather than args

Issue - State: closed - Opened by kevinmarsh almost 3 years ago
Labels: bug

#760 - Convert three assignments to augmented source code

Issue - State: closed - Opened by elfring almost 3 years ago
Labels: enhancement

#758 - Release with pyproject support

Issue - State: closed - Opened by kinoute almost 3 years ago - 4 comments
Labels: enhancement