openstack-swift
/
bandit.yaml
162 строки · 7.8 Кб
1### This config may optionally select a subset of tests to run or skip by3### filling out the 'tests' and 'skips' lists given below. If no tests are4### specified for inclusion then it is assumed all tests are desired. The skips5### set will remove specific tests from the include set. This can be controlled6### using the -t/-s CLI options. Note that the same test ID should not appear7### in both 'tests' and 'skips', this would be nonsensical and is detected by8### Bandit at runtime.9# Available tests:11# B101 : assert_used12# B102 : exec_used13# B103 : set_bad_file_permissions14# B104 : hardcoded_bind_all_interfaces15# B105 : hardcoded_password_string16# B106 : hardcoded_password_funcarg17# B107 : hardcoded_password_default18# B108 : hardcoded_tmp_directory19# B110 : try_except_pass20# B112 : try_except_continue21# B201 : flask_debug_true22# B301 : pickle23# B302 : marshal24# B303 : md525# B304 : ciphers26# B305 : cipher_modes27# B306 : mktemp_q28# B307 : eval29# B308 : mark_safe30# B310 : urllib_urlopen31# B311 : random32# B312 : telnetlib33# B313 : xml_bad_cElementTree34# B314 : xml_bad_ElementTree35# B315 : xml_bad_expatreader36# B316 : xml_bad_expatbuilder37# B317 : xml_bad_sax38# B318 : xml_bad_minidom39# B319 : xml_bad_pulldom40# B320 : xml_bad_etree41# B321 : ftplib42# B322 : input43# B323 : unverified_context44# B325 : tempnam45# B401 : import_telnetlib46# B402 : import_ftplib47# B403 : import_pickle48# B404 : import_subprocess49# B405 : import_xml_etree50# B406 : import_xml_sax51# B407 : import_xml_expat52# B408 : import_xml_minidom53# B409 : import_xml_pulldom54# B410 : import_lxml55# B411 : import_xmlrpclib56# B412 : import_httpoxy57# B413 : import_pycrypto58# B414 : import_pycryptodome59# B501 : request_with_no_cert_validation60# B502 : ssl_with_bad_version61# B503 : ssl_with_bad_defaults62# B504 : ssl_with_no_version63# B505 : weak_cryptographic_key64# B506 : yaml_load65# B507 : ssh_no_host_key_verification66# B601 : paramiko_calls67# B602 : subprocess_popen_with_shell_equals_true68# B603 : subprocess_without_shell_equals_true69# B604 : any_other_function_with_shell_equals_true70# B605 : start_process_with_a_shell71# B606 : start_process_with_no_shell72# B607 : start_process_with_partial_path73# B608 : hardcoded_sql_expressions74# B609 : linux_commands_wildcard_injection75# B610 : django_extra_used76# B611 : django_rawsql_used77# B701 : jinja2_autoescape_false78# B702 : use_of_mako_templates79# B703 : django_mark_safe80# (optional) list included test IDs here, eg '[B101, B406]':82tests: [B102, B103, B302, B303, B304, B305, B306, B308, B310, B401, B501, B502, B506, B601, B602, B609]83# (optional) list skipped test IDs here, eg '[B101, B406]':85skips:86### (optional) plugin settings - some test plugins require configuration data88### that may be given here, per-plugin. All bandit test plugins have a built in89### set of sensible defaults and these will be used if no configuration is90### provided. It is not necessary to provide settings for every (or any) plugin91### if the defaults are acceptable.92#any_other_function_with_shell_equals_true:94# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,95# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,96# os.spawnvp, os.spawnvpe, os.startfile]97# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,98# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]99# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,100# utils.execute, utils.execute_with_timeout]101#execute_with_run_as_root_equals_true:102# function_names: [ceilometer.utils.execute, cinder.utils.execute, neutron.agent.linux.utils.execute,103# nova.utils.execute, nova.utils.trycmd]104#hardcoded_tmp_directory:105# tmp_dirs: [/tmp, /var/tmp, /dev/shm]106#linux_commands_wildcard_injection:107# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,108# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,109# os.spawnvp, os.spawnvpe, os.startfile]110# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,111# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]112# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,113# utils.execute, utils.execute_with_timeout]114#password_config_option_not_marked_secret:115# function_names: [oslo.config.cfg.StrOpt, oslo_config.cfg.StrOpt]116#ssl_with_bad_defaults:117# bad_protocol_versions: [PROTOCOL_SSLv2, SSLv2_METHOD, SSLv23_METHOD, PROTOCOL_SSLv3,118# PROTOCOL_TLSv1, SSLv3_METHOD, TLSv1_METHOD]119#ssl_with_bad_version:120# bad_protocol_versions: [PROTOCOL_SSLv2, SSLv2_METHOD, SSLv23_METHOD, PROTOCOL_SSLv3,121# PROTOCOL_TLSv1, SSLv3_METHOD, TLSv1_METHOD]122#start_process_with_a_shell:123# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,124# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,125# os.spawnvp, os.spawnvpe, os.startfile]126# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,127# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]128# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,129# utils.execute, utils.execute_with_timeout]130#start_process_with_no_shell:131# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,132# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,133# os.spawnvp, os.spawnvpe, os.startfile]134# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,135# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]136# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,137# utils.execute, utils.execute_with_timeout]138#start_process_with_partial_path:139# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,140# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,141# os.spawnvp, os.spawnvpe, os.startfile]142# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,143# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]144# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,145# utils.execute, utils.execute_with_timeout]146#subprocess_popen_with_shell_equals_true:147# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,148# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,149# os.spawnvp, os.spawnvpe, os.startfile]150# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,151# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]152# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,153# utils.execute, utils.execute_with_timeout]154#subprocess_without_shell_equals_true:155# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,156# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,157# os.spawnvp, os.spawnvpe, os.startfile]158# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,159# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]160# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,161# utils.execute, utils.execute_with_timeout]162#try_except_continue: {check_typed_exception: false}163#try_except_pass: {check_typed_exception: false}164