CI: document bandit tests by reference

The available bandit tests change with time (e.g. the Related-Change). We shouldn't try to maintain the list. Related-Change: Ie668d49a56c0a6542d28128656cfd44f7c089ec4 Change-Id: I6eb106abbac28ffbb9a3f64e8aa60218cbe75682
2025-01-14 09:31:08 +00:00 · 2025-01-14 09:31:08 +00:00 · aa0429ce00
commit aa0429ce00
parent f95315b711
1 changed files with 2 additions and 70 deletions
--- a/bandit.yaml
+++ b/bandit.yaml
@ -7,76 +7,8 @@
 ### in both 'tests' and 'skips', this would be nonsensical and is detected by
 ### Bandit at runtime.

-# Available tests:
-# B101 : assert_used
-# B102 : exec_used
-# B103 : set_bad_file_permissions
-# B104 : hardcoded_bind_all_interfaces
-# B105 : hardcoded_password_string
-# B106 : hardcoded_password_funcarg
-# B107 : hardcoded_password_default
-# B108 : hardcoded_tmp_directory
-# B110 : try_except_pass
-# B112 : try_except_continue
-# B201 : flask_debug_true
-# B301 : pickle
-# B302 : marshal
-# B303 : md5
-# B304 : ciphers
-# B305 : cipher_modes
-# B306 : mktemp_q
-# B307 : eval
-# B308 : mark_safe
-# B310 : urllib_urlopen
-# B311 : random
-# B312 : telnetlib
-# B313 : xml_bad_cElementTree
-# B314 : xml_bad_ElementTree
-# B315 : xml_bad_expatreader
-# B316 : xml_bad_expatbuilder
-# B317 : xml_bad_sax
-# B318 : xml_bad_minidom
-# B319 : xml_bad_pulldom
-# B320 : xml_bad_etree
-# B321 : ftplib
-# B322 : input
-# B323 : unverified_context
-# B325 : tempnam
-# B401 : import_telnetlib
-# B402 : import_ftplib
-# B403 : import_pickle
-# B404 : import_subprocess
-# B405 : import_xml_etree
-# B406 : import_xml_sax
-# B407 : import_xml_expat
-# B408 : import_xml_minidom
-# B409 : import_xml_pulldom
-# B410 : import_lxml
-# B411 : import_xmlrpclib
-# B412 : import_httpoxy
-# B413 : import_pycrypto
-# B414 : import_pycryptodome
-# B501 : request_with_no_cert_validation
-# B502 : ssl_with_bad_version
-# B503 : ssl_with_bad_defaults
-# B504 : ssl_with_no_version
-# B505 : weak_cryptographic_key
-# B506 : yaml_load
-# B507 : ssh_no_host_key_verification
-# B601 : paramiko_calls
-# B602 : subprocess_popen_with_shell_equals_true
-# B603 : subprocess_without_shell_equals_true
-# B604 : any_other_function_with_shell_equals_true
-# B605 : start_process_with_a_shell
-# B606 : start_process_with_no_shell
-# B607 : start_process_with_partial_path
-# B608 : hardcoded_sql_expressions
-# B609 : linux_commands_wildcard_injection
-# B610 : django_extra_used
-# B611 : django_rawsql_used
-# B701 : jinja2_autoescape_false
-# B702 : use_of_mako_templates
-# B703 : django_mark_safe
+# See https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html
+# for documentation of the available tests.

 # (optional) list included test IDs here, eg '[B101, B406]':
 tests: