From aa0429ce0038a40213e5b75ac0c7abfcc1c22007 Mon Sep 17 00:00:00 2001 From: Alistair Coles Date: Tue, 14 Jan 2025 09:31:08 +0000 Subject: [PATCH] CI: document bandit tests by reference The available bandit tests change with time (e.g. the Related-Change). We shouldn't try to maintain the list. Related-Change: Ie668d49a56c0a6542d28128656cfd44f7c089ec4 Change-Id: I6eb106abbac28ffbb9a3f64e8aa60218cbe75682 --- bandit.yaml | 72 ++--------------------------------------------------- 1 file changed, 2 insertions(+), 70 deletions(-) diff --git a/bandit.yaml b/bandit.yaml index 7081e7d2d4..62b37689b4 100644 --- a/bandit.yaml +++ b/bandit.yaml @@ -7,76 +7,8 @@ ### in both 'tests' and 'skips', this would be nonsensical and is detected by ### Bandit at runtime. -# Available tests: -# B101 : assert_used -# B102 : exec_used -# B103 : set_bad_file_permissions -# B104 : hardcoded_bind_all_interfaces -# B105 : hardcoded_password_string -# B106 : hardcoded_password_funcarg -# B107 : hardcoded_password_default -# B108 : hardcoded_tmp_directory -# B110 : try_except_pass -# B112 : try_except_continue -# B201 : flask_debug_true -# B301 : pickle -# B302 : marshal -# B303 : md5 -# B304 : ciphers -# B305 : cipher_modes -# B306 : mktemp_q -# B307 : eval -# B308 : mark_safe -# B310 : urllib_urlopen -# B311 : random -# B312 : telnetlib -# B313 : xml_bad_cElementTree -# B314 : xml_bad_ElementTree -# B315 : xml_bad_expatreader -# B316 : xml_bad_expatbuilder -# B317 : xml_bad_sax -# B318 : xml_bad_minidom -# B319 : xml_bad_pulldom -# B320 : xml_bad_etree -# B321 : ftplib -# B322 : input -# B323 : unverified_context -# B325 : tempnam -# B401 : import_telnetlib -# B402 : import_ftplib -# B403 : import_pickle -# B404 : import_subprocess -# B405 : import_xml_etree -# B406 : import_xml_sax -# B407 : import_xml_expat -# B408 : import_xml_minidom -# B409 : import_xml_pulldom -# B410 : import_lxml -# B411 : import_xmlrpclib -# B412 : import_httpoxy -# B413 : import_pycrypto -# B414 : import_pycryptodome -# B501 : request_with_no_cert_validation -# B502 : ssl_with_bad_version -# B503 : ssl_with_bad_defaults -# B504 : ssl_with_no_version -# B505 : weak_cryptographic_key -# B506 : yaml_load -# B507 : ssh_no_host_key_verification -# B601 : paramiko_calls -# B602 : subprocess_popen_with_shell_equals_true -# B603 : subprocess_without_shell_equals_true -# B604 : any_other_function_with_shell_equals_true -# B605 : start_process_with_a_shell -# B606 : start_process_with_no_shell -# B607 : start_process_with_partial_path -# B608 : hardcoded_sql_expressions -# B609 : linux_commands_wildcard_injection -# B610 : django_extra_used -# B611 : django_rawsql_used -# B701 : jinja2_autoescape_false -# B702 : use_of_mako_templates -# B703 : django_mark_safe +# See https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html +# for documentation of the available tests. # (optional) list included test IDs here, eg '[B101, B406]': tests: