Skip to content

Tags: JuanHuaXu/bandit

Tags

1.5.1

Toggle 1.5.1's commit message

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Learn about vigilant mode 
Adding test case for traversal crash

Follow up for PyCQA#369

Signed-off-by: Antoine Salon <[email protected]>

1.5.0

Toggle 1.5.0's commit message

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Learn about vigilant mode 
Change ver 1.4.1 references to 1.5.0

There have been significant changes since the 1.4.0 release, so
I'd like the next release to be 1.5.0 instead of 1.4.1. This patch
replaces 1.4.1 references with 1.5.0.

Signed-off-by: Eric Brown <[email protected]>

0.17.0-eol

Toggle 0.17.0-eol's commit message 
This branch (stable/0.17.0) is at End Of Life

1.4.0

Toggle 1.4.0's commit message 
[Important]

This release removes the ‘stats’ elements from the JSON output
formatter. The same information is available in the metrics
section and duplicating the data is noisy and pointless.

[Features]
- Handle curve keyword arg weak_cryptographic_key

[Bug Fixes]
- UTF8 encoding fix for skipped filenames
- Fixed partial path detection on windows
- HTML output now passes markup validation

[Behind the Scenes]
- Many trivial fixes based on pylint scan
- Many cleanups to docs and readme
- Added functional tests for B308, B321, and B402

1.3.0

Toggle 1.3.0's commit message 
[Features]

- Add capability to pipe a file into bandit

[Bug Fixes]
- Fixing B502 and B503 developer docs
- Fix for pylint no-self-use error
- Don't include openstack/common in flake8 exclude list

[Behind the Scenes]
- Many trivial fixes based on pylint scan

1.2.0

Toggle 1.2.0's commit message 
[New Features]

- Added "input()" to the list of blacklisted calls (B322)

[Bug Fixes]
- Tests work with newest GitPython
- Blacklist filtering now fixed, B001 no longer needed
- Fixed false positive on YAML load() test (B506)
- Fix crypto key size issues when we dont know what it is (B505)

[Behind the Scenes]
- Unit tests now use Mock over MagicMock
- Unit tests now use assertEqual correctly
- Module imports cleaned up

1.1.0

Toggle 1.1.0's commit message 
[New Features]

- New test for HTTPoxy bug (CVE-2016-5386)
- Man page added

[Bug Fixes]
- XSS bug fixed in HTML output (Security fix)
- Various typos and spelling errors fixed

[Behind the Scenes]
- Catch general exceptions per-file
- Docs improvements
- Py3.5 bits

1.0.1

Toggle 1.0.1's commit message 
Re-release of 1.0, CI failed to publish to PyPI

1.0

Toggle 1.0's commit message 
1.0 milestone release

[New Features]
- Quite a number of new features, please see docs
- Test plugins now have IDs
- Config is now optional
- Config now has a new format, please see docs
- Old config compatibility persists but is deprecated now
- Config gen tool can create new style configs easily
- Test include/exclude (-t/-s) CLI options added
- Version '-v' CLI option added
- Updated documentation
- New test for 'try, except, continue'
- Blacklists items now hove IDs for fine control
- New plugin interface for blacklist data

[Bug fixes]
- Several minor fixes
- Fixes to try, except, ... tests
- Fixes to include/exclude logic

[Behind the Scenes]
- lots of changes to make config optional
- lots of support for old config deprecation
- blacklist test completely re-worked

0.17.3

Toggle 0.17.3's commit message 
Bandit 0.17.3

[Behind the Scenes]
 - Fixed a bug in .bandit file