Skip to content

Tags: rewtd/bandit

Tags

1.7.0

Toggle 1.7.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
Create CODEOWNERS (PyCQA#661)

A codeowners file makes it so people are automatically suggested as reviewers for pull requests
based on path to the code in the PR.

More information can be found here: 
https://docs.github.com/en/free-pro-team@latest/github/creating-cloning-and-archiving-repositories/about-code-owners

Co-authored-by: Luke Hinds <[email protected]>

1.6.3

Toggle 1.6.3's commit message

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Add workflow to publish to PyPI

Along with the existing workflow that can publish to
Test PyPI, this change also adds official PyPI.

The difference is that this workflow will only publish
if the commit is tagged.

Signed-off-by: Eric Brown <[email protected]>

1.6.2

Toggle 1.6.2's commit message

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Performance fix (PyCQA#502)

* Fix PyCQA#490 -- Fix performance issue introduced in 1.6.0

The lines were introduced in 7c4b9fa
and have two effects. First they cause `get_issue_list` to run twice and before
the user receives feedback that bandit started running. Secondly it does not
display any output if no issues are found, which is an unintended behavior change.

* add namespaces for parent attributes

* pylint formatting changes

* made bandit_parent a private attr

* temporary fix; perf issue only on quiet

* update perf issue

1.6.1

Toggle 1.6.1's commit message

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
add test for regression and fix directory exclusion without wildcards (

…PyCQA#489)

* add test for regression and fix directory exclusion without wildcards
* fix pep8 errors
* add support for directory exclusion without trailing slashes
* extend exclusion test for backwards compat with 1.5.1 and add fix
* fix pep8 errors
* fix styling
* fix styling
* fix styling

1.6.0

Toggle 1.6.0's commit message

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Remove pycryptodome blacklist (PyCQA#470)

* Remove pycryptodome from import blacklist

pycryptodome appears to be actively maintained, as opposed to pycrypto.

Unless there is a noted security issue with not using it, this removes
the blanket blacklist on the library. Any insecure hashes/ciphers/etc.
that the library provides will still be reported as per other libraries.

* [functional-tests]
- repurpose blacklist test to verify that pycryptodome is no longer blacklisted

* - fix flake8 line too long

* [flake8]
- misunderstood what flake8 was complaining about.

1.5.1

Toggle 1.5.1's commit message

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Adding test case for traversal crash

Follow up for PyCQA#369

Signed-off-by: Antoine Salon <[email protected]>

1.5.0

Toggle 1.5.0's commit message

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Change ver 1.4.1 references to 1.5.0

There have been significant changes since the 1.4.0 release, so
I'd like the next release to be 1.5.0 instead of 1.4.1. This patch
replaces 1.4.1 references with 1.5.0.

Signed-off-by: Eric Brown <[email protected]>

0.17.0-eol

Toggle 0.17.0-eol's commit message
This branch (stable/0.17.0) is at End Of Life

1.4.0

Toggle 1.4.0's commit message
[Important]

This release removes the ‘stats’ elements from the JSON output
formatter. The same information is available in the metrics
section and duplicating the data is noisy and pointless.

[Features]
- Handle curve keyword arg weak_cryptographic_key

[Bug Fixes]
- UTF8 encoding fix for skipped filenames
- Fixed partial path detection on windows
- HTML output now passes markup validation

[Behind the Scenes]
- Many trivial fixes based on pylint scan
- Many cleanups to docs and readme
- Added functional tests for B308, B321, and B402

1.3.0

Toggle 1.3.0's commit message
[Features]

- Add capability to pipe a file into bandit

[Bug Fixes]
- Fixing B502 and B503 developer docs
- Fix for pylint no-self-use error
- Don't include openstack/common in flake8 exclude list

[Behind the Scenes]
- Many trivial fixes based on pylint scan