Tags: rewtd/bandit
Tags
Create CODEOWNERS (PyCQA#661) A codeowners file makes it so people are automatically suggested as reviewers for pull requests based on path to the code in the PR. More information can be found here: https://docs.github.com/en/free-pro-team@latest/github/creating-cloning-and-archiving-repositories/about-code-owners Co-authored-by: Luke Hinds <[email protected]>
Add workflow to publish to PyPI Along with the existing workflow that can publish to Test PyPI, this change also adds official PyPI. The difference is that this workflow will only publish if the commit is tagged. Signed-off-by: Eric Brown <[email protected]>
Performance fix (PyCQA#502) * Fix PyCQA#490 -- Fix performance issue introduced in 1.6.0 The lines were introduced in 7c4b9fa and have two effects. First they cause `get_issue_list` to run twice and before the user receives feedback that bandit started running. Secondly it does not display any output if no issues are found, which is an unintended behavior change. * add namespaces for parent attributes * pylint formatting changes * made bandit_parent a private attr * temporary fix; perf issue only on quiet * update perf issue
add test for regression and fix directory exclusion without wildcards (… …PyCQA#489) * add test for regression and fix directory exclusion without wildcards * fix pep8 errors * add support for directory exclusion without trailing slashes * extend exclusion test for backwards compat with 1.5.1 and add fix * fix pep8 errors * fix styling * fix styling * fix styling
Remove pycryptodome blacklist (PyCQA#470) * Remove pycryptodome from import blacklist pycryptodome appears to be actively maintained, as opposed to pycrypto. Unless there is a noted security issue with not using it, this removes the blanket blacklist on the library. Any insecure hashes/ciphers/etc. that the library provides will still be reported as per other libraries. * [functional-tests] - repurpose blacklist test to verify that pycryptodome is no longer blacklisted * - fix flake8 line too long * [flake8] - misunderstood what flake8 was complaining about.
Change ver 1.4.1 references to 1.5.0 There have been significant changes since the 1.4.0 release, so I'd like the next release to be 1.5.0 instead of 1.4.1. This patch replaces 1.4.1 references with 1.5.0. Signed-off-by: Eric Brown <[email protected]>
[Important] This release removes the ‘stats’ elements from the JSON output formatter. The same information is available in the metrics section and duplicating the data is noisy and pointless. [Features] - Handle curve keyword arg weak_cryptographic_key [Bug Fixes] - UTF8 encoding fix for skipped filenames - Fixed partial path detection on windows - HTML output now passes markup validation [Behind the Scenes] - Many trivial fixes based on pylint scan - Many cleanups to docs and readme - Added functional tests for B308, B321, and B402
PreviousNext