Tags · secureonelabs/bandit

1.7.0

Create CODEOWNERS (PyCQA#661)

A codeowners file makes it so people are automatically suggested as reviewers for pull requests
based on path to the code in the PR.

More information can be found here: 
https://docs.github.com/en/free-pro-team@latest/github/creating-cloning-and-archiving-repositories/about-code-owners

Co-authored-by: Luke Hinds <7058938+lukehinds@users.noreply.gith
8000
ub.com>

Dec 9, 2020
9b62635
zip
tar.gz

1.6.3

Add workflow to publish to PyPI

Along with the existing workflow that can publish to
Test PyPI, this change also adds official PyPI.

The difference is that this workflow will only publish
if the commit is tagged.

Signed-off-by: Eric Brown <browne@vmware.com>

Dec 6, 2020
044063e
zip
tar.gz

1.6.2

Performance fix (PyCQA#502)

* Fix PyCQA#490 -- Fix performance issue introduced in 1.6.0

The lines were introduced in 7c4b9fa
and have two effects. First they cause `get_issue_list` to run twice and before
the user receives feedback that bandit started running. Secondly it does not
display any output if no issues are found, which is an unintended behavior change.

* add namespaces for parent attributes

* pylint formatting changes

* made bandit_parent a private attr

* temporary fix; perf issue only on quiet

* update perf issue

Jun 22, 2019
d25f3fc
zip
tar.gz

1.6.1

add test for regression and fix directory exclusion without wildcards (…

…PyCQA#489)

* add test for regression and fix directory exclusion without wildcards
* fix pep8 errors
* add support for directory exclusion without trailing slashes
* extend exclusion test for backwards compat with 1.5.1 and add fix
* fix pep8 errors
* fix styling
* fix styling
* fix styling

May 26, 2019
047e6bf
zip
tar.gz

1.6.0

Remove pycryptodome blacklist (PyCQA#470)

* Remove pycryptodome from import blacklist

pycryptodome appears to be actively maintained, as opposed to pycrypto.

Unless there is a noted security issue with not using it, this removes
the blanket blacklist on the library. Any insecure hashes/ciphers/etc.
that the library provides will still be reported as per other libraries.

* [functional-tests]
- repurpose blacklist test to verify that pycryptodome is no longer blacklisted

* - fix flake8 line too long

* [flake8]
- misunderstood what flake8 was complaining about.

Apr 13, 2019
823138f
zip
tar.gz

1.5.1

Adding test case for traversal crash

Follow up for PyCQA#369

Signed-off-by: Antoine Salon <asalon@vmware.com>

Sep 1, 2018
2421df6
zip
tar.gz

1.5.0

Change ver 1.4.1 references to 1.5.0

There have been significant changes since the 1.4.0 release, so
I'd like the next release to be 1.5.0 instead of 1.4.1. This patch
replaces 1.4.1 references with 1.5.0.

Signed-off-by: Eric Brown <browne@vmware.com>

Aug 16, 2018
679e883
zip
tar.gz

0.17.0-eol

This branch (stable/0.17.0) is at End Of Life

Oct 25, 2017
71df005
zip
tar.gz

1.4.0

[Important]

This release removes the ‘stats’ elements from the JSON output
formatter. The same information is available in the metrics
section and duplicating the data is noisy and pointless.

[Features]
- Handle curve keyword arg weak_cryptographic_key

[Bug Fixes]
- UTF8 encoding fix for skipped filenames
- Fixed partial path detection on windows
- HTML output now passes markup validation

[Behind the Scenes]
- Many trivial fixes based on pylint scan
- Many cleanups to docs and readme
- Added functional tests for B308, B321, and B402

Jan 12, 2017
17c737a
zip
tar.gz

1.3.0

[Features]

- Add capability to pipe a file into bandit

[Bug Fixes]
- Fixing B502 and B503 developer docs
- Fix for pylint no-self-use error
- Don't include openstack/common in flake8 exclude list

[Behind the Scenes]
- Many trivial fixes based on pylint scan

Dec 2, 2016
dd76a78
zip
tar.gz

PreviousNext

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

1.7.0

1.6.3

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

0.17.0-eol

1.4.0

1.3.0

Tags: secureonelabs/bandit