Gitiles
Code Review Sign In
gerrit.opencord.org / voltha-openonu-adapter / 9981e83626e4c3b649e823ebe3200fd8ee6b036b / . / python / .bandit.yml
blob: 3a2ada0dabacac65f538bef2cbf5a87fb2abd64c [file] [log] [blame]
Andrey Pozolotin9981e832020-08-14 02:50:12 +0200[diff] [blame^]1# Copyright 2017-present Open Networking Foundation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14# sourcing this file is needed to make local development and integration testing work
15
16# load local python virtualenv if exists
17
18### Bandit config file generated from:
19# '/usr/local/bin/bandit-config-generator -o .bandit.yaml'
20
21### This config may optionally select a subset of tests to run or skip by
22### filling out the 'tests' and 'skips' lists given below. If no tests are
23### specified for inclusion then it is assumed all tests are desired. The skips
24### set will remove specific tests from the include set. This can be controlled
25### using the -t/-s CLI options. Note that the same test ID should not appear
26### in both 'tests' and 'skips', this would be nonsensical and is detected by
27### Bandit at runtime.
28
29# Available tests:
30# B101 : assert_used
31# B102 : exec_used
32# B103 : set_bad_file_permissions
33# B104 : hardcoded_bind_all_interfaces
34# B105 : hardcoded_password_string
35# B106 : hardcoded_password_funcarg
36# B107 : hardcoded_password_default
37# B108 : hardcoded_tmp_directory
38# B110 : try_except_pass
39# B112 : try_except_continue
40# B201 : flask_debug_true
41# B301 : pickle
42# B302 : marshal
43# B303 : md5
44# B304 : ciphers
45# B305 : cipher_modes
46# B306 : mktemp_q
47# B307 : eval
48# B308 : mark_safe
49# B309 : httpsconnection
50# B310 : urllib_urlopen
51# B311 : random
52# B312 : telnetlib
53# B313 : xml_bad_cElementTree
54# B314 : xml_bad_ElementTree
55# B315 : xml_bad_expatreader
56# B316 : xml_bad_expatbuilder
57# B317 : xml_bad_sax
58# B318 : xml_bad_minidom
59# B319 : xml_bad_pulldom
60# B320 : xml_bad_etree
61# B321 : ftplib
62# B322 : input
63# B323 : unverified_context
64# B324 : hashlib_new_insecure_functions
65# B325 : tempnam
66# B401 : import_telnetlib
67# B402 : import_ftplib
68# B403 : import_pickle
69# B404 : import_subprocess
70# B405 : import_xml_etree
71# B406 : import_xml_sax
72# B407 : import_xml_expat
73# B408 : import_xml_minidom
74# B409 : import_xml_pulldom
75# B410 : import_lxml
76# B411 : import_xmlrpclib
77# B412 : import_httpoxy
78# B413 : import_pycrypto
79# B501 : request_with_no_cert_validation
80# B502 : ssl_with_bad_version
81# B503 : ssl_with_bad_defaults
82# B504 : ssl_with_no_version
83# B505 : weak_cryptographic_key
84# B506 : yaml_load
85# B507 : ssh_no_host_key_verification
86# B601 : paramiko_calls
87# B602 : subprocess_popen_with_shell_equals_true
88# B603 : subprocess_without_shell_equals_true
89# B604 : any_other_function_with_shell_equals_true
90# B605 : start_process_with_a_shell
91# B606 : start_process_with_no_shell
92# B607 : start_process_with_partial_path
93# B608 : hardcoded_sql_expressions
94# B609 : linux_commands_wildcard_injection
95# B610 : django_extra_used
96# B611 : django_rawsql_used
97# B701 : jinja2_autoescape_false
98# B702 : use_of_mako_templates
99# B703 : django_mark_safe
100
101# (optional) list included test IDs here, eg '[B101, B406]':
102tests:
103
104# (optional) list skipped test IDs here, eg '[B101, B406]':
105skips:
106
107### (optional) plugin settings - some test plugins require configuration data
108### that may be given here, per-plugin. All bandit test plugins have a built in
109### set of sensible defaults and these will be used if no configuration is
110### provided. It is not necessary to provide settings for every (or any) plugin
111### if the defaults are acceptable.
112
113any_other_function_with_shell_equals_true:
114 no_shell:
115 - os.execl
116 - os.execle
117 - os.execlp
118 - os.execlpe
119 - os.execv
120 - os.execve
121 - os.execvp
122 - os.execvpe
123 - os.spawnl
124 - os.spawnle
125 - os.spawnlp
126 - os.spawnlpe
127 - os.spawnv
128 - os.spawnve
129 - os.spawnvp
130 - os.spawnvpe
131 - os.startfile
132 shell:
133 - os.system
134 - os.popen
135 - os.popen2
136 - os.popen3
137 - os.popen4
138 - popen2.popen2
139 - popen2.popen3
140 - popen2.popen4
141 - popen2.Popen3
142 - popen2.Popen4
143 - commands.getoutput
144 - commands.getstatusoutput
145 subprocess:
146 - subprocess.Popen
147 - subprocess.call
148 - subprocess.check_call
149 - subprocess.check_output
150 - subprocess.run
151hardcoded_tmp_directory:
152 tmp_dirs:
153 - /tmp
154 - /var/tmp
155 - /dev/shm
156linux_commands_wildcard_injection:
157 no_shell:
158 - os.execl
159 - os.execle
160 - os.execlp
161 - os.execlpe
162 - os.execv
163 - os.execve
164 - os.execvp
165 - os.execvpe
166 - os.spawnl
167 - os.spawnle
168 - os.spawnlp
169 - os.spawnlpe
170 - os.spawnv
171 - os.spawnve
172 - os.spawnvp
173 - os.spawnvpe
174 - os.startfile
175 shell:
176 - os.system
177 - os.popen
178 - os.popen2
179 - os.popen3
180 - os.popen4
181 - popen2.popen2
182 - popen2.popen3
183 - popen2.popen4
184 - popen2.Popen3
185 - popen2.Popen4
186 - commands.getoutput
187 - commands.getstatusoutput
188 subprocess:
189 - subprocess.Popen
190 - subprocess.call
191 - subprocess.check_call
192 - subprocess.check_output
193 - subprocess.run
194ssl_with_bad_defaults:
195 bad_protocol_versions:
196 - PROTOCOL_SSLv2
197 - SSLv2_METHOD
198 - SSLv23_METHOD
199 - PROTOCOL_SSLv3
200 - PROTOCOL_TLSv1
201 - SSLv3_METHOD
202 - TLSv1_METHOD
203ssl_with_bad_version:
204 bad_protocol_versions:
205 - PROTOCOL_SSLv2
206 - SSLv2_METHOD
207 - SSLv23_METHOD
208 - PROTOCOL_SSLv3
209 - PROTOCOL_TLSv1
210 - SSLv3_METHOD
211 - TLSv1_METHOD
212start_process_with_a_shell:
213 no_shell:
214 - os.execl
215 - os.execle
216 - os.execlp
217 - os.execlpe
218 - os.execv
219 - os.execve
220 - os.execvp
221 - os.execvpe
222 - os.spawnl
223 - os.spawnle
224 - os.spawnlp
225 - os.spawnlpe
226 - os.spawnv
227 - os.spawnve
228 - os.spawnvp
229 - os.spawnvpe
230 - os.startfile
231 shell:
232 - os.system
233 - os.popen
234 - os.popen2
235 - os.popen3
236 - os.popen4
237 - popen2.popen2
238 - popen2.popen3
239 - popen2.popen4
240 - popen2.Popen3
241 - popen2.Popen4
242 - commands.getoutput
243 - commands.getstatusoutput
244 subprocess:
245 - subprocess.Popen
246 - subprocess.call
247 - subprocess.check_call
248 - subprocess.check_output
249 - subprocess.run
250start_process_with_no_shell:
251 no_shell:
252 - os.execl
253 - os.execle
254 - os.execlp
255 - os.execlpe
256 - os.execv
257 - os.execve
258 - os.execvp
259 - os.execvpe
260 - os.spawnl
261 - os.spawnle
262 - os.spawnlp
263 - os.spawnlpe
264 - os.spawnv
265 - os.spawnve
266 - os.spawnvp
267 - os.spawnvpe
268 - os.startfile
269 shell:
270 - os.system
271 - os.popen
272 - os.popen2
273 - os.popen3
274 - os.popen4
275 - popen2.popen2
276 - popen2.popen3
277 - popen2.popen4
278 - popen2.Popen3
279 - popen2.Popen4
280 - commands.getoutput
281 - commands.getstatusoutput
282 subprocess:
283 - subprocess.Popen
284 - subprocess.call
285 - subprocess.check_call
286 - subprocess.check_output
287 - subprocess.run
288start_process_with_partial_path:
289 no_shell:
290 - os.execl
291 - os.execle
292 - os.execlp
293 - os.execlpe
294 - os.execv
295 - os.execve
296 - os.execvp
297 - os.execvpe
298 - os.spawnl
299 - os.spawnle
300 - os.spawnlp
301 - os.spawnlpe
302 - os.spawnv
303 - os.spawnve
304 - os.spawnvp
305 - os.spawnvpe
306 - os.startfile
307 shell:
308 - os.system
309 - os.popen
310 - os.popen2
311 - os.popen3
312 - os.popen4
313 - popen2.popen2
314 - popen2.popen3
315 - popen2.popen4
316 - popen2.Popen3
317 - popen2.Popen4
318 - commands.getoutput
319 - commands.getstatusoutput
320 subprocess:
321 - subprocess.Popen
322 - subprocess.call
323 - subprocess.check_call
324 - subprocess.check_output
325 - subprocess.run
326subprocess_popen_with_shell_equals_true:
327 no_shell:
328 - os.execl
329 - os.execle
330 - os.execlp
331 - os.execlpe
332 - os.execv
333 - os.execve
334 - os.execvp
335 - os.execvpe
336 - os.spawnl
337 - os.spawnle
338 - os.spawnlp
339 - os.spawnlpe
340 - os.spawnv
341 - os.spawnve
342 - os.spawnvp
343 - os.spawnvpe
344 - os.startfile
345 shell:
346 - os.system
347 - os.popen
348 - os.popen2
349 - os.popen3
350 - os.popen4
351 - popen2.popen2
352 - popen2.popen3
353 - popen2.popen4
354 - popen2.Popen3
355 - popen2.Popen4
356 - commands.getoutput
357 - commands.getstatusoutput
358 subprocess:
359 - subprocess.Popen
360 - subprocess.call
361 - subprocess.check_call
362 - subprocess.check_output
363 - subprocess.run
364subprocess_without_shell_equals_true:
365 no_shell:
366 - os.execl
367 - os.execle
368 - os.execlp
369 - os.execlpe
370 - os.execv
371 - os.execve
372 - os.execvp
373 - os.execvpe
374 - os.spawnl
375 - os.spawnle
376 - os.spawnlp
377 - os.spawnlpe
378 - os.spawnv
379 - os.spawnve
380 - os.spawnvp
381 - os.spawnvpe
382 - os.startfile
383 shell:
384 - os.system
385 - os.popen
386 - os.popen2
387 - os.popen3
388 - os.popen4
389 - popen2.popen2
390 - popen2.popen3
391 - popen2.popen4
392 - popen2.Popen3
393 - popen2.Popen4
394 - commands.getoutput
395 - commands.getstatusoutput
396 subprocess:
397 - subprocess.Popen
398 - subprocess.call
399 - subprocess.check_call
400 - subprocess.check_output
401 - subprocess.run
402try_except_continue:
403 check_typed_exception: false
404try_except_pass:
405 check_typed_exception: false
406weak_cryptographic_key:
407 weak_key_size_dsa_high: 1024
408 weak_key_size_dsa_medium: 2048
409 weak_key_size_ec_high: 160
410 weak_key_size_ec_medium: 224
411 weak_key_size_rsa_high: 1024
412 weak_key_size_rsa_medium: 2048