1+ ### This config may optionally select a subset of tests to run or skip by
2+ ### filling out the 'tests' and 'skips' lists given below. If no tests are
3+ ### specified for inclusion then it is assumed all tests are desired. The skips
4+ ### set will remove specific tests from the include set. This can be controlled
5+ ### using the -t/-s CLI options. Note that the same test ID should not appear
6+ ### in both 'tests' and 'skips', this would be nonsensical and is detected by
7+ ### Bandit at runtime.
8+
9+ # (optional) list included test IDs here, eg '[B101, B406]':
10+ tests:
11+
12+ # (optional) list skipped test IDs here, eg '[B101, B406]':
13+ skips: [B101, B102, B401, B402, B403, B404, B405, B406, B407, B408, B409, B410, B413, B414, B307, B311, B507, B603, B610, B611, B703]
14+
15+ ### (optional) plugin settings - some test plugins require configuration data
16+ ### that may be given here, per-plugin. All bandit test plugins have a built in
17+ ### set of sensible defaults and these will be used if no configuration is
18+ ### provided. It is not necessary to provide settings for every (or any) plugin
19+ ### if the defaults are acceptable.
20+
21+ any_other_function_with_shell_equals_true:
22+ no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
23+ os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
24+ os.spawnvp, os.spawnvpe, os.startfile]
25+ shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
26+ popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
27+ subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
28+ utils.execute, utils.execute_with_timeout]
29+ execute_with_run_as_root_equals_true:
30+ function_names: [ceilometer.utils.execute, cinder.utils.execute, neutron.agent.linux.utils.execute,
31+ nova.utils.execute, nova.utils.trycmd]
32+ hardcoded_tmp_directory:
33+ tmp_dirs: [/tmp, /var/tmp, /dev/shm]
34+ linux_commands_wildcard_injection:
35+ no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
36+ os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
37+ os.spawnvp, os.spawnvpe, os.startfile]
38+ shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
39+ popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
40+ subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
41+ utils.execute, utils.execute_with_timeout]
42+ password_config_option_not_marked_secret:
43+ function_names: [oslo.config.cfg.StrOpt, oslo_config.cfg.StrOpt]
44+ ssl_with_bad_defaults:
45+ bad_protocol_versions: [PROTOCOL_SSLv2, SSLv2_METHOD, SSLv23_METHOD, PROTOCOL_SSLv3,
46+ PROTOCOL_TLSv1, SSLv3_METHOD, TLSv1_METHOD]
47+ ssl_with_bad_version:
48+ bad_protocol_versions: [PROTOCOL_SSLv2, SSLv2_METHOD, SSLv23_METHOD, PROTOCOL_SSLv3,
49+ PROTOCOL_TLSv1, SSLv3_METHOD, TLSv1_METHOD]
50+ start_process_with_a_shell:
51+ no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
52+ os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
53+ os.spawnvp, os.spawnvpe, os.startfile]
54+ shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
55+ popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
56+ subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
57+ utils.execute, utils.execute_with_timeout]
58+ start_process_with_no_shell:
59+ no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
60+ os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
61+ os.spawnvp, os.spawnvpe, os.startfile]
62+ shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
63+ popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
64+ subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
65+ utils.execute, utils.execute_with_timeout]
66+ start_process_with_partial_path:
67+ no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
68+ os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
69+ os.spawnvp, os.spawnvpe, os.startfile]
70+ shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
71+ popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
72+ subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
73+ utils.execute, utils.execute_with_timeout]
74+ subprocess_popen_with_shell_equals_true:
75+ no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
76+ os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
77+ os.spawnvp, os.spawnvpe, os.startfile]
78+ shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
79+ popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
80+ subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
81+ utils.execute, utils.execute_with_timeout]
82+ subprocess_without_shell_equals_true:
83+ no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
84+ os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
85+ os.spawnvp, os.spawnvpe, os.startfile]
86+ shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
87+ popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
88+ subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
89+ utils.execute, utils.execute_with_timeout]
90+ try_except_continue: {check_typed_exception: false}
91+ try_except_pass: {check_typed_exception: false}
0 commit comments