default location of word_list file can't be found
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Bandit |
Fix Released
|
Medium
|
Dave Walker |
Bug Description
In the default bandit.yaml the following is defined:
hardcoded_password:
word_list: "wordlist/
This is a relative path to a file that exists within the bandit source tree.
And from looking at code that loads this file, it does a file open on that exact relative. So if not run within the bandit root project directory, it'll be unable to find the file and not give any indication of error since the default is to use an empty list.
Issues:
- default-passwords doesn't get installed with the PyPi package.
- bandit/
- An error should be logged if a file cannot be loaded. Someone could provide their own custom password file, will see no indication if it wasn't found.
Changed in bandit: | |
importance: | Undecided → Medium |
Changed in bandit: | |
assignee: | nobody → Dave Walker (davewalker) |
Fix proposed to branch: master /review. openstack. org/201053
Review: https:/