Bandit

  1. Bug #1502343
  2. Comment #2

Comment 2 for bug 1502343

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to bandit (master)

Reviewed: https://review.openstack.org/230384
Committed: https://git.openstack.org/cgit/openstack/bandit/commit/?id=604ca79759b3d23a01ce661fad58469e525e13b8
Submitter: Jenkins
Branch: master

commit 604ca79759b3d23a01ce661fad58469e525e13b8
Author: Tim Kelsey <email address hidden>
Date: Fri Oct 2 12:41:00 2015 +0100

    Improved tests for hardcoded passwords

    This replaces the existing hardcoded password test with a number of
    smarter tests. None of the new tests utilize a word dictionary, we
    now trigger the warnings based on matching variable names and the
    like against a list of candidate names:

     - "password"
     - "pass"
     - "passwd"
     - "pwd"
     - "secret"
     - "token"

    hardcoded_password_string looks for:
     candidate = "some_string_literal"
     dict[candidate] = "some_string_literal"
     candidate == "some_string_literal"

    hardcoded_password_funcarg looks for:
     func_call(candidate="some_string_literal")

    hardcoded_password_default looks for:
     def func_def(candidate="some_string_literal"):

    All issues are reported as MEDIUM confidence, LOW severity

    Closes-bug: #1502348
    Closes-bug: #1502343
    Closes-bug: #1432887

    Change-Id: I36d97ee838a7f08234b759c352649721d07e8ab0