commit 604ca79759b3d23a01ce661fad58469e525e13b8
Author: Tim Kelsey <email address hidden>
Date: Fri Oct 2 12:41:00 2015 +0100
Improved tests for hardcoded passwords
This replaces the existing hardcoded password test with a number of
smarter tests. None of the new tests utilize a word dictionary, we
now trigger the warnings based on matching variable names and the
like against a list of candidate names:
Reviewed: https:/ /review. openstack. org/230384 /git.openstack. org/cgit/ openstack/ bandit/ commit/ ?id=604ca79759b 3d23a01ce661fad 58469e525e13b8
Committed: https:/
Submitter: Jenkins
Branch: master
commit 604ca79759b3d23 a01ce661fad5846 9e525e13b8
Author: Tim Kelsey <email address hidden>
Date: Fri Oct 2 12:41:00 2015 +0100
Improved tests for hardcoded passwords
This replaces the existing hardcoded password test with a number of
smarter tests. None of the new tests utilize a word dictionary, we
now trigger the warnings based on matching variable names and the
like against a list of candidate names:
- "password"
- "pass"
- "passwd"
- "pwd"
- "secret"
- "token"
hardcoded_ password_ string looks for: literal" candidate] = "some_string_ literal" literal"
candidate = "some_string_
dict[
candidate == "some_string_
hardcoded_ password_ funcarg looks for: call(candidate= "some_string_ literal" )
func_
hardcoded_ password_ default looks for: candidate= "some_string_ literal" ):
def func_def(
All issues are reported as MEDIUM confidence, LOW severity
Closes-bug: #1502348
Closes-bug: #1502343
Closes-bug: #1432887
Change-Id: I36d97ee838a7f0 8234b759c352649 721d07e8ab0