-
-
Notifications
You must be signed in to change notification settings - Fork 734
Permalink
Choose a base ref
{{ refName }}
default
Choose a head ref
{{ refName }}
default
Comparing changes
Choose two branches to see what's changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
base repository: PyCQA/bandit
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 1.8.2
Could not load branches
Nothing to show
Loading
...
head repository: PyCQA/bandit
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1.8.3
Could not load branches
Nothing to show
Loading
- 11 commits
- 21 files changed
- 5 contributors
Commits on Jan 13, 2025
-
Bump docker/build-push-action from 6.10.0 to 6.11.0 (#1220)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.10.0 to 6.11.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@48aba3b...b32b51a)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Commits on Jan 20, 2025
-
Bump docker/build-push-action from 6.11.0 to 6.12.0 (#1221)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.11.0 to 6.12.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@b32b51a...67a2d40)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Commits on Jan 27, 2025
-
Bump docker/build-push-action from 6.12.0 to 6.13.0 (#1222)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.12.0 to 6.13.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@67a2d40...ca877d9)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Commits on Feb 4, 2025
-
[pre-commit.ci] pre-commit autoupdate (#1229)
* [pre-commit.ci] pre-commit autoupdate
updates:
- [github.com/psf/black-pre-commit-mirror: 24.10.0 - 25.1.0](psf/black-pre-commit-mirror@24.10.0...25.1.0)
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
---------
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> -
Update bug template to include latest released versions (#1218)
The bug template should include a drop down selection for newly released Bandit versions 1.8.1 and 1.8.2. -
Add markupsafe.Markup XSS plugin (#1225)
* Add markupsafe.Markup XSS plugin
* Apply suggestions from code review
Co-authored-by: Eric Brown
---------
Co-authored-by: Eric Brown
Commits on Feb 5, 2025
-
Warn not error on an nonexistant test given (#1230)
When a user gives a test ID to include or skip, the current
behavior raises an exception and exits the process.
However, when tests end up getting deprecated and eventually
removed, it is a lot more user friendly to simple present
a warning to the user that the test ID given wasn't found
rather than a hard error and exit.
Fixes: #1228
Signed-off-by: Eric Brown
Commits on Feb 10, 2025
-
-
-
B107: Skip None values in hardcoded password detection (#1232)
* B107: Skip None values in hardcoded password detection
The B107 check was incorrectly flagging None default values as hardcoded
passwords in function definitions. This is a false positive since None is a
legitimate and commonly used within __init__ initialization
This change modifies the hardcoded_password_default function to:
- Skip None values in parameter defaults
- Handle both ast.Constant (Python 3.8+) and ast.NameConstant (Python 3.7-)
representations of None
- Update documentation to clarify None handling behavior
Example of code that no longer triggers B107:
def __init__(self, auth_scheme, auth_password=None):
pass
Fixes ##1227
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
---------
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Commits on Feb 16, 2025
-
* Fix pytorch weights check
* B614: Fix PyTorch plugin to handle weights_only parameter correctly
The PyTorch plugin (B614) has been updated to properly handle the weights_only
parameter in torch.load calls. When weights_only=True is specified, PyTorch will
only deserialize known safe types, making the operation more secure.
I also removed torch.save as there is no certain insecure element as
such, saving any file or artifact requires consideration of what it is
you are saving.
Changes:
- Update plugin to only check torch.load calls (not torch.save)
- Fix weights_only check to handle both string and boolean True values
- Remove map_location check as it doesn't affect security
- Update example file to demonstrate both safe and unsafe cases
- Update plugin documentation to mention weights_only as a safe alternative
The plugin now correctly identifies unsafe torch.load calls while allowing safe
usage with weights_only=True to pass without warning.
Fixes: #1224
* Fix E501 line too long
* Rename files to new test scope
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Update doc/source/plugins/b614_pytorch_load.rst
Co-authored-by: Eric Brown
* Update pytorch_load.py
---------
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Eric Brown
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can't render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 1.8.2...1.8.3