Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new plugin to check use of pyghmi #803

Merged
merged 4 commits into from
Feb 7, 2022
Merged

Add new plugin to check use of pyghmi #803

merged 4 commits into from
Feb 7, 2022

Conversation

ericwb
Copy link
Member

@ericwb ericwb commented Feb 7, 2022

Merge branch 'feat/pyghmi' of ssh://github.com/stannum-l/bandit into ipmi
Signed-off-by: Eric Brown browne@vmware.com

This patch set adds a new bandit plugin to check the use of pyghmi.

Closes #356

Signed-off-by: Tin Lam tin@irrational.io

This patch set adds a new bandit plugin to check the use of pyghmi.

Signed-off-by: Tin Lam <tin@irrational.io>
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set adds a new bandit plugin to check the use of the
pyghmi library, as the IPMI is known to be an insecured protocol.

Closes: #356
Signed-off-by: Tin Lam <tin@irrational.io>
@ericwb ericwb changed the title Add new plugin to check use of pyghmi #795 Add new plugin to check use of pyghmi Feb 7, 2022
…ipmi

This patch set adds a new bandit plugin to check the use of pyghmi.

Closes #356

Signed-off-by: Tin Lam tin@irrational.io
Signed-off-by: Eric Brown <browne@vmware.com>
@ericwb ericwb enabled auto-merge (squash) February 7, 2022 06:36
@ericwb ericwb merged commit d1622bf into PyCQA:master Feb 7, 2022
@ericwb ericwb deleted the ipmi branch February 7, 2022 19:28
@ericwb ericwb added this to the Release 1.7.3 milestone Feb 16, 2022
LarsMichelsen pushed a commit to Checkmk/checkmk that referenced this pull request Mar 7, 2022
This updated bandit to 1.7.4. In 1.7.3 check [B303], hash functions,
was updated and [B415], IMPI protocol, was added.

Hash Function
=============
A lower threshold for insecure hash functions was introduced.
All offending code places have been updated with
`usedforsecurity=False` to make bandit happy. This might have
not been ideal in all cases. I'm currently not sure how a change
in hashing algorithm would affect back wards compatibility.

IMPI Protocol
==============
The IMPI protocol is considered insecure. We use it exentsivly in core
parts of the code. For now ignore this check.

[B303] PyCQA/bandit#748
[B415] PyCQA/bandit#803

Change-Id: Iee36820d152955bbd31e6b21fdd6bbc5b83dbb1c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

New plugin to check for use of pyghmi
3 participants