Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new plugin to check use of pyghmi #795

Closed
wants to merge 3 commits into from
Closed

Add new plugin to check use of pyghmi #795

wants to merge 3 commits into from

Conversation

ericwb
Copy link
Member

@ericwb ericwb commented Feb 4, 2022

This patch set adds a new bandit plugin to check the use of pyghmi.

Closes #356

Signed-off-by: Tin Lam tin@irrational.io

@stannum-l
Add new plugin to check use of pyghmi
abc1b50 
This patch set adds a new bandit plugin to check the use of pyghmi.

Signed-off-by: Tin Lam <tin@irrational.io>
@stannum-l
Fix example and polish te code.
e96cd6b 
Signed-off-by: Tin Lam <tin@irrational.io>
@stannum-l
Add new plug-in to check pyghmi
ec1e38e 
This patch set adds a new bandit plugin to check the use of the
pyghmi library, as the IPMI is known to be an insecured protocol.

Closes: PyCQA#356
Signed-off-by: Tin Lam <tin@irrational.io>
sigmavirus24
sigmavirus24 reviewed Feb 5, 2022
View reviewed changes
bandit/plugins/import_pyghmi.py
if context.is_module_imported_like(module):
return bandit.Issue(
severity=bandit.MEDIUM,
confidence=bandit.MEDIUM,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there no CWE for this?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I resurrected this old commit from @stannum-l as a way to get the issue resolved. Yep, it'll need further work.

ericwb
ericwb commented Feb 6, 2022
View reviewed changes
README.rst
@@ -224,6 +224,7 @@ Usage::
B412 import_httpoxy
B413 import_pycrypto
B414 import_pycryptodome
B415 pyghmi
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
B415 pyghmi

@ericwb
Copy link
Member Author

ericwb commented Feb 7, 2022

Created a better PR in #803

@ericwb ericwb closed this Feb 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sigmavirus24 sigmavirus24 sigmavirus24 left review comments

@ghugo ghugo Awaiting requested review from ghugo

@lukehinds lukehinds Awaiting requested review from lukehinds

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

New plugin to check for use of pyghmi
3 participants
@ericwb @sigmavirus24 @stannum-l