pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
py-bandit: Update to 1.6.2
Module Name: pkgsrc-wip
Committed By: Leonardo Taccari <leot%NetBSD.org@localhost>
Pushed By: leot
Date: Tue Dec 17 12:43:02 2019 +0100
Changeset: 7daae4c05a38de8107c1c8c8693a3cd76fbdbc89
Modified Files:
py-bandit/Makefile
py-bandit/PLIST
py-bandit/distinfo
Log Message:
py-bandit: Update to 1.6.2
Changes:
1.6.2
-----
* Performance fix (#502)
1.6.1
-----
* add test for regression and fix directory exclusion without wildcards (#489)
* add namespaces for parent attributes (#492)
1.6.0
-----
* Remove pycryptodome blacklist (#470)
* updated readme links for debugger
* Interpret wildcards in the file exclusion list (#450)
* Redo logo on the README
* Revert "Update python documentation links for version 3 counterparts"
* Update python documentation links for version 3 counterparts
* Fix context class (#449)
* Fix typo in README
* check if ast.JoinedStr exists before using it
* Fix ResourceWarning: unclosed file
* Fix DeprecationWarning: invalid escape sequence
* Add a readthedocs build status badge
* Supporting CSafeLoader in yaml.load plugin (#436)
* Remove paramiko invoke\_shell and fix example (#377)
* Bump PyYAML minimum version to 3.13 (#432)
* Fix sql injection check for f-strings
* Fix terminal colors not displaying properly on Windows
* Add missing custom formatter doc (#406) (#421)
* Fix pep8
* Fix ast.arg check on python2
* Add passphrase as password detection
* Fix more info line to be in color also (#408)
* Remove unneeded trailing paren in link
* 394 Describe baseline and it's usage in README
* Fix B611 doc title
* Add pre-commit config
* Fix Pylint warning W0612: use of unused variables (#389)
* Allow failures on dev branch of Python 3.8
* No need to skip R0204: redefined-variable-type
* fix pep8
* fix comments on #387
* Properly handle nosec strings in code
* Fix line max chars
* Fix pep8 Issue #386
* Proposed solution for #386
* Add option -q, --quiet, --silent to hide output
* Add release drafter template (#382)
* Fix custom format argument handling (#380)
1.5.1
-----
* Adding test case for traversal crash
* New plugin to check for ignoring host keys
* Fixed crash on dynamic import traversal (#369)
1.5.0
-----
* Change ver 1.4.1 references to 1.5.0
* Add external documentation references (#368)
* Add more\_info URL to csv formatter (#361)
* Add support to run bandit as python -m bandit
* Add more\_info URL to screen formatter (#360)
* Add more\_info URL to text output (#359)
* Update Feature\_request.md
* Update Feature\_request.md
* Update Bug\_report.md
* Add experimental Python 3.8-dev to test with (#337)
* Report dill usage (#347)
* Add more\_info URL to XML output (#354)
* Re-eanble functional tests as part of CI (#348)
* Use html.escape() instead of cgi.escape()
* Repair some broken see also links in the doc
* Add subprocess.run to B602
* Add Python 3.7 support (#327)
* fix pep8 line length issues
* add os.tempnam() / os.tmpnam() to blacklist
* Remove openstack specific utils.exec checks
* Add development status classifier
* Enable travis to run pylint and pep8 tox env
* Fix doc #310
* Add doc and version
* Fix code review
* Fast fix for #286
* Remove issue comment
* Improve add shell=True detecction
* Example for shell kwarg
* Fix wording (deprecated -> removed)
* Leave a message explaining that these plugins have been deprecated
* Remove OpenStack-specific plugins
* Add missing documentation link for B703
* Use bandit.readthedocs.io in setup.cfg
* Add PyCryptodome to import blacklists
* Add missing B413 import\_pycrypto in README
* Update the doc links, remove openstack
* Add a smaller logo that works with the README rst
* Delete license
* added apache license
* Delete license
* Added logo design
* added logo license
* Delete issue\_template.md
* Update issue templates to new GitHub format
* Add detection for Django XSS
* Fix pep8
* Add Django SQL injection
* Remove integration test playbooks
* Show support for Python 3.6
* Add a build status badge to the README
* Create an issue template for the project
* Remove the unused integration tests
* Create a code of conduct
* Align with tox.ini python versions
* Remove nightly and others for now
* Adds basic .travis.yaml
* Changing Copyright to Bandit, Developers
* Correcting copyright change
* Migrate to new PyPI website
* Changes OpenStack specifics to PyCQA
* Stop using slave\_scripts/install-distro-packages.sh
* Add bindep.txt file
* Add bandit ID to prefix of more\_info link
* add lower-constraints job
* Updated from global requirements
* Typo in the name of the YAML formatter test
* Updated from global requirements
* Updated from global requirements
* Updated from global requirements
* Fix false positives for pyCrypto
* Add pycrypto to blacklist
* Zuul: Remove project name
* Add more\_info URL to the YAML output
* Sort the complete plugin list
* Fix infinite loop issue
* Update docs links
* Updated from global requirements
* Updated from global requirements
* Updated from global requirements
* Update hacking requirement
* Update documentation
* Add more\_info URL to the JSON output
* Add module loaded through importlib
* Create doc/requirements.txt
* Avoid tox\_install.sh for constraints support
* Migrate to zuul V3
* Remove extra section from README.rst
* Updated from global requirements
* Remove setting of version/release from releasenotes
* Migrate to stestr
* Custom formatter
* Allow specifying targets in ini file
* Plugin to flag insecure hash functions created using hashlib.new()
* Cleanup test-requirements
* [Trivialfix]Fix typos
* Remove unused None from dict.get()
* Add .idea to .gitignore
* Incorrect Test ID in docstring
* Adds simple handler to provide failed line numbers
* Updated from global requirements
* Do not flag new way of escaping in jinja2 plugin
* Fixed order of arguments in assertEqual
* Updated from global requirements
* Add Apache License Content in index.rst
* Updated from global requirements
* Enable some off-by-default checks
* Updated from global requirements
* Updated from global requirements
* Updated from global requirements
* Optimize the link address
* Replace six.iteritems() with .items()
* Blacklist call of ssl.\_create\_unverified\_context
* Correct the yaml doc example to be actually yaml
* Enable coverage report in console output
* Updated from global requirements
* Updated from global requirements
* Yet Another Formatter (yaml)
* Repair the more info links for two blacklist calls
* Docs for B319 listed twice
* Add sha-1 to list of insecure hashes
* Refactor check\_example to be clearer on error
* Dump bandit config file lists vertically
* Allow config for high and medium severity key sizes
* HTTPSConnection is secure in newer Python
* Updated from global requirements
* Typo fix: targetting => targeting
* Use https for references to openstack.org
* Alter SQL injection plugin to consider .format strings
* Add Cryptodome to blacklist and weak ciphers/hash
* Alter SQL Injection plugin SQL check
1.4.0
-----
* Fixing some UTF8 encoding issues in file names
* Fix up nits in the README and other files
* Drop redundant dict call
* Removing 'stats' from JSON output formatter
* Fixing partial path detection for Windows
* Add Constraints support
* Make Bandit's HTML report pass markup validation
* Remove checking for special characters in shells
* Add functional tests for B308, B321, and B402
* Handle curve keyword arg weak\_cryptographic\_key
* Typo in calls doc for input call
* Fix LOG marker to follow the Python 3 guideline
* Fix pylint too-many-return-statements errors
1.3.0
-----
* Fixing B502 and B503 developer docs
* Fix pylint old-style-class errors
* Add capability to pipe a file into bandit
* Fix for pylint no-self-use error
* Show team and repo badges on README
* Detect binary output file (txt/html)
* Replace 'assertFalse(a in b)' with 'assertNotIn(a, b)'
* Don't include openstack/common in flake8 exclude list
* Trivial fixes based on pylint scan
* Fix typo in test\_set.py
* Replace 'assertTrue(a in b)' with 'assertIn(a, b)'
1.2.0
-----
* Updated from global requirements
* Updated from global requirements
* Fix unit tests for newest GitPython
* Fix blacklist filtering
* Replace 'MagicMock' with 'Mock'
* Use qualname list to avoid false positive on load()
* Enable release notes translation
* Updated from global requirements
* Updated from global requirements
* Updated from global requirements
* Updated from global requirements
* Fix a typo in test\_set.py
* Update flake8 ignore list
* Fix typos in config.py & utils.py
* Adding "input()" to the blacklist calls list
* Small typo fix 'balcklist' in docstring
* Enforce no star-imports since code complies
* Fix remaining object imports and enforce the rule
* Clean imports in code
* Fix order of arguments in assertEqual
* Update defusedxml notification
* Skip key checks where size is not constant
* Show help when arguments are missing
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=7daae4c05a38de8107c1c8c8693a3cd76fbdbc89
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
py-bandit/Makefile | 9 ++++-----
py-bandit/PLIST | 30 ++++++++++++++++++++++++------
py-bandit/distinfo | 8 ++++----
3 files changed, 32 insertions(+), 15 deletions(-)
diffs:
diff --git a/py-bandit/Makefile b/py-bandit/Makefile
index 4212a09b64..80f3bef28b 100644
--- a/py-bandit/Makefile
+++ b/py-bandit/Makefile
@@ -1,6 +1,6 @@
# $NetBSD$
-DISTNAME= bandit-1.1.0
+DISTNAME= bandit-1.6.2
PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
CATEGORIES= security python
MASTER_SITES= ${MASTER_SITE_PYPI:=b/bandit/}
@@ -10,11 +10,10 @@ HOMEPAGE= https://wiki.openstack.org/wiki/Security/Projects/Bandit
COMMENT= Security oriented static analyser for python code
LICENSE= apache-2.0
-DEPENDS+= ${PYPKGPREFIX}-pbr>=1.3.0:../../devel/py-pbr
+DEPENDS+= ${PYPKGPREFIX}-git>=1.0.1:../../wip/py-git
DEPENDS+= ${PYPKGPREFIX}-six>=1.10.0:../../lang/py-six
-DEPENDS+= ${PYPKGPREFIX}-yaml>=3.1.0:../../textproc/py-yaml
-DEPENDS+= ${PYPKGPREFIX}-appdirs>=1.4.0:../../devel/py-appdirs
-DEPENDS+= ${PYPKGPREFIX}-stevedore>=1.7.0:../../devel/py-stevedore
+DEPENDS+= ${PYPKGPREFIX}-stevedore>=1.20.0:../../devel/py-stevedore
+DEPENDS+= ${PYPKGPREFIX}-yaml>=3.13:../../textproc/py-yaml
USE_LANGUAGES= # none
diff --git a/py-bandit/PLIST b/py-bandit/PLIST
index 83f221693c..a336c70717 100644
--- a/py-bandit/PLIST
+++ b/py-bandit/PLIST
@@ -13,6 +13,9 @@ ${PYSITELIB}/${EGG_INFODIR}/top_level.txt
${PYSITELIB}/bandit/__init__.py
${PYSITELIB}/bandit/__init__.pyc
${PYSITELIB}/bandit/__init__.pyo
+${PYSITELIB}/bandit/__main__.py
+${PYSITELIB}/bandit/__main__.pyc
+${PYSITELIB}/bandit/__main__.pyo
${PYSITELIB}/bandit/blacklists/__init__.py
${PYSITELIB}/bandit/blacklists/__init__.pyc
${PYSITELIB}/bandit/blacklists/__init__.pyo
@@ -91,6 +94,9 @@ ${PYSITELIB}/bandit/formatters/__init__.pyo
${PYSITELIB}/bandit/formatters/csv.py
${PYSITELIB}/bandit/formatters/csv.pyc
${PYSITELIB}/bandit/formatters/csv.pyo
+${PYSITELIB}/bandit/formatters/custom.py
+${PYSITELIB}/bandit/formatters/custom.pyc
+${PYSITELIB}/bandit/formatters/custom.pyo
${PYSITELIB}/bandit/formatters/html.py
${PYSITELIB}/bandit/formatters/html.pyc
${PYSITELIB}/bandit/formatters/html.pyo
@@ -103,9 +109,15 @@ ${PYSITELIB}/bandit/formatters/screen.pyo
${PYSITELIB}/bandit/formatters/text.py
${PYSITELIB}/bandit/formatters/text.pyc
${PYSITELIB}/bandit/formatters/text.pyo
+${PYSITELIB}/bandit/formatters/utils.py
+${PYSITELIB}/bandit/formatters/utils.pyc
+${PYSITELIB}/bandit/formatters/utils.pyo
${PYSITELIB}/bandit/formatters/xml.py
${PYSITELIB}/bandit/formatters/xml.pyc
${PYSITELIB}/bandit/formatters/xml.pyo
+${PYSITELIB}/bandit/formatters/yaml.py
+${PYSITELIB}/bandit/formatters/yaml.pyc
+${PYSITELIB}/bandit/formatters/yaml.pyo
${PYSITELIB}/bandit/plugins/__init__.py
${PYSITELIB}/bandit/plugins/__init__.pyc
${PYSITELIB}/bandit/plugins/__init__.pyo
@@ -118,12 +130,15 @@ ${PYSITELIB}/bandit/plugins/asserts.pyo
${PYSITELIB}/bandit/plugins/crypto_request_no_cert_validation.py
${PYSITELIB}/bandit/plugins/crypto_request_no_cert_validation.pyc
${PYSITELIB}/bandit/plugins/crypto_request_no_cert_validation.pyo
+${PYSITELIB}/bandit/plugins/django_sql_injection.py
+${PYSITELIB}/bandit/plugins/django_sql_injection.pyc
+${PYSITELIB}/bandit/plugins/django_sql_injection.pyo
+${PYSITELIB}/bandit/plugins/django_xss.py
+${PYSITELIB}/bandit/plugins/django_xss.pyc
+${PYSITELIB}/bandit/plugins/django_xss.pyo
${PYSITELIB}/bandit/plugins/exec.py
${PYSITELIB}/bandit/plugins/exec.pyc
${PYSITELIB}/bandit/plugins/exec.pyo
-${PYSITELIB}/bandit/plugins/exec_as_root.py
-${PYSITELIB}/bandit/plugins/exec_as_root.pyc
-${PYSITELIB}/bandit/plugins/exec_as_root.pyo
${PYSITELIB}/bandit/plugins/general_bad_file_permissions.py
${PYSITELIB}/bandit/plugins/general_bad_file_permissions.pyc
${PYSITELIB}/bandit/plugins/general_bad_file_permissions.pyo
@@ -136,6 +151,9 @@ ${PYSITELIB}/bandit/plugins/general_hardcoded_password.pyo
${PYSITELIB}/bandit/plugins/general_hardcoded_tmp.py
${PYSITELIB}/bandit/plugins/general_hardcoded_tmp.pyc
${PYSITELIB}/bandit/plugins/general_hardcoded_tmp.pyo
+${PYSITELIB}/bandit/plugins/hashlib_new_insecure_functions.py
+${PYSITELIB}/bandit/plugins/hashlib_new_insecure_functions.pyc
+${PYSITELIB}/bandit/plugins/hashlib_new_insecure_functions.pyo
${PYSITELIB}/bandit/plugins/injection_paramiko.py
${PYSITELIB}/bandit/plugins/injection_paramiko.pyc
${PYSITELIB}/bandit/plugins/injection_paramiko.pyo
@@ -157,9 +175,9 @@ ${PYSITELIB}/bandit/plugins/jinja2_templates.pyo
${PYSITELIB}/bandit/plugins/mako_templates.py
${PYSITELIB}/bandit/plugins/mako_templates.pyc
${PYSITELIB}/bandit/plugins/mako_templates.pyo
-${PYSITELIB}/bandit/plugins/secret_config_option.py
-${PYSITELIB}/bandit/plugins/secret_config_option.pyc
-${PYSITELIB}/bandit/plugins/secret_config_option.pyo
+${PYSITELIB}/bandit/plugins/ssh_no_host_key_verification.py
+${PYSITELIB}/bandit/plugins/ssh_no_host_key_verification.pyc
+${PYSITELIB}/bandit/plugins/ssh_no_host_key_verification.pyo
${PYSITELIB}/bandit/plugins/try_except_continue.py
${PYSITELIB}/bandit/plugins/try_except_continue.pyc
${PYSITELIB}/bandit/plugins/try_except_continue.pyo
diff --git a/py-bandit/distinfo b/py-bandit/distinfo
index 7bb99b5d84..eff23a3d8d 100644
--- a/py-bandit/distinfo
+++ b/py-bandit/distinfo
@@ -1,6 +1,6 @@
$NetBSD$
-SHA1 (bandit-1.1.0.tar.gz) = f23632cdd61d59533caabe6381a830e71f3654c1
-RMD160 (bandit-1.1.0.tar.gz) = c0af9a906404ba7530c641835752a5a00b445200
-SHA512 (bandit-1.1.0.tar.gz) = 0344be4c98b4f1df056761f7735fa0b23dc234c64ca0090d3e665899905eaac9d49750a7ebe6f7f9e4c39d07f3c2cb0d653cc65c0e56dfadac0caeac5799af94
-Size (bandit-1.1.0.tar.gz) = 135333 bytes
+SHA1 (bandit-1.6.2.tar.gz) = 6bba4dbaa3232a3edbacacac9558c0695afae530
+RMD160 (bandit-1.6.2.tar.gz) = ee8fe03518cf75da38cdeb649438e0d5b6b21e94
+SHA512 (bandit-1.6.2.tar.gz) = 9facce98411ceb9e33e5a978ca4aad2dab541ffe215e480806ac921b7f7067572445d8e32e8d473ef30bb57155b72b2ffd4e06d458a3da82e2a9fb1b1d8a4b9f
+Size (bandit-1.6.2.tar.gz) = 498567 bytes
Home |
Main Index |
Thread Index |
Old Index