PyCQA/bandit

yaml_load should not be B5xx cryptography group

Open

#306 opened on May 14, 2018

View on GitHub
 (1 comment) (0 reactions) (0 assignees)Python (559 forks)batch import
buggood first issue

Repository metrics

Stars
 (5,660 stars)
PR merge metrics
 (Avg merge 11h 55m) (1 merged PR in 30d)

Description

Describe the bug The yaml_load plugin has bandit ID B506. The 5xx group according to [1] is defined as the group for cryptography. This plugin would be more appropriate as a type of injection B6xx

To Reproduce n/a

Expected behavior n/a

Bandit version

bandit 1.4.0

Additional context Add any other context about the problem here.

Contributor guide