PyCQA/bandit

yaml_load should not be B5xx cryptography group

Open

#306 创建于 2018年5月14日

在 GitHub 查看
 (1 评论) (0 反应) (0 负责人)Python (5,660 star) (559 fork)batch import
buggood first issue

描述

Describe the bug The yaml_load plugin has bandit ID B506. The 5xx group according to [1] is defined as the group for cryptography. This plugin would be more appropriate as a type of injection B6xx

To Reproduce n/a

Expected behavior n/a

Bandit version

bandit 1.4.0

Additional context Add any other context about the problem here.

贡献者指南

技术栈
python
领域
securitybackend
议题类型
bug
难度面向新贡献者的预计实现难度,1 表示很小改动,5 表示专家级工作。
2
预计时间有经验贡献者完成调查、实现、测试并准备 pull request 的粗略时间范围。
under 1 hour
活动状态议题当前的可参与程度:新鲜、活跃、陈旧、阻塞或等待维护者输入。
stale
清晰度议题是否清楚说明期望改动、验收标准和下一步。
clear
前置要求
bandit plugin ID systemPython
新手友好度1-100 的估计分数,表示该议题对首次贡献者的友好程度。
75
研究方向
The yaml load plugin currently uses bandit ID B506, which falls under the cryptography group (B5xx). According to the issue, it should be under injection (B6xx). To fix, locate the plugin definition in bandit/plugins/yaml load.py and change the 'id' field from 'B506' to an appropriate B6xx ID (e.g., B601) and update any related test files. Check the bandit documentation for existing B6xx IDs to avoid duplication. No further discussion or PRs exist; the change is straightforward and isolated.