.bandit.yml

### Bandit config file generated from:
# 'bandit-config-generator -o .bandit.yml'

### This config may optionally select a subset of tests to run or skip by
### filling out the 'tests' and 'skips' lists given below. If no tests are
### specified for inclusion then it is assumed all tests are desired. The skips
### set will remove specific tests from the include set. This can be controlled
### using the -t/-s CLI options. Note that the same test ID should not appear
### in both 'tests' and 'skips', this would be nonsensical and is detected by
### Bandit at runtime.

# Available tests:
# B101 : assert_used
# B102 : exec_used
# B103 : set_bad_file_permissions
# B104 : hardcoded_bind_all_interfaces
# B105 : hardcoded_password_string
# B106 : hardcoded_password_funcarg
# B107 : hardcoded_password_default
# B108 : hardcoded_tmp_directory
# B110 : try_except_pass
# B112 : try_except_continue
# B201 : flask_debug_true
# B301 : pickle
# B302 : marshal
# B303 : md5
# B304 : ciphers
# B305 : cipher_modes
# B306 : mktemp_q
# B307 : eval
# B308 : mark_safe
# B309 : httpsconnection
# B310 : urllib_urlopen
# B311 : random
# B312 : telnetlib
# B313 : xml_bad_cElementTree
# B314 : xml_bad_ElementTree
# B315 : xml_bad_expatreader
# B316 : xml_bad_expatbuilder
# B317 : xml_bad_sax
# B318 : xml_bad_minidom
# B319 : xml_bad_pulldom
# B320 : xml_bad_etree
# B321 : ftplib
# B323 : unverified_context
# B324 : hashlib_new_insecure_functions
# B325 : tempnam
# B401 : import_telnetlib
# B402 : import_ftplib
# B403 : import_pickle
# B404 : import_subprocess
# B405 : import_xml_etree
# B406 : import_xml_sax
# B407 : import_xml_expat
# B408 : import_xml_minidom
# B409 : import_xml_pulldom
# B410 : import_lxml
# B411 : import_xmlrpclib
# B412 : import_httpoxy
# B413 : import_pycrypto
# B501 : request_with_no_cert_validation
# B502 : ssl_with_bad_version
# B503 : ssl_with_bad_defaults
# B504 : ssl_with_no_version
# B505 : weak_cryptographic_key
# B506 : yaml_load
# B507 : ssh_no_host_key_verification
# B601 : paramiko_calls
# B602 : subprocess_popen_with_shell_equals_true
# B603 : subprocess_without_shell_equals_true
# B604 : any_other_function_with_shell_equals_true
# B605 : start_process_with_a_shell
# B606 : start_process_with_no_shell
# B607 : start_process_with_partial_path
# B608 : hardcoded_sql_expressions
# B609 : linux_commands_wildcard_injection
# B610 : django_extra_used
# B611 : django_rawsql_used
# B701 : jinja2_autoescape_false
# B702 : use_of_mako_templates
# B703 : django_mark_safe

# (optional) list included test IDs here, eg '[B101, B406]':
# tests:

# (optional) list skipped test IDs here, eg '[B101, B406]':
# Disable subprocess_without_shell_equals_true to avoid accidentally silencing more serious errors
skips: [B603]

### (optional) plugin settings - some test plugins require configuration data
### that may be given here, per-plugin. All bandit test plugins have a built in
### set of sensible defaults and these will be used if no configuration is
### provided. It is not necessary to provide settings for every (or any) plugin
### if the defaults are acceptable.

assert_used:
  skips: ['tests/*']
ssl_with_bad_defaults:
  bad_protocol_versions:
  - PROTOCOL_SSLv2
  - PROTOCOL_SSLv3
  - PROTOCOL_TLSv1
  - PROTOCOL_TLSv1_1
  - SSLv2_METHOD
  - SSLv23_METHOD
  - SSLv3_METHOD
  - TLSv1_METHOD
  - TLSv1_1_METHOD
ssl_with_bad_version:
  bad_protocol_versions:
  - PROTOCOL_SSLv2
  - PROTOCOL_SSLv3
  - PROTOCOL_TLSv1
  - PROTOCOL_TLSv1_1
  - SSLv2_METHOD
  - SSLv23_METHOD
  - SSLv3_METHOD
  - TLSv1_METHOD
  - TLSv1_1_METHOD
try_except_continue:
  check_typed_exception: false
try_except_pass:
  check_typed_exception: false
weak_cryptographic_key:
  weak_key_size_dsa_high: 2047
  weak_key_size_dsa_medium: 3071
  weak_key_size_ec_high: 223
  weak_key_size_ec_medium: 255
  weak_key_size_rsa_high: 2047
  weak_key_size_rsa_medium: 3071