lyft / bandit-high-entropy-string Goto Github PK

A high entropy string plugin for OpenStack's bandit project

License: Apache License 2.0

Python 98.53% Makefile 1.47%

bandit-high-entropy-string's Issues

AttributeError: 'module' object has no attribute 'gen_config'

Thank you for making this very interesting plugin. I'm trying to use it in my project, but I'm getting a strange error whenever I install the plugin. In a virtual environment with Python 2.7.10 on OSX:

$ pip install bandit
Successfully installed bandit-1.0.1

$ bandit -r .
[main]  INFO    profile include tests: None
[main]  INFO    profile exclude tests: None
[main]  INFO    cli include tests: None
[main]  INFO    cli exclude tests: None
[main]  INFO    running on Python 2.7.10
< ... continues running fine ... >

$ pip install bandit-high-entropy-string
Successfully installed bandit-high-entropy-string-2.0.1

$ bandit -r .
[main]  INFO    profile include tests: None
[main]  INFO    profile exclude tests: None
[main]  INFO    cli include tests: None
[main]  INFO    cli exclude tests: None
Traceback (most recent call last):
  File "/<path_to_virtual_env>/bin/bandit", line 11, in <module>
    sys.exit(main())
  File "/<path_to_virtual_env>/lib/python2.7/site-packages/bandit/cli/main.py", line 304, in main
    ignore_nosec=args.ignore_nosec)
  File "/<path_to_virtual_env>/lib/python2.7/site-packages/bandit/core/manager.py", line 65, in __init__
    self.b_ts = b_test_set.BanditTestSet(config, profile)
  File "/<path_to_virtual_env>/lib/python2.7/site-packages/bandit/core/test_set.py", line 37, in __init__
    self._load_tests(config, self.plugins)
  File "/<path_to_virtual_env>/lib/python2.7/site-packages/bandit/core/test_set.py", line 93, in _load_tests
    cfg = genner.gen_config(plugin.plugin._takes_config)
AttributeError: 'module' object has no attribute 'gen_config'

Please let me know if there is anything I can do to help get to the bottom of this!

Switch to zxcvbn-python

Seems we're using a weird zxcvbn library that's not dropbox's primary version. We should be using this instead:

https://pypi.python.org/pypi/zxcvbn-python

Strings which match patterns in both LOW_SECRET_HINTS and HIGH_SECRET_HINTS are given a 'High' classification.

This means if you have two patterns which match the same string (ex. patterns 'tok' and 'token' both match 'token') that string will be given a High classification due to the duplicate match. This can lead to innocuous strings being overclassified.

Unable to source plugin

Hi, I am attempting to use this plugin, but running into an issue. I followed the installation instructions and setup a fresh bandit.yml file containing just:

# Test inclusion for newer versions of bandit
tests:
  # high_entropy_funcdef
  - BHES100
  # high_entropy_funcarg
  - BHES101
  # high_entropy_iter
  - BHES102
  # high_entropy_assign
  - BHES103

Then I run:

bandit -c bandit.yml -r ~/projects/mytestproject/

but this is the output:

(.env)  me@computer ~/Downloads/bandit-high-entropy-strings > bandit -c bandit.yml -r ~/projects/mytestproject/                                                         
[main]	INFO	profile include tests: BHES100,BHES103,BHES101,BHES102
[main]	INFO	profile exclude tests: None
[main]	INFO	cli include tests: None
[main]	INFO	cli exclude tests: None
[main]	ERROR	Unknown test found in profile: BHES100

How do I make bandit aware of the new plugin?

lyft / bandit-high-entropy-string Goto Github PK

bandit-high-entropy-string's Issues

AttributeError: 'module' object has no attribute 'gen_config'

Switch to zxcvbn-python

Strings which match patterns in both LOW_SECRET_HINTS and HIGH_SECRET_HINTS are given a 'High' classification.

Unable to source plugin

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs