search

PyCQA / bandit

Bandit is a tool designed to find common security issues in Python code.
https://bandit.readthedocs.io
Apache License 2.0
6.52k stars 612 forks source link

Resolve #714 #946

Closed meuzgebre closed 1 year ago

meuzgebre commented 2 years ago

Don't give a warning when a password variable is assigned an empty value.

password = ""

The above should not be reported as a warning.

Resolve: #714

lukehinds commented 1 year ago

I think this is better covered by using a nosec as in general not setting a password is an insecure setting.

sigmavirus24 commented 1 year ago

Maybe this should be a different error though? Without greater context, it's possible you're providing a default password that disables authn/authz on a service and that's a problem we should alert on with low confidence