>/iZ SSKrSSKrSSKrSSKJr SSKJr Sr\R"SR\5\R5r Sr \R"S5\R"S5S 55r\R"S 5\R"S 5S 55r\R"S 5\R"S5S55rg)N)issue)test_propertiesz-(pas+wo?r?d|pass(phrase)?|pwd|token|secrete?)z(^{0}$|_{0}_|^{0}_|_{0}$)c[R"[R[R[R R SUS3S9$)NzPossible hardcoded password: '')severity confidencecwetext)banditIssueLOWMEDIUMrCweHARD_CODED_PASSWORD)values c/home/james-whalen/.local/lib/python3.13/site-packages/bandit/plugins/general_hardcoded_password.py_reportrs: <<== II ) )-eWA 6  StrB105c URn[UR[R5(aURR Hn[U[R 5(a;[RUR5(a[UR5s $[U[R5(dM~[RUR5(dM[UR5s $ g[UR[R5(a[RUR5(aURRn[U[R5(as[UR[R5(aI[URR[ 5(a[URR5$ggg[UR[R"5(a[RUR5(aURRRn[U[R5(as[UR[R5(aI[URR[ 5(a[URR5$ggg[UR[R$5(GaURn[UR&[R 5(a[RUR&R5(a|[UR(S[R5(aO[UR(SR[ 5(a"[UR(SR5$ggg[UR&[R5(a[RUR&R5(a|[UR(S[R5(aO[UR(SR[ 5(a"[UR(SR5$ggggg)a**B105: Test for use of hard-coded password strings** The use of hard-coded passwords increases the possibility of password guessing tremendously. This plugin test looks for all string literals and checks the following conditions: - assigned to a variable that looks like a password - assigned to a dict key that looks like a password - assigned to a class attribute that looks like a password - used in a comparison with a variable that looks like a password Variables are considered to look like a password if they have match any one of: - "password" - "pass" - "passwd" - "pwd" - "secret" - "token" - "secrete" Note: this can be noisy and may generate false positives. **Config Options:** None :Example: .. code-block:: none >> Issue: Possible hardcoded password '(root)' Severity: Low Confidence: Low CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html) Location: ./examples/hardcoded-passwords.py:5 4 def someFunction2(password): 5 if password == "root": 6 print("OK, logged in") .. seealso:: - https://www.owasp.org/index.php/Use_of_hard-coded_password - https://cwe.mitre.org/data/definitions/259.html .. versionadded:: 0.9.0 .. versionchanged:: 1.7.3 CWE information added rN)node isinstance_bandit_parentastAssigntargetsName RE_CANDIDATESsearchidrr Attributeattr SubscriptConstantstrIndexCompareleft comparators)contextrtargassigncomps rhardcoded_password_stringr/s_l <> Issue: [B106:hardcoded_password_funcarg] Possible hardcoded password: 'blerg' Severity: Low Confidence: Medium CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html) Location: ./examples/hardcoded-passwords.py:16 15 16 doLogin(password="blerg") .. seealso:: - https://www.owasp.org/index.php/Use_of_hard-coded_password - https://cwe.mitre.org/data/definitions/259.html .. versionadded:: 0.9.0 .. versionchanged:: 1.7.3 CWE information added N) rkeywordsrrrr%r&rr argr)r+kws rhardcoded_password_funcargr6skfll## rxx . .288>>3//$$RVV,,288>>* * $r FunctionDefB107c4S/[URRR5[URRR5- -nUR URRR5 [ URRRU5Hup#[ U[R[R45(dM6Ub,[ U[R5(aURcMg[ U[R5(dM[ UR[5(dM[RUR5(dM[UR5s $ g)a**B107: Test for use of hard-coded password argument defaults** The use of hard-coded passwords increases the possibility of password guessing tremendously. This plugin test looks for all function definitions that specify a default string literal for some argument. It checks that the argument does not look like a password. Variables are considered to look like a password if they have match any one of: - "password" - "pass" - "passwd" - "pwd" - "secret" - "token" - "secrete" Note: this can be noisy and may generate false positives. We do not report on None values which can be legitimately used as a default value, when initializing a function or class. **Config Options:** None :Example: .. code-block:: none >> Issue: [B107:hardcoded_password_default] Possible hardcoded password: 'Admin' Severity: Low Confidence: Medium CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html) Location: ./examples/hardcoded-passwords.py:1 1 def someFunction(user, password="Admin"): 2 print("Hi " + user) .. seealso:: - https://www.owasp.org/index.php/Use_of_hard-coded_password - https://cwe.mitre.org/data/definitions/259.html .. versionadded:: 0.9.0 .. versionchanged:: 1.7.3 CWE information added N)lenrargsdefaultsextendziprrrr4r%rr&rr r)r+defskeyvals rhardcoded_password_defaultrBsp 6 GLL   " "#c',,*;*;*D*D&EE D KK !!**+ ))..5 cCHHcgg. / /{3 --#))2C3 --syy#..!((11syy))6r)rrer bandit.corerrtestRE_WORDScompileformat IGNORECASErrcheckstest_idr/r6rBrrrMs  / : &&x0"-- Ufg>g>TVf7+7+t]fH*H*r