* Fix #490 -- Fix performance issue introduced in 1.6.0

The lines were introduced in 7c4b9fa8
and have two effects. First they cause `get_issue_list` to run twice and before
the user receives feedback that bandit started running. Secondly it does not
display any output if no issues are found, which is an unintended behavior change.

* add namespaces for parent attributes

* pylint formatting changes

* made bandit_parent a private attr

* temporary fix; perf issue only on quiet

* update perf issue

* add test for regression and fix directory exclusion without wildcards
* fix pep8 errors
* add support for directory exclusion without trailing slashes
* extend exclusion test for backwards compat with 1.5.1 and add fix
* fix pep8 errors
* fix styling
* fix styling
* fix styling

* add namespaces for parent attributes

* pylint formatting changes

* made bandit_parent a private attr

* Remove pycryptodome from import blacklist

pycryptodome appears to be actively maintained, as opposed to pycrypto.

Unless there is a noted security issue with not using it, this removes
the blanket blacklist on the library. Any insecure hashes/ciphers/etc.
that the library provides will still be reported as per other libraries.

* [functional-tests]
- repurpose blacklist test to verify that pycryptodome is no longer blacklisted

* - fix flake8 line too long

* [flake8]
- misunderstood what flake8 was complaining about.

old links were dead

This allows to specify wildcards in the excluded files list, which in
turns makes it possible to use Bandit in projects where test files are
not in a separate repository, but have just a name prefixed with test_
(as is common with Pytest).

* bandit.core.manager: reuse _matches_glob_list for exclusion list
* fix pep8: remove superfluous blank line
* update documentation: -x accepts glob patterns
* add failing test showing that exclude file globs are not supported

Redo logo on the README

The current logo looks a little odd having a graphic with the text
underneath.  I think it will look a little nicer and cleaner by
moving the text to the right side of the graphic.

Signed-off-by: Eric Brown <browne@vmware.com>

Update python documentation links for version 3 counterparts

The python 2 links are kept when in make sense.

* fix bugs
* improve _context access
* change _ast to ast
* fix typo

Fix typo in README

ast.JoinedStr is new in Python3.6 (it's f-strings), it does not exist in Pythons below that

Password

Signed-off-by: Mickaël Schoentgen <contact@tiger-222.fr>

Signed-off-by: Mickaël Schoentgen <contact@tiger-222.fr>

#394 Describe baseline and it's usage in README

Properly handle nosec strings in code

* supporting CSafeLoader in yaml.load plugin
* pylint
* adding tests

Paramiko's invoke_shell function does not take a command argument
even though the Bandit example implied that. It simply opens a stream
for communicating with a shell. Therefore, it should not be flagged
as part of the Bandit scan.

The current example of paramiko command injection does not properly
create an instance of the SSHClient before calling the functions
on the client. Instead it's calling the functions statically which
is not proper syntax.

This patches updates the plugin and example. Bandit, however, is
still functioning properly to detect the improper use of exec_command().

Fixes Issue #375

Signed-off-by: Eric Brown <browne@vmware.com>

The minimum version for Python 3.7 to work with PyYAML is 3.13.

See:
https://github.com/yaml/pyyaml/issues/126



Fixes: #409

Signed-off-by: Eric Brown <browne@vmware.com>

* [Fix for PyCQA#427]
- added check for f-string sql injection
- added test

* [flake8]
- fix flake8 issues

* [review-items]
- move sys import
- change version -> version_info. This wasn't doing the right thing before.
- check for versions below 3.6 first, all versions greater check for f strings

* [feedback]
- be more sensible about versions

* Add missing custom formatter doc (#406)

* Add custom.rst to docs source
* Fix custom formatter docstring