Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-bandit for openSUSE:Factory checked in at 2026-02-10 21:13:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-bandit (Old) and /work/SRC/openSUSE:Factory/.python-bandit.new.1670 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-bandit" Tue Feb 10 21:13:14 2026 rev:20 rq:1332240 version:1.9.3 Changes: -------- --- /work/SRC/openSUSE:Factory/python-bandit/python-bandit.changes 2025-11-27 15:23:27.433777410 +0100 +++ /work/SRC/openSUSE:Factory/.python-bandit.new.1670/python-bandit.changes 2026-02-10 21:13:58.815479333 +0100 @@ -1,0 +2,13 @@ +Tue Feb 10 11:18:37 UTC 2026 - John Paul Adrian Glaubitz <[email protected]> + +- Update to 1.9.3 + * Bump actions/checkout from 5 to 6 by @dependabot[bot] in (#1334) + * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in (#1335) + * Fix B608 to detect VALUES( without space by @kfess in (#1337) + * Add check for hardcoded passwords in dicts. by @alanverresen in (#1338) + * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in (#1341) + * Update tox tests for Python 3.10 by @willschlitzer in (#1346) + * Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @dependabot[bot] in (#1347) + * Limit B614 to torch.load deserializers by @dibussoc in (#1348) + +------------------------------------------------------------------- Old: ---- bandit-1.9.2.tar.gz New: ---- bandit-1.9.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-bandit.spec ++++++ --- /var/tmp/diff_new_pack.kyOPVl/_old 2026-02-10 21:13:59.435505314 +0100 +++ /var/tmp/diff_new_pack.kyOPVl/_new 2026-02-10 21:13:59.439505482 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-bandit # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -34,7 +34,7 @@ %bcond_without builddocs %{?sle15_python_module_pythons} Name: python-bandit -Version: 1.9.2 +Version: 1.9.3 Release: 0 Summary: Security oriented static analyser for Python code License: Apache-2.0 ++++++ bandit-1.9.2.tar.gz -> bandit-1.9.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/.github/workflows/build-publish-image.yml new/bandit-1.9.3/.github/workflows/build-publish-image.yml --- old/bandit-1.9.2/.github/workflows/build-publish-image.yml 2025-11-23 22:35:40.000000000 +0100 +++ new/bandit-1.9.3/.github/workflows/build-publish-image.yml 2026-01-19 05:04:48.000000000 +0100 @@ -26,12 +26,12 @@ echo "RELEASE_TAG=$TAG" >> $GITHUB_ENV - name: Check out the repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 with: ref: ${{ github.event_name == 'release' && github.ref || env.RELEASE_TAG }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 - name: Log in to GitHub Container Registry uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/.github/workflows/dependency-review.yml new/bandit-1.9.3/.github/workflows/dependency-review.yml --- old/bandit-1.9.2/.github/workflows/dependency-review.yml 2025-11-23 22:35:40.000000000 +0100 +++ new/bandit-1.9.3/.github/workflows/dependency-review.yml 2026-01-19 05:04:48.000000000 +0100 @@ -9,6 +9,6 @@ runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: 'Dependency Review' uses: actions/dependency-review-action@v4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/.github/workflows/publish-to-pypi.yml new/bandit-1.9.3/.github/workflows/publish-to-pypi.yml --- old/bandit-1.9.2/.github/workflows/publish-to-pypi.yml 2025-11-23 22:35:40.000000000 +0100 +++ new/bandit-1.9.3/.github/workflows/publish-to-pypi.yml 2026-01-19 05:04:48.000000000 +0100 @@ -10,7 +10,7 @@ # IMPORTANT: this permission is mandatory for trusted publishing id-token: write steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Python 3.10 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/.github/workflows/publish-to-test-pypi.yml new/bandit-1.9.3/.github/workflows/publish-to-test-pypi.yml --- old/bandit-1.9.2/.github/workflows/publish-to-test-pypi.yml 2025-11-23 22:35:40.000000000 +0100 +++ new/bandit-1.9.3/.github/workflows/publish-to-test-pypi.yml 2026-01-19 05:04:48.000000000 +0100 @@ -10,7 +10,7 @@ # IMPORTANT: this permission is mandatory for trusted publishing id-token: write steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Python 3.10 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/.github/workflows/pythonpackage.yml new/bandit-1.9.3/.github/workflows/pythonpackage.yml --- old/bandit-1.9.2/.github/workflows/pythonpackage.yml 2025-11-23 22:35:40.000000000 +0100 +++ new/bandit-1.9.3/.github/workflows/pythonpackage.yml 2026-01-19 05:04:48.000000000 +0100 @@ -10,7 +10,7 @@ python-version: ["3.10"] steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v6 with: @@ -29,7 +29,7 @@ python-version: ["3.10"] steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 2 - name: Set up Python ${{ matrix.python-version }} @@ -58,7 +58,7 @@ name: ${{ matrix.os }} (${{ matrix.python-version[0] }}) steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Set up Python ${{ matrix.python-version[0] }} uses: actions/setup-python@v6 with: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/.pre-commit-config.yaml new/bandit-1.9.3/.pre-commit-config.yaml --- old/bandit-1.9.2/.pre-commit-config.yaml 2025-11-23 22:35:40.000000000 +0100 +++ new/bandit-1.9.3/.pre-commit-config.yaml 2026-01-19 05:04:48.000000000 +0100 @@ -13,12 +13,12 @@ - id: reorder-python-imports args: [--application-directories, '.:src', --py38-plus] - repo: https://github.com/psf/black-pre-commit-mirror - rev: 25.11.0 + rev: 25.12.0 hooks: - id: black args: [--line-length=79, --target-version=py38] - repo: https://github.com/asottile/pyupgrade - rev: v3.21.1 + rev: v3.21.2 hooks: - id: pyupgrade args: [--py38-plus] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/AUTHORS new/bandit-1.9.3/AUTHORS --- old/bandit-1.9.2/AUTHORS 2025-11-23 22:36:04.000000000 +0100 +++ new/bandit-1.9.3/AUTHORS 2026-01-19 05:05:09.000000000 +0100 @@ -1,6 +1,7 @@ Aaron Loo <[email protected]> Aaron Ludwin <[email protected]> Adam Benali <[email protected]> +Alan Verresen <[email protected]> Alexander Gaev <[email protected]> Ali Pirqarehbaghi <[email protected]> Andreas Jaeger <[email protected]> @@ -27,6 +28,7 @@ Carlos Duelo <[email protected]> Chandra Ganguly <[email protected]> Charles Neill <[email protected]> +Chris DiBussolo <[email protected]> Christopher Goes <[email protected]> Christopher J Schaefer <[email protected]> Costa Paraskevopoulos <[email protected]> @@ -167,6 +169,7 @@ Walter Purcaro <[email protected]> Wil T <[email protected]> Wilberto Morales <[email protected]> +Will Schlitzer <[email protected]> Yassine Ilmi <[email protected]> Yassine Ilmi <[email protected]> Yenthe Van Ginneken <[email protected]> @@ -185,6 +188,7 @@ ghugo <[email protected]> glyphack <[email protected]> hparekh <[email protected]> +kfess <[email protected]> lhinds <[email protected]> lhinds <[email protected]> lioplhp <[email protected]> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/CONTRIBUTING.md new/bandit-1.9.3/CONTRIBUTING.md --- old/bandit-1.9.2/CONTRIBUTING.md 2025-11-23 22:35:40.000000000 +0100 +++ new/bandit-1.9.3/CONTRIBUTING.md 2026-01-19 05:04:48.000000000 +0100 @@ -69,7 +69,7 @@ pip install tox tox run -e pep8 tox run -e format -tox run -e py39 +tox run -e py310 tox run -e docs tox run -e cover ``` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/ChangeLog new/bandit-1.9.3/ChangeLog --- old/bandit-1.9.2/ChangeLog 2025-11-23 22:36:04.000000000 +0100 +++ new/bandit-1.9.3/ChangeLog 2026-01-19 05:05:09.000000000 +0100 @@ -1,6 +1,18 @@ CHANGES ======= +1.9.3 +----- + +* Limit B614 to torch.load deserializers (#1348) +* Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#1347) +* Update tox tests for Python 3.10 (#1346) +* [pre-commit.ci] pre-commit autoupdate (#1341) +* Add check for hardcoded passwords in dicts. (#1338) +* Fix B608 to detect \`VALUES(\` without space (#1337) +* [pre-commit.ci] pre-commit autoupdate (#1335) +* Bump actions/checkout from 5 to 6 (#1334) + 1.9.2 ----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/PKG-INFO new/bandit-1.9.3/PKG-INFO --- old/bandit-1.9.2/PKG-INFO 2025-11-23 22:36:05.340152700 +0100 +++ new/bandit-1.9.3/PKG-INFO 2026-01-19 05:05:10.336733600 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.4 Name: bandit -Version: 1.9.2 +Version: 1.9.3 Summary: Security oriented static analyser for python code. Home-page: https://bandit.readthedocs.io/ Author: PyCQA diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/bandit/plugins/general_hardcoded_password.py new/bandit-1.9.3/bandit/plugins/general_hardcoded_password.py --- old/bandit-1.9.2/bandit/plugins/general_hardcoded_password.py 2025-11-23 22:35:40.000000000 +0100 +++ new/bandit-1.9.3/bandit/plugins/general_hardcoded_password.py 2026-01-19 05:04:48.000000000 +0100 @@ -89,6 +89,18 @@ ): return _report(node.value) + elif ( + isinstance(node._bandit_parent, ast.Dict) + and node in node._bandit_parent.keys + and RE_CANDIDATES.search(node.value) + ): + # looks for "{'candidate': 'some_string'}" + dict_node = node._bandit_parent + pos = dict_node.keys.index(node) + value_node = dict_node.values[pos] + if isinstance(value_node, ast.Constant): + return _report(value_node.value) + elif isinstance( node._bandit_parent, ast.Subscript ) and RE_CANDIDATES.search(node.value): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/bandit/plugins/injection_sql.py new/bandit-1.9.3/bandit/plugins/injection_sql.py --- old/bandit-1.9.2/bandit/plugins/injection_sql.py 2025-11-23 22:35:40.000000000 +0100 +++ new/bandit-1.9.3/bandit/plugins/injection_sql.py 2026-01-19 05:04:48.000000000 +0100 @@ -74,7 +74,7 @@ SIMPLE_SQL_RE = re.compile( r"(select\s.*from\s|" r"delete\s+from\s|" - r"insert\s+into\s.*values\s|" + r"insert\s+into\s.*values[\s(]|" r"update\s.*set\s)", re.IGNORECASE | re.DOTALL, ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/bandit/plugins/pytorch_load.py new/bandit-1.9.3/bandit/plugins/pytorch_load.py --- old/bandit-1.9.2/bandit/plugins/pytorch_load.py 2025-11-23 22:35:40.000000000 +0100 +++ new/bandit-1.9.3/bandit/plugins/pytorch_load.py 2026-01-19 05:04:48.000000000 +0100 @@ -6,9 +6,10 @@ B614: Test for unsafe PyTorch load ================================== -This plugin checks for unsafe use of `torch.load`. Using `torch.load` with -untrusted data can lead to arbitrary code execution. There are two safe -alternatives: +This plugin checks for unsafe use of `torch.load` and +`torch.serialization.load`. Using `torch.load` or +`torch.serialization.load` with untrusted data can lead to arbitrary +code execution. There are two safe alternatives: 1. Use `torch.load` with `weights_only=True` where only tensor data is extracted, and no arbitrary Python objects are deserialized @@ -24,7 +25,7 @@ >> Issue: Use of unsafe PyTorch load Severity: Medium Confidence: High - CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html) + CWE: CWE-502 (https://cwe.mitre.org/data/definitions/502.html) Location: examples/pytorch_load_save.py:8 7 loaded_model.load_state_dict(torch.load('model_weights.pth')) 8 another_model.load_state_dict(torch.load('model_weights.pth', @@ -34,7 +35,7 @@ .. seealso:: - - https://cwe.mitre.org/data/definitions/94.html + - https://cwe.mitre.org/data/definitions/502.html - https://pytorch.org/docs/stable/generated/torch.load.html#torch.load - https://github.com/huggingface/safetensors @@ -50,23 +51,18 @@ @test.test_id("B614") def pytorch_load(context): """ - This plugin checks for unsafe use of `torch.load`. Using `torch.load` - with untrusted data can lead to arbitrary code execution. The safe - alternative is to use `weights_only=True` or the safetensors library. + This plugin checks for unsafe use of `torch.load` and + `torch.serialization.load`. Using `torch.load` or + `torch.serialization.load` with untrusted data can lead to + arbitrary code execution. The safe alternative is to use + `weights_only=True` or the safetensors library. """ imported = context.is_module_imported_exact("torch") qualname = context.call_function_name_qual if not imported and isinstance(qualname, str): return - qualname_list = qualname.split(".") - func = qualname_list[-1] - if all( - [ - "torch" in qualname_list, - func == "load", - ] - ): + if qualname in {"torch.load", "torch.serialization.load"}: # For torch.load, check if weights_only=True is specified weights_only = context.get_call_arg_value("weights_only") if weights_only == "True" or weights_only is True: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/bandit.egg-info/PKG-INFO new/bandit-1.9.3/bandit.egg-info/PKG-INFO --- old/bandit-1.9.2/bandit.egg-info/PKG-INFO 2025-11-23 22:36:05.000000000 +0100 +++ new/bandit-1.9.3/bandit.egg-info/PKG-INFO 2026-01-19 05:05:10.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.4 Name: bandit -Version: 1.9.2 +Version: 1.9.3 Summary: Security oriented static analyser for python code. Home-page: https://bandit.readthedocs.io/ Author: PyCQA diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/bandit.egg-info/pbr.json new/bandit-1.9.3/bandit.egg-info/pbr.json --- old/bandit-1.9.2/bandit.egg-info/pbr.json 2025-11-23 22:36:05.000000000 +0100 +++ new/bandit-1.9.3/bandit.egg-info/pbr.json 2026-01-19 05:05:10.000000000 +0100 @@ -1 +1 @@ -{"git_version": "ea0d187", "is_release": false} \ No newline at end of file +{"git_version": "765f00d", "is_release": false} \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/doc/build/man/bandit.1 new/bandit-1.9.3/doc/build/man/bandit.1 --- old/bandit-1.9.2/doc/build/man/bandit.1 2025-11-23 22:36:03.000000000 +0100 +++ new/bandit-1.9.3/doc/build/man/bandit.1 2026-01-19 05:05:08.000000000 +0100 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "BANDIT" "1" "Nov 23, 2025" "" "Bandit" +.TH "BANDIT" "1" "Jan 19, 2026" "" "Bandit" .SH NAME bandit \- Python source code security analyzer .SH SYNOPSIS @@ -238,6 +238,6 @@ .SH AUTHOR PyCQA .SH COPYRIGHT -2025, Bandit Developers +2026, Bandit Developers .\" Generated by docutils manpage writer. . diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/examples/hardcoded-passwords.py new/bandit-1.9.3/examples/hardcoded-passwords.py --- old/bandit-1.9.2/examples/hardcoded-passwords.py 2025-11-23 22:35:40.000000000 +0100 +++ new/bandit-1.9.3/examples/hardcoded-passwords.py 2026-01-19 05:04:48.000000000 +0100 @@ -87,3 +87,19 @@ default='', secret=True, ) + +# Possible hardcoded password: 'pass' +# Severity: Low Confidence: Medium +# https://github.com/PyCQA/bandit/issues/313 +log({"server": server, "password": 'pass', "user": user}) + +# ... but not: +log({"server": server, "password": password, "user": user}) + +# Possible hardcoded password: '12345' +# Severity: Low Confidence: Medium +# https://github.com/PyCQA/bandit/issues/1267 +info = {"password": "12345"} + +# ... but not: +info = {"password": password} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/examples/pytorch_load.py new/bandit-1.9.3/examples/pytorch_load.py --- old/bandit-1.9.2/examples/pytorch_load.py 2025-11-23 22:35:40.000000000 +0100 +++ new/bandit-1.9.3/examples/pytorch_load.py 2026-01-19 05:04:48.000000000 +0100 @@ -24,3 +24,7 @@ # Example of loading with both map_location and weights_only=True (should NOT trigger B614) safe_cpu_model = models.resnet18() safe_cpu_model.load_state_dict(torch.load('model_weights.pth', map_location='cpu', weights_only=True)) + +# Example of a torch.*.load call that should NOT trigger B614 +# Only pickle deserializers should trigger B614 +torch.utils.cpp_extension.load(name="example_ext", sources=[]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/examples/sql_statements.py new/bandit-1.9.3/examples/sql_statements.py --- old/bandit-1.9.2/examples/sql_statements.py 2025-11-23 22:35:40.000000000 +0100 +++ new/bandit-1.9.3/examples/sql_statements.py 2026-01-19 05:04:48.000000000 +0100 @@ -3,6 +3,7 @@ # bad query = "SELECT * FROM foo WHERE id = '%s'" % identifier query = "INSERT INTO foo VALUES ('a', 'b', '%s')" % value +query = "INSERT INTO foo VALUES('a', 'b', '%s')" % value query = "DELETE FROM foo WHERE id = '%s'" % identifier query = "UPDATE foo SET value = 'b' WHERE id = '%s'" % identifier query = """WITH cte AS (SELECT x FROM foo) @@ -15,6 +16,7 @@ # bad cur.execute("SELECT * FROM foo WHERE id = '%s'" % identifier) cur.execute("INSERT INTO foo VALUES ('a', 'b', '%s')" % value) +cur.execute("INSERT INTO foo VALUES('a', 'b', '%s')" % value) cur.execute("DELETE FROM foo WHERE id = '%s'" % identifier) cur.execute("UPDATE foo SET value = 'b' WHERE id = '%s'" % identifier) # bad alternate forms @@ -26,11 +28,13 @@ cur.execute(f"SELECT {column_name} FROM foo WHERE id = 1") cur.execute(f"SELECT {a + b} FROM foo WHERE id = 1") cur.execute(f"INSERT INTO {table_name} VALUES (1)") +cur.execute(f"INSERT INTO {table_name} VALUES(1)") cur.execute(f"UPDATE {table_name} SET id = 1") # good cur.execute("SELECT * FROM foo WHERE id = '%s'", identifier) cur.execute("INSERT INTO foo VALUES ('a', 'b', '%s')", value) +cur.execute("INSERT INTO foo VALUES('a', 'b', '%s')", value) cur.execute("DELETE FROM foo WHERE id = '%s'", identifier) cur.execute("UPDATE foo SET value = 'b' WHERE id = '%s'", identifier) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.9.2/tests/functional/test_functional.py new/bandit-1.9.3/tests/functional/test_functional.py --- old/bandit-1.9.2/tests/functional/test_functional.py 2025-11-23 22:35:40.000000000 +0100 +++ new/bandit-1.9.3/tests/functional/test_functional.py 2026-01-19 05:04:48.000000000 +0100 @@ -168,8 +168,8 @@ def test_hardcoded_passwords(self): """Test for hard-coded passwords.""" expect = { - "SEVERITY": {"UNDEFINED": 0, "LOW": 14, "MEDIUM": 0, "HIGH": 0}, - "CONFIDENCE": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 14, "HIGH": 0}, + "SEVERITY": {"UNDEFINED": 0, "LOW": 16, "MEDIUM": 0, "HIGH": 0}, + "CONFIDENCE": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 16, "HIGH": 0}, } self.check_example("hardcoded-passwords.py", expect) @@ -408,13 +408,13 @@ "SEVERITY": { "UNDEFINED": 0, "LOW": 0, - "MEDIUM": 20, + "MEDIUM": 23, "HIGH": 0, }, "CONFIDENCE": { "UNDEFINED": 0, - "LOW": 10, - "MEDIUM": 10, + "LOW": 11, + "MEDIUM": 12, "HIGH": 0, }, }
