Issues - duncanmmacleod/requests-ecp

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

        assert auth.password == "mypasswd"

Found in requests_ecp/tests/test_auth.py by bandit

Exclude checks
- Disable engine
- Disable check

Possible hardcoded password: 'passwd'
Open

            session.auth = self.TEST_CLASS(
                idp="test",
                username="user",
                password="passwd",

Found in requests_ecp/tests/test_auth.py by bandit

Exclude checks
- Disable engine
- Disable check

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

        assert isinstance(auth, HTTPBasicAuth)

Found in requests_ecp/tests/test_auth.py by bandit

Exclude checks
- Disable engine
- Disable check

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

        assert isinstance(auth, HTTPBasicAuth)

Found in requests_ecp/tests/test_auth.py by bandit

Exclude checks
- Disable engine
- Disable check

Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.
Open

from lxml import etree

Found in requests_ecp/tests/test_ecp.py by bandit

Exclude checks
- Disable engine
- Disable check

Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.
Open

from lxml import etree

Found in requests_ecp/ecp.py by bandit

Exclude checks
- Disable engine
- Disable check

Possible hardcoded password: 'passwd'
Open

        with self.TEST_CLASS(
            idp="https://idp.example.com/profile/SAML2/SOAP/ECP",
            kerberos=False,
            username="user",
            password="passwd",

Found in requests_ecp/tests/test_session.py by bandit

Exclude checks
- Disable engine
- Disable check

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

        assert auth.username == "user"

Found in requests_ecp/tests/test_auth.py by bandit

Exclude checks
- Disable engine
- Disable check

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

        assert auth.password == "passwd"

Found in requests_ecp/tests/test_auth.py by bandit

Exclude checks
- Disable engine
- Disable check

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

        assert isinstance(auth, HTTPBasicAuth)

Found in requests_ecp/tests/test_auth.py by bandit

Exclude checks
- Disable engine
- Disable check

Possible hardcoded password: 'passwd'
Open

            session.auth = self.TEST_CLASS(
                idp="test",
                username="user",
                password="passwd",

Found in requests_ecp/tests/test_auth.py by bandit

Exclude checks
- Disable engine
- Disable check

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

        assert session.auth._num_ecp_auth

Found in requests_ecp/tests/test_auth.py by bandit

Exclude checks
- Disable engine
- Disable check

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

    assert requests_ecp_auth.is_gitlab_auth_redirect(resp)

Found in requests_ecp/tests/test_auth.py by bandit

Exclude checks
- Disable engine
- Disable check

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

        assert auth.username == "me"

Found in requests_ecp/tests/test_auth.py by bandit

Exclude checks
- Disable engine
- Disable check

duncanmmacleod/requests-ecp

Showing 34 of 34 total issues

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Possible hardcoded password: 'passwd'
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.
Open

Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.
Open

Possible hardcoded password: 'passwd'
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Possible hardcoded password: 'passwd'
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Severity

Category

Status

Source

Language

duncanmmacleod/requests-ecp

Showing 34 of 34 total issues

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open

Possible hardcoded password: 'passwd' Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open

Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package. Open

Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package. Open

Possible hardcoded password: 'passwd' Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open

Possible hardcoded password: 'passwd' Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open

Severity

Category

Status

Source

Language

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Possible hardcoded password: 'passwd'
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.
Open

Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.
Open

Possible hardcoded password: 'passwd'
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Possible hardcoded password: 'passwd'
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open