B106: hardcoded_password_funcarg
- bandit.plugins.general_hardcoded_password.hardcoded_password_funcarg(context)[source]
B106: Test for use of hard-coded password function arguments
The use of hard-coded passwords increases the possibility of password guessing tremendously. This plugin test looks for all function calls being passed a keyword argument that is a string literal. It checks that the assigned local variable does not look like a password.
Variables are considered to look like a password if they have match any one of:
“password”
“pass”
“passwd”
“pwd”
“secret”
“token”
“secrete”
Note: this can be noisy and may generate false positives.
Config Options:
None
- Example:
>> Issue: [B106:hardcoded_password_funcarg] Possible hardcoded password: 'blerg' Severity: Low Confidence: Medium CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html) Location: ./examples/hardcoded-passwords.py:16 15 16 doLogin(password="blerg")
See also
Added in version 0.9.0.
Changed in version 1.7.3: CWE information added