Skip to content

Suspicious file name found settings.py is a bad rule #284

Description

@pavelzw

I quite often get a FATAL error for CIS-DI-0010 because of settings.py used in my projects.

FATAL	- CIS-DI-0010: Do not store credential in environment variables/files
	* Suspicious filename found : app/.pixi/envs/prod/lib/python3.12/site-packages/h2/settings.py (You can suppress it with "-af settings.py")
FATAL	- CIS-DI-0010: Do not store credential in environment variables/files
	* Suspicious filename found : app/.pixi/envs/prod/lib/python3.12/site-packages/jedi/settings.py (You can suppress it with "-af settings.py")
	* Suspicious filename found : app/.pixi/envs/prod/lib/python3.12/site-packages/pydeck/settings.py (You can suppress it with "-af settings.py")
	* Suspicious filename found : app/.pixi/envs/prod/lib/python3.12/site-packages/h2/settings.py (You can suppress it with "-af settings.py")

This is IMO a bad default as there is nothing wrong with calling a file "settings.py".

While i was using dockle, i noticed a couple of libraries using "settings.py" as a filename, among others:

In almost every third container, i need to exclude this file because settings.py is a widely used filename and i'm vendoring other packages.
Please consider removing this file name for CIS-DI-0010

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions