)]}'
{"bandit.yaml":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"6e93a5df71bc36a7b84a256a1343e44198175ae8","unresolved":false,"context_lines":[{"line_number":50,"context_line":"            message: \u003e"},{"line_number":51,"context_line":"                Pickle library appears to be in use, possible security issue."},{"line_number":52,"context_line":"        - marshal:"},{"line_number":53,"context_line":"            qualnames: [marshal.load, marshal.loads]"},{"line_number":54,"context_line":"            message: \u003e"},{"line_number":55,"context_line":"                Deserialization with the marshal module is possibly dangerous."},{"line_number":56,"context_line":"        - md5:"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"9a68dd71_5b799afb","line":53,"range":{"start_line":53,"start_character":23,"end_line":53,"end_character":52},"updated":"2016-01-21 02:34:31.000000000","message":"shouldn\u0027t this be in the same format as the above pickle modules? \n\n    - marshal:\n        qualnames:\n            - marshal.load\n            - marshal.loads","commit_id":"31be5db62ce1e7bfeb952c2c8c7d8390f076de0b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"6e93a5df71bc36a7b84a256a1343e44198175ae8","unresolved":false,"context_lines":[{"line_number":144,"context_line":"                insecure. Use SSH or some other encrypted protocol."},{"line_number":145,"context_line":"            level: HIGH"},{"line_number":146,"context_line":"        # Most of this is based off of Christian Heimes\u0027 work on defusedxml:"},{"line_number":147,"context_line":"        #   https://pypi.python.org/pypi/defusedxml/#defusedxml-sax"},{"line_number":148,"context_line":"        - xml_bad_cElementTree:"},{"line_number":149,"context_line":"            qualnames:"},{"line_number":150,"context_line":"                - xml.etree.cElementTree.parse"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"9a68dd71_9b771202","line":147,"range":{"start_line":147,"start_character":10,"end_line":147,"end_character":12},"updated":"2016-01-21 02:34:31.000000000","message":"nit: could tighten up the spacing here and remove a couple whitespace characters.","commit_id":"31be5db62ce1e7bfeb952c2c8c7d8390f076de0b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"6e93a5df71bc36a7b84a256a1343e44198175ae8","unresolved":false,"context_lines":[{"line_number":201,"context_line":"                - xml.dom.pulldom.parse"},{"line_number":202,"context_line":"                - xml.dom.pulldom.parseString"},{"line_number":203,"context_line":"            message: \u003e"},{"line_number":204,"context_line":"                Using {func} to parse untrusted XML data is known to be"},{"line_number":205,"context_line":"                vulnerable to XML attacks. Replace {func} with its defusedxml"},{"line_number":206,"context_line":"                equivalent function."},{"line_number":207,"context_line":"        - xml_bad_etree:"},{"line_number":208,"context_line":"            qualnames:"},{"line_number":209,"context_line":"                - lxml.etree.parse"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"9a68dd71_9b4e32c0","line":206,"range":{"start_line":204,"start_character":16,"end_line":206,"end_character":36},"updated":"2016-01-21 02:34:31.000000000","message":"This seems to be the same outcome/message as all of the above, just a different {func} - is there a way to group them?","commit_id":"31be5db62ce1e7bfeb952c2c8c7d8390f076de0b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"6e93a5df71bc36a7b84a256a1343e44198175ae8","unresolved":false,"context_lines":[{"line_number":273,"context_line":"            imports: [pickle, cPickle, subprocess, Crypto]"},{"line_number":274,"context_line":"            level: LOW"},{"line_number":275,"context_line":"            message: \u003e"},{"line_number":276,"context_line":"                Consider possible security implications associated with"},{"line_number":277,"context_line":"                {module} module."},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"        # Most of this is based off of Christian Heimes\u0027 work on defusedxml:"},{"line_number":280,"context_line":"        #   https://pypi.python.org/pypi/defusedxml/#defusedxml-sax"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"9a68dd71_fbd88ef1","line":277,"range":{"start_line":276,"start_character":16,"end_line":277,"end_character":32},"updated":"2016-01-21 02:34:31.000000000","message":"It would be nice if these messages could point to the \"security implications\".","commit_id":"31be5db62ce1e7bfeb952c2c8c7d8390f076de0b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"6e93a5df71bc36a7b84a256a1343e44198175ae8","unresolved":false,"context_lines":[{"line_number":277,"context_line":"                {module} module."},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"        # Most of this is based off of Christian Heimes\u0027 work on defusedxml:"},{"line_number":280,"context_line":"        #   https://pypi.python.org/pypi/defusedxml/#defusedxml-sax"},{"line_number":281,"context_line":""},{"line_number":282,"context_line":"        - xml_libs:"},{"line_number":283,"context_line":"            imports:"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"9a68dd71_bbe2169e","line":280,"range":{"start_line":280,"start_character":10,"end_line":280,"end_character":12},"updated":"2016-01-21 02:34:31.000000000","message":"nit: could remove a couple of these spaces.","commit_id":"31be5db62ce1e7bfeb952c2c8c7d8390f076de0b"}]}