Suspicious file name found settings.py is a bad rule #284
Description
I quite often get a FATAL error for CIS-DI-0010 because of settings.py used in my projects.
FATAL - CIS-DI-0010: Do not store credential in environment variables/files
* Suspicious filename found : app/.pixi/envs/prod/lib/python3.12/site-packages/h2/settings.py (You can suppress it with "-af settings.py")
FATAL - CIS-DI-0010: Do not store credential in environment variables/files
* Suspicious filename found : app/.pixi/envs/prod/lib/python3.12/site-packages/jedi/settings.py (You can suppress it with "-af settings.py")
* Suspicious filename found : app/.pixi/envs/prod/lib/python3.12/site-packages/pydeck/settings.py (You can suppress it with "-af settings.py")
* Suspicious filename found : app/.pixi/envs/prod/lib/python3.12/site-packages/h2/settings.py (You can suppress it with "-af settings.py")
This is IMO a bad default as there is nothing wrong with calling a file "settings.py".
While i was using dockle, i noticed a couple of libraries using "settings.py" as a filename, among others:
- h2, 40 million downloads per month
- pydeck 11 million downloads per month
- jedi 79 million downloads per month
In almost every third container, i need to exclude this file because settings.py is a widely used filename and i'm vendoring other packages.
Please consider removing this file name for CIS-DI-0010