Bandit does not identify hard coded password for DB connection variable

[ahsisti]

Describe the bug

I added the following line to a blank test.py file and did run bandit test.py and it was not detected any vulnerability.

Possible hardcoded password: iP0F3@s&9H_l12@XvGhj

connection = ("DATABASE=TEST;HOSTNAME=127.0.0.0;PORT=50000;UID=login;PWD=iP0F3@s&9H_l12@XvGhj", "", "")

Results from bandit:

Reproduction steps

1.Create a test.py file
2.Add the following line of code 
# Possible hardcoded password: iP0F3@s&9H_l12@XvGhj
connection = ("DATABASE=TEST;HOSTNAME=127.0.0.0;PORT=50000;UID=login;PWD=iP0F3@s&9H_l12@XvGhj", "", "")
3.Save the file
4.Run **bandit test.py**
...

Expected behavior

As per what I expected, bandit should have identified PWD=iP0F3@s&9H_l12@XvGhj inside the line of code as a potential vulnerability

Bandit version

1.7.4 (Default)

Python version

3.8

Additional context

python3 -m bandit --version ─╯ main.py 1.7.4 python version = 3.8.2 (default, Apr 8 2021, 23:19:18) [Clang 12.0.5 (clang-1205.0.22.9)]

[JeremyVriens]

@ahsisti this looks more like a new feature to me. Looking at the general_hardcoded_password plugin it doesn't check for the content of the string (source: https://github.com/PyCQA/bandit/blob/main/bandit/plugins/general_hardcoded_password.py)