Fix a reported bug when bandit encounters "__import__()"

Parsing "__import__()" results in an exception from the test blacklist_import_func, since it assumes the the call will have a parameter. Calling __import__ without a parameter is not valid python, however this bug has been seen in the wild. Change-Id: Ia9476f19fa0b571c71a7410152e95757543ec5ea Closes-bug: 1396333
2014-11-26 16:22:05 +00:00 · 2014-11-26 16:22:05 +00:00 · 8ba353603f
commit 8ba353603f
parent f1404db46f
2 changed files with 6 additions and 2 deletions
--- a/bandit/plugins/blacklist_imports.py
+++ b/bandit/plugins/blacklist_imports.py
@ -42,7 +42,7 @@ def blacklist_import_func(context, config):
            # item 0=import, 1=message, 2=level
            if check[0]:
                for im in check[0]:
-                    if im == context.call_args[0]:
+                    if len(context.call_args) and im == context.call_args[0]:
                        return _get_result(check, im)


@ -110,4 +110,4 @@ def _get_result(check, im):
    elif check[2] == 'INFO':
        level = bandit.INFO

-    return level, "%s" % message
+    return level, "%s" % message
--- a/examples/imports-function.py
+++ b/examples/imports-function.py
@ -2,3 +2,7 @@ os = __import__("os")
 pickle = __import__("pickle")
 sys = __import__("sys")
 subprocess = __import__("subprocess")
+
+# this has been reported in the wild, though it's invalid python
+# see bug https://bugs.launchpad.net/bandit/+bug/1396333
+__import__()