openstack/bandit
Code Issues Proposed changes

Enabling PEP8 tests in tox and re-working source to comply

Browse Source 
Change-Id: Ia75aea24419fdef92aa81b213bd5178b2718f716
This commit is contained in:
Tim Kelsey 2014-10-23 13:15:14 +01:00
parent 8e6697b063
commit d764198ae1
31 changed files with 431 additions and 409 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -5,3 +5,5 @@
.tox
.testrepository
build/*
cover/*
.cover

2
AUTHORS
View File

@ -3,9 +3,11 @@ Base / Framework
Jamie Finnigan <jamie.finnigan@hp.com>
Nathan Kinder <nkinder@redhat.com>
Travis McPeak <travis.mcpeak@hp.com>
Tim Kelsey <tim.kelsey@hp.com>
Plugins
-------
Jamie Finnigan <jamie.finnigan@hp.com>
Nathan Kinder <nkinder@redhat.com>
Travis McPeak <travis.mcpeak@hp.com>
Tim Kelsey <tim.kelsey@hp.com>

40
bandit/__init__.py
View File

@ -2,26 +2,26 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from core import config
from core import context
from core import manager
from core import meta_ast
from core import node_visitor
from core import result_store
from core import test_set
from core import tester
from core import utils
from core.constants import *
from core.test_selector import *
from core import config # noqa
from core import context # noqa
from core import manager # noqa
from core import meta_ast # noqa
from core import node_visitor # noqa
from core import result_store # noqa
from core import test_set # noqa
from core import tester # noqa
from core import utils # noqa
from core.constants import * # noqa
from core.test_selector import * # noqa

24
bandit/bandit.py
View File

@ -1,25 +1,27 @@
#!/usr/bin/env python
# -*- coding:utf-8 -*-
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import argparse
from core import manager as b_manager
default_test_config = 'bandit.yaml'
def main():
parser = argparse.ArgumentParser(
description='Bandit - a Python source code analyzer.'

40
bandit/core/__init__.py
View File

@ -2,26 +2,26 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import config
import context
import manager
import meta_ast
import node_visitor
import result_store
import test_set
import tester
import utils
from constants import *
from test_selector import *
import config # noqa
import context # noqa
import manager # noqa
import meta_ast # noqa
import node_visitor # noqa
import result_store # noqa
import test_set # noqa
import tester # noqa
import utils # noqa
from constants import * # noqa
from test_selector import * # noqa

53
bandit/core/config.py
View File

@ -2,20 +2,21 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import sys
import constants
import sys
import yaml
@ -26,9 +27,9 @@ class BanditConfig():
_settings = dict()
def __init__(self, logger, config_file):
'''
Attempt to initialize a config dictionary from a yaml file, error out
if this fails for any reason.
'''Attempt to initialize a config dictionary from a yaml file.
Error out if loading the yaml file fails for any reason.
:param logger: Logger to be used in the case of errors
:param config_file: The Bandit yaml config file
:return: -
@ -48,8 +49,8 @@ class BanditConfig():
self._init_settings()
def get_option(self, option_string):
'''
Returns the option from the config specified by the option_string.
'''Returns the option from the config specified by the option_string.
'.' can be used to denote levels, for example to retrieve the options
from the 'a' profile you can use 'profiles.a'
:param option_string: The string specifying the option to retrieve
@ -81,14 +82,15 @@ class BanditConfig():
@property
def config(self):
'''
Property to return the config dictionary
'''Property to return the config dictionary
:return: Config dictionary
'''
return self._config
def _init_settings(self):
'''
'''This function calls a set of other functions (one per setting)
This function calls a set of other functions (one per setting) to build
out the _settings dictionary. Each other function will set values from
the config (if set), otherwise use defaults (from constants if
@ -101,16 +103,15 @@ class BanditConfig():
self._init_plugin_name_pattern()
def _init_progress_increment(self):
'''
sets settings['progress'] from default or config file
'''
'''Sets settings['progress'] from default or config file.'''
progress = constants.progress_increment
if self.get_option('show_progress_every'):
progress = self.get_option('show_progress_every')
self._settings['progress'] = progress
def _init_output_colors(self):
'''
'''Sets the settings colors
sets settings['color_xxx'] where xxx is DEFAULT, HEADER, INFO, WARN,
ERROR
'''
@ -137,18 +138,14 @@ class BanditConfig():
self._settings[settings_string] = color_settings[color]
def _init_plugins_dir(self):
'''
sets settings['plugins_dir'] from default or config file
'''
'''Sets settings['plugins_dir'] from default or config file.'''
plugins_dir = constants.plugins_dir
if self.get_option('plugins_dir'):
plugins_dir = self.get_option('plugins_dir')
self._settings['plugins_dir'] = plugins_dir
def _init_plugin_name_pattern(self):
'''
sets settings['plugin_name_pattern'] from default or config file
'''
'''Sets settings['plugin_name_pattern'] from default or config file.'''
plugin_name_pattern = constants.plugin_name_pattern
if self.get_option('plugin_name_pattern'):
plugin_name_pattern = self.get_option('plugin_name_pattern')

21
bandit/core/constants.py
View File

@ -2,20 +2,21 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os
from distutils.sysconfig import get_python_lib
import os
# default output text colors
color = {

76
bandit/core/context.py
View File

@ -2,26 +2,27 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import _ast
import utils
class Context():
def __init__(self, context_object=None):
'''
Initialize the class with a context, empty dict otherwise
'''Initialize the class with a context, empty dict otherwise
:param context_object: The context object to create class from
:return: -
'''
@ -32,7 +33,8 @@ class Context():
@property
def call_args(self):
'''
'''Get a list of function args
:return: A list of function args
'''
args = []
@ -45,7 +47,8 @@ class Context():
@property
def call_args_count(self):
'''
'''Get the number of args a function call has
:return: The number of args a function call has
'''
if hasattr(self._context['call'], 'args'):
@ -55,7 +58,8 @@ class Context():
@property
def call_args_string(self):
'''
'''Get a string representation of the call arguments
:return: Returns a string representation of the call arguments
'''
if 'call' in self._context and hasattr(self._context, 'args'):
@ -65,7 +69,8 @@ class Context():
@property
def call_function_name(self):
'''
'''Get the name (not FQ) of a function call
:return: The name (not FQ) of a function call
'''
if 'name' in self._context:
@ -75,7 +80,8 @@ class Context():
@property
def call_function_name_qual(self):
'''
'''Get the FQ name of a function call
:return: The FQ name of a function call
'''
if 'qualname' in self._context:
@ -85,7 +91,8 @@ class Context():
@property
def call_keywords(self):
'''
'''Get a dictionary of keyword parameters
:return: A dictionary of keyword parameters for a call as strings
'''
if (
@ -104,7 +111,8 @@ class Context():
@property
def node(self):
'''
'''Get the raw AST node associated with the context
:return: The raw AST node associated with the context
'''
if 'node' in self._context:
@ -114,7 +122,8 @@ class Context():
@property
def string_val(self):
'''
'''Get a string value of a standalone string
:return: String value of a standalone string
'''
if 'str' in self._context:
@ -123,8 +132,8 @@ class Context():
return None
def _get_literal_value(self, literal):
'''
Utility function to turn AST literals into native Python types
'''Utility function to turn AST literals into native Python types
:param literal: The AST literal to convert
:return: The value of the AST literal
'''
@ -174,12 +183,12 @@ class Context():
return None
def check_call_arg_value(self, argument_name):
"""
Checks for a value of a named argument in a function call. Returns
none if the specified argument is not found.
'''Checks for a value of a named argument in a function call.
Returns none if the specified argument is not found.
:param argument_name: A string - name of the argument to look for
:return: String literal of the argument if found, None otherwise
"""
'''
kwd_values = self.call_keywords
if (
kwd_values is not None and
@ -190,11 +199,11 @@ class Context():
return None
def get_call_arg_at_position(self, position_num):
"""
Returns positional argument at the specified position (if it exists)
'''Returns positional argument at the specified position (if it exists)
:param position_num: The index of the argument to return the value for
:return: Value of the argument at the specified position if it exists
"""
'''
if (
hasattr(self._context['call'], 'args') and
position_num < len(self._context['call'].args)
@ -206,8 +215,8 @@ class Context():
return None
def is_module_being_imported(self, module):
'''
Check for the specified module is currently being imported
'''Check for the specified module is currently being imported
:param module: The module name to look for
:return: True if the module is found, False otherwise
'''
@ -217,8 +226,8 @@ class Context():
return False
def is_module_imported_exact(self, module):
'''
Check if a specified module has been imported; only exact matches.
'''Check if a specified module has been imported; only exact matches.
:param module: The module name to look for
:return: True if the module is found, False otherwise
'''
@ -228,7 +237,8 @@ class Context():
return False
def is_module_imported_like(self, module):
'''
'''Check if a specified module has been imported
Check if a specified module has been imported; specified module exists
as part of any import statement.
:param module: The module name to look for

56
bandit/core/manager.py
View File

@ -2,27 +2,27 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import sys
import logging
import ast
import logging
import sys
import config as b_config
import result_store as b_result_store
import node_visitor as b_node_visitor
import test_set as b_test_set
import meta_ast as b_meta_ast
import node_visitor as b_node_visitor
import result_store as b_result_store
import test_set as b_test_set
class BanditManager():
@ -30,8 +30,8 @@ class BanditManager():
scope = []
def __init__(self, config_file, agg_type, debug=False, profile_name=None):
'''
Get logger, config, AST handler, and result store ready
'''Get logger, config, AST handler, and result store ready
:param config_file: A file to read config from
:param debug: Whether to show debug messsages or not
:param profile_name: Optional name of profile to use (from cmd line)
@ -79,8 +79,8 @@ class BanditManager():
return self.b_rs
def output_results(self, lines, level, output_filename):
'''
Outputs results from the result store
'''Outputs results from the result store
:param lines: How many surrounding lines to show per result
:param level: Which levels to show (info, warning, error)
:param output_filename: File to store results
@ -92,14 +92,12 @@ class BanditManager():
)
def output_metaast(self):
'''
Outputs all the nodes from the Meta AST
'''
'''Outputs all the nodes from the Meta AST.'''
self.b_ma.report()
def run_scope(self, scope):
'''
Runs through all files in the scope
'''Runs through all files in the scope
:param scope: A set of all files to inspect
:return: -
'''
@ -146,8 +144,8 @@ class BanditManager():
sys.exit(1)
def _execute_ast_visitor(self, fname, fdata, b_ma, b_rs, b_ts):
'''
Execute AST parse on each file
'''Execute AST parse on each file
:param fname: The name of the file being parsed
:param fdata: The file data of the file being parsed
:param b_ma: The class Meta AST instance
@ -161,12 +159,12 @@ class BanditManager():
)
try:
res.visit(ast.parse("".join(fdata.readlines())))
except SyntaxError as e:
except SyntaxError:
b_rs.skip(fname, "syntax error while parsing AST from file")
def _init_logger(self, debug=False, log_format=None):
'''
Initialize the logger
'''Initialize the logger
:param debug: Whether to enable debug mode
:return: An instantiated logging instance
'''

25
bandit/core/meta_ast.py
View File

@ -2,17 +2,17 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from collections import OrderedDict
@ -26,8 +26,8 @@ class BanditMetaAst():
self.logger = logger
def add_node(self, node, parent_id, depth):
'''
Add a node to the AST node collection
'''Add a node to the AST node collection
:param node: The AST node to add
:param parent_id: The ID of the node's parent
:param depth: The depth of the node
@ -40,7 +40,8 @@ class BanditMetaAst():
}
def report(self):
'''
'''Dumps a listing of all of the nodes
Dumps (prints) a listing of all of the nodes for debugging purposes
:return: -
'''

47
bandit/core/node_visitor.py
View File

@ -2,23 +2,21 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import sys
import ast
import _ast
import copy
import tester as b_tester
import utils as b_utils
@ -56,8 +54,9 @@ class BanditNodeVisitor(ast.NodeVisitor):
)
def visit_Call(self, node):
'''
Visitor for AST Call nodes: add relevant information about the node to
'''Visitor for AST Call nodes
add relevant information about the node to
the context for use in tests which inspect function calls.
:param node: The node that is being inspected
:return: -
@ -83,8 +82,9 @@ class BanditNodeVisitor(ast.NodeVisitor):
super(BanditNodeVisitor, self).generic_visit(node)
def visit_Import(self, node):
'''
Visitor for AST Import nodes: add relevant information about node to
'''Visitor for AST Import nodes
add relevant information about node to
the context for use in tests which inspect imports.
:param node: The node that is being inspected
:return: -
@ -101,8 +101,9 @@ class BanditNodeVisitor(ast.NodeVisitor):
super(BanditNodeVisitor, self).generic_visit(node)
def visit_ImportFrom(self, node):
'''
Visitor for AST Import nodes: add relevant information about node to
'''Visitor for AST Import nodes
add relevant information about node to
the context for use in tests which inspect imports.
:param node: The node that is being inspected
:return: -
@ -127,8 +128,9 @@ class BanditNodeVisitor(ast.NodeVisitor):
super(BanditNodeVisitor, self).generic_visit(node)
def visit_Str(self, node):
'''
Visitor for AST String nodes: add relevant information about node to
'''Visitor for AST String nodes
add relevant information about node to
the context for use in tests which inspect strings.
:param node: The node that is being inspected
:return: -
@ -149,8 +151,9 @@ class BanditNodeVisitor(ast.NodeVisitor):
super(BanditNodeVisitor, self).generic_visit(node)
def visit(self, node):
'''
Generic visitor, add the node to the node collection, and log it
'''Generic visitor
add the node to the node collection, and log it
:param node: The node that is being inspected
:return: -
'''

36
bandit/core/result_store.py
View File

@ -2,29 +2,29 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""An object to store/access results associated with Bandit tests."""
from collections import OrderedDict
import linecache
from sys import stdout
from datetime import datetime
import linecache
import re
from sys import stdout
import utils
import constants
import utils
class BanditResultStore():
@ -40,8 +40,8 @@ class BanditResultStore():
self.agg_type = agg_type
def skip(self, filename, reason):
'''
Indicates that the specified file was skipped and why
'''Indicates that the specified file was skipped and why
:param filename: The file that was skipped
:param reason: Why the file was skipped
:return: -
@ -49,8 +49,8 @@ class BanditResultStore():
self.skipped.append((filename, reason))
def add(self, context, test, issue):
'''
Adds a result, with the context and the issue that was found
'''Adds a result, with the context and the issue that was found
:param context: Context of the node
:param test: The type (function name) of the test
:param issue: Which issue was found
@ -76,8 +76,8 @@ class BanditResultStore():
self.count += 1
def report(self, scope, lines=0, level=1, output_filename=None):
'''
Prints the contents of the result store
'''Prints the contents of the result store
:param scope: Which files were inspected
:param lines: # of lines around the issue line to display (optional)
:param level: What level of severity to display (optional)

36
bandit/core/test_selector.py
View File

@ -2,21 +2,22 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
def checks_functions(func):
'''
'''Test function checks function calls
Use of this delegate before a test function indicates that it should be
called any time a function call is encountered.
'''
@ -27,7 +28,8 @@ def checks_functions(func):
def checks_imports(func):
'''
'''Test function checks imports
Use of this delegate before a test function indicates that it should be
called any time an import is encountered.
'''
@ -38,7 +40,8 @@ def checks_imports(func):
def checks_strings(func):
'''
'''Test function checks strings
Use of this delegate before a test function indicates that it should be
called any time a string value is encountered.
'''
@ -49,7 +52,8 @@ def checks_strings(func):
def checks_exec(func):
'''
'''Test function checks exec nodes
Use of this delegate before a test function indicates that it should be
called any time the 'exec' statement is encountered.
'''
@ -60,12 +64,14 @@ def checks_exec(func):
def takes_config(*args):
'''
'''Test function takes config
Use of this delegate before a test function indicates that it should be
passed data from the config file. Passing a name parameter allows
aliasing tests and thus sharing config options.
'''
name = ""
def _takes_config(func):
if not hasattr(func, "_takes_config"):
func._takes_config = name
@ -76,4 +82,4 @@ def takes_config(*args):
return _takes_config(args[0])
else:
name = args[0]
return _takes_config
return _takes_config

46
bandit/core/test_set.py
View File

@ -2,26 +2,27 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from collections import OrderedDict
import copy
import glob
import importlib
from inspect import getmembers
from inspect import isfunction
import os
import sys
from collections import OrderedDict
import glob
from inspect import getmembers, isfunction
import importlib
class BanditTestSet():
@ -68,7 +69,8 @@ class BanditTestSet():
return return_tuple
def _filter_tests(self, filter):
'''
'''Filters the test set according to the filter tuple
Filters the test set according to the filter tuple which contains
include and exclude lists.
:param filter: Include, exclude lists tuple
@ -99,9 +101,10 @@ class BanditTestSet():
self.tests = copy.deepcopy(temp_dict)
def _get_decorators_list(self):
'''
Returns a list of decorator function names so that they can be ignored
when discovering test function names.
'''Returns a list of decorator function names
Returns a list of decorator function names so that they can be
ignored when discovering test function names.
'''
# we need to know the name of the decorators so we can automatically
@ -116,10 +119,7 @@ class BanditTestSet():
return return_list
def load_tests(self, filter=None):
'''
Loads all tests from the plugins directory and puts them into the tests
dictionary.
'''
'''Loads all tests in the plugins directory into testsdictionary.'''
# tests are a dictionary of functions, grouped by check type
# where the key is the function name, and the value is the
@ -191,8 +191,8 @@ class BanditTestSet():
self._filter_tests(filter)
def get_tests(self, checktype):
'''
Returns all tests that are of type checktype
'''Returns all tests that are of type checktype
:param checktype: The type of test to filter on
:return: A dictionary of tests which are of the specified type
'''

27
bandit/core/tester.py
View File

@ -2,17 +2,17 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import context as b_context
@ -30,19 +30,22 @@ class BanditTester():
self.last_result = None
def run_tests(self, raw_context, checktype):
'''
Runs all tests for a certain type of check, for example 'functions',
'''Runs all tests for a certain type of check, for example
Runs all tests for a certain type of check, for example 'functions'
store results in results.
:param raw_context: Raw context dictionary
:param checktype: The type of checks to run
:return: none
'''
tests = self.testset.get_tests(checktype)
for name, test in tests.iteritems():
# execute test with the an instance of the context class
context = b_context.Context(raw_context)
if hasattr(test, '_takes_config'):
# TODO: Possibly allow override from profile
# TODO(??): Possibly allow override from profile
test_config = self.config.get_option(test._takes_config)
result = test(context, test_config)
else:

27
bandit/core/utils.py
View File

@ -2,29 +2,30 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import symtable
import ast
import _ast
import ast
import symtable
"""Various helper functions."""
def ast_args_to_str(args):
res = '\n\tArgument/s:\n\t\t%s' % \
'\n\t\t'.join([ast.dump(arg) for arg in args])
res = ('\n\tArgument/s:\n\t\t%s' %
'\n\t\t'.join([ast.dump(arg) for arg in args]))
return res

18
bandit/plugins/__init__.py
View File

@ -2,14 +2,14 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

20
bandit/plugins/blacklist_calls.py
View File

@ -2,17 +2,17 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import bandit
from bandit.test_selector import *
@ -60,7 +60,7 @@ def blacklist_functions(context, config):
if does_match and check[4]:
matched_p = False
for p in check[4]:
for arg_num in range(0, context.call_args_count-1):
for arg_num in range(0, context.call_args_count - 1):
if p == context.get_call_arg_at_position(arg_num):
matched_p = True
if not matched_p:

19
bandit/plugins/blacklist_imports.py
View File

@ -2,17 +2,17 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import bandit
@ -26,7 +26,6 @@ def blacklist_imports(context, config):
# for each check, go through and see if it matches all qualifications
for check in checks:
does_match = True
# item 0=import, 1=message, 2=level
if check[0]:
for im in check[0]:

18
bandit/plugins/crypto_random.py
View File

@ -2,17 +2,17 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import bandit
from bandit.test_selector import *

19
bandit/plugins/crypto_request_no_cert_validation.py
View File

@ -2,18 +2,17 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import bandit
from bandit.test_selector import *

19
bandit/plugins/exec.py
View File

@ -2,21 +2,22 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import bandit
from bandit.test_selector import *
@checks_exec
def exec_used(context):
return (bandit.ERROR, "Use of exec detected.")

21
bandit/plugins/general_bad_file_permissions.py
View File

@ -2,20 +2,21 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import stat
import bandit
import stat
from bandit.test_selector import *

18
bandit/plugins/general_bind_all_interfaces.py
View File

@ -2,17 +2,17 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import bandit
from bandit.test_selector import *

20
bandit/plugins/general_hardcoded_password.py
View File

@ -2,17 +2,17 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import bandit
from bandit.test_selector import *
@ -20,7 +20,7 @@ from bandit.test_selector import *
@takes_config
# tmcpeak - temporarily commenting this test out, it's broken
#@checks_strings
# @checks_strings
def hardcoded_password(context, config):
word_list_file = ""

18
bandit/plugins/general_hardcoded_tmp.py
View File

@ -2,17 +2,17 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import bandit
from bandit.test_selector import *

18
bandit/plugins/injection_shell.py
View File

@ -2,17 +2,17 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import bandit
from bandit.test_selector import *

18
bandit/plugins/injection_sql.py
View File

@ -2,17 +2,17 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import bandit
from bandit.test_selector import *

18
bandit/plugins/injection_wildcard.py
View File

@ -2,17 +2,17 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import bandit
from bandit.test_selector import *

22
bandit/plugins/insecure_ssl_tls.py
View File

@ -2,17 +2,17 @@
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import bandit
from bandit.test_selector import *
@ -21,6 +21,7 @@ from bandit.test_selector import *
def get_bad_proto_versions(config):
return config['bad_protocol_versions']
@takes_config
@checks_functions
def ssl_with_bad_version(context, config):
@ -39,7 +40,7 @@ def ssl_with_bad_version(context, config):
context.call_args_string)
elif (context.call_function_name_qual != 'ssl.wrap_socket' and
context.call_function_name_qual != 'SSL.Context'):
context.call_function_name_qual != 'SSL.Context'):
if (context.check_call_arg_value('method') in bad_ssl_versions or
context.check_call_arg_value('ssl_version') in bad_ssl_versions):
@ -47,6 +48,7 @@ def ssl_with_bad_version(context, config):
'protocol identified, possible security issue. %s' %
context.call_args_string)
@checks_functions
def ssl_with_no_version(context):
if (context.call_function_name_qual == 'ssl.wrap_socket'):

16
tox.ini
View File

@ -23,18 +23,12 @@ commands = python setup.py testr --coverage --testr-args='{posargs}'
[flake8]
# E123, E125 skipped as they are invalid PEP-8.
# These tests are skipped for now, they will be added in later:
# H404 multi line docstring should start without a leading new line
# H405 multi line docstring summary not separated with an empty line
# H306 imports not in alphabetical order
# H301 one import per line
# H101 Use TODO(NAME)
# H103 Header does not match Apache 2.0 License notice
# H904 Wrap long lines in parentheses instead of a backslash
# E271 multiple spaces after keyword
# E301 expected 1 blank line, found 0
# H303 no wild card imports
# F403 unable to detect undefined names
# H104 file contains nothing but comments
# H302 import only modules
show-source = True
ignore = E123,E125,H404,H405,H306,H301,H101,H103,H904,E271,E301,
ignore = E123,E125,H303,F403,H104,H302
builtins = _
exclude=.venv,.git,.tox,dist,doc,*openstack/common*,*lib/python*,*egg,build