From 8ba353603f00df5c9e9c26043251f30ea937cdce Mon Sep 17 00:00:00 2001 From: Tim Kelsey Date: Wed, 26 Nov 2014 16:22:05 +0000 Subject: [PATCH] Fix a reported bug when bandit encounters "__import__()" Parsing "__import__()" results in an exception from the test blacklist_import_func, since it assumes the the call will have a parameter. Calling __import__ without a parameter is not valid python, however this bug has been seen in the wild. Change-Id: Ia9476f19fa0b571c71a7410152e95757543ec5ea Closes-bug: 1396333 --- bandit/plugins/blacklist_imports.py | 4 ++-- examples/imports-function.py | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/bandit/plugins/blacklist_imports.py b/bandit/plugins/blacklist_imports.py index 771e311a..8873fb6b 100644 --- a/bandit/plugins/blacklist_imports.py +++ b/bandit/plugins/blacklist_imports.py @@ -42,7 +42,7 @@ def blacklist_import_func(context, config): # item 0=import, 1=message, 2=level if check[0]: for im in check[0]: - if im == context.call_args[0]: + if len(context.call_args) and im == context.call_args[0]: return _get_result(check, im) @@ -110,4 +110,4 @@ def _get_result(check, im): elif check[2] == 'INFO': level = bandit.INFO - return level, "%s" % message \ No newline at end of file + return level, "%s" % message diff --git a/examples/imports-function.py b/examples/imports-function.py index 20ff2636..06e19fc1 100644 --- a/examples/imports-function.py +++ b/examples/imports-function.py @@ -2,3 +2,7 @@ os = __import__("os") pickle = __import__("pickle") sys = __import__("sys") subprocess = __import__("subprocess") + +# this has been reported in the wild, though it's invalid python +# see bug https://bugs.launchpad.net/bandit/+bug/1396333 +__import__()