openstack
/
bandit
Code Issues Proposed changes

Added missing HTTP verbs to the requests checks 

According to http://docs.python-requests.org/en/latest/user/advanced/
requests supports many HTTP verbs, however bandit was checking for
use of only two (post and get) - this patch adds support for the
other verbs that requests supports today.

Change-Id: I57df1f1139def0c3663d2377eabbcbe9ca248146
This commit is contained in:
Robert Clark 2015-10-30 14:40:52 +09:00
parent 635f5fbd62
commit b258d08a7c
3 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
bandit/plugins/crypto_request_no_cert_validation.py
View File

@ -20,12 +20,9 @@ from bandit.core.test_properties import *
@checks('Call')
def request_with_no_cert_validation(context):
if (
'requests' in context.call_function_name_qual and (
'get' in context.call_function_name or
'post' in context.call_function_name)
):
http_verbs = ('get', 'options', 'head', 'post', 'put', 'patch', 'delete')
if ('requests' in context.call_function_name_qual and
context.call_function_name in http_verbs):
if context.check_call_arg_value('verify', 'False'):
return bandit.Issue(

10
examples/requests-ssl-verify-disabled.py
View File

@ -4,3 +4,13 @@ requests.get('https://gmail.com', verify=True)
requests.get('https://gmail.com', verify=False)
requests.post('https://gmail.com', verify=True)
requests.post('https://gmail.com', verify=False)
requests.put('https://gmail.com', verify=True)
requests.put('https://gmail.com', verify=False)
requests.delete('https://gmail.com', verify=True)
requests.delete('https://gmail.com', verify=False)
requests.patch('https://gmail.com', verify=True)
requests.patch('https://gmail.com', verify=False)
requests.options('https://gmail.com', verify=True)
requests.options('https://gmail.com', verify=False)
requests.head('https://gmail.com', verify=True)
requests.head('https://gmail.com', verify=False)

2
tests/functional/test_functional.py
View File

@ -239,7 +239,7 @@ class FunctionalTests(testtools.TestCase):
def test_requests_ssl_verify_disabled(self):
'''Test for the `requests` library skipping verification.'''
expect = {'SEVERITY': {'HIGH': 2}, 'CONFIDENCE': {'HIGH': 2}}
expect = {'SEVERITY': {'HIGH': 7}, 'CONFIDENCE': {'HIGH': 7}}
self.check_example('requests-ssl-verify-disabled.py', expect)
def test_skip(self):