Added missing HTTP verbs to the requests checks
According to http://docs.python-requests.org/en/latest/user/advanced/ requests supports many HTTP verbs, however bandit was checking for use of only two (post and get) - this patch adds support for the other verbs that requests supports today. Change-Id: I57df1f1139def0c3663d2377eabbcbe9ca248146
This commit is contained in:
parent
635f5fbd62
commit
b258d08a7c
|
@ -20,12 +20,9 @@ from bandit.core.test_properties import *
|
|||
|
||||
@checks('Call')
|
||||
def request_with_no_cert_validation(context):
|
||||
if (
|
||||
'requests' in context.call_function_name_qual and (
|
||||
'get' in context.call_function_name or
|
||||
'post' in context.call_function_name)
|
||||
):
|
||||
|
||||
http_verbs = ('get', 'options', 'head', 'post', 'put', 'patch', 'delete')
|
||||
if ('requests' in context.call_function_name_qual and
|
||||
context.call_function_name in http_verbs):
|
||||
if context.check_call_arg_value('verify', 'False'):
|
||||
|
||||
return bandit.Issue(
|
||||
|
|
|
@ -4,3 +4,13 @@ requests.get('https://gmail.com', verify=True)
|
|||
requests.get('https://gmail.com', verify=False)
|
||||
requests.post('https://gmail.com', verify=True)
|
||||
requests.post('https://gmail.com', verify=False)
|
||||
requests.put('https://gmail.com', verify=True)
|
||||
requests.put('https://gmail.com', verify=False)
|
||||
requests.delete('https://gmail.com', verify=True)
|
||||
requests.delete('https://gmail.com', verify=False)
|
||||
requests.patch('https://gmail.com', verify=True)
|
||||
requests.patch('https://gmail.com', verify=False)
|
||||
requests.options('https://gmail.com', verify=True)
|
||||
requests.options('https://gmail.com', verify=False)
|
||||
requests.head('https://gmail.com', verify=True)
|
||||
requests.head('https://gmail.com', verify=False)
|
||||
|
|
|
@ -239,7 +239,7 @@ class FunctionalTests(testtools.TestCase):
|
|||
|
||||
def test_requests_ssl_verify_disabled(self):
|
||||
'''Test for the `requests` library skipping verification.'''
|
||||
expect = {'SEVERITY': {'HIGH': 2}, 'CONFIDENCE': {'HIGH': 2}}
|
||||
expect = {'SEVERITY': {'HIGH': 7}, 'CONFIDENCE': {'HIGH': 7}}
|
||||
self.check_example('requests-ssl-verify-disabled.py', expect)
|
||||
|
||||
def test_skip(self):
|
||||
|
|
Loading…
Reference in New Issue