openstack
/
bandit
Code Issues Proposed changes
bandit/examples
History
Jamie Finnigan 36e28b331a Address multiline node lineno inaccuracies 
This change addresses the bug where inaccurate line numbers / ranges
are displayed when an issue is detected in a multiline statement.

There's been a Python issue open since 2012 about this:
http://bugs.python.org/issue16806

Two main parts to the commit:
 - Modify StatementBuffer so get_next() will allow lookahead without
   popping the item off the buffer.
 - Add cleverness to visit() so if it does come across a multiline
   statement, it updates the context linerange based on information
   pulled out of the StatementBuffer.

Also of note, the commit includes several new tests for fix
verification. Seemingly non-deterministic test results were driving
me batty until the need to move the BanditResultStore 'resstore =
OrderedDict()' call from class-level to object instantion became
obvious.

Change-Id: I7dd4c563f6b2f8a103224854f0709068af093a73
Closes-Bug: 1467636
 		2015-06-29 12:56:40 -07:00
..
assert.py Adding a check for the use of Assert 2015-05-06 14:06:44 +01:00
binding.py First test targeting Str nodes (binding to all interfaces) 2014-08-14 15:46:50 -07:00
crypto-md5.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
eval.py Update the config file, and use yaml.safe_load() 2015-03-12 17:11:46 -05:00
exec-as-root.py Add ceilometer to rootwrap check 2015-02-26 10:19:26 -08:00
exec-py2.py Clean up tests and examples for Python 3.4 2015-06-03 16:47:25 -05:00
exec-py3.py Clean up tests and examples for Python 3.4 2015-06-03 16:47:25 -05:00
hardcoded-passwords.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
hardcoded-tmp.py Bug fix for hardcoded passwords test 2014-09-16 16:02:20 -07:00
httplib_https.py Adding a test for use of HTTPSConnection 2014-10-08 11:50:45 +01:00
imports-aliases.py pep8 fixes 2014-07-17 14:19:36 -07:00
imports-from.py Fix relative imports and error handling 2014-07-17 11:52:33 -07:00
imports-function.py Fix a reported bug when bandit encounters "__import__()" 2014-11-26 16:22:05 +00:00
imports-telnetlib.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
imports.py initial commit 2014-07-16 10:27:50 -07:00
jinja2_templating.py Update jinja2 plugin to be more accurate 2015-02-23 17:42:58 -08:00
mako_templating.py Add mako templating plugin and XSS profile 2015-03-05 08:44:09 -08:00
marshal_deserialize.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
mktemp.py Support dynamic loading of tests 2014-07-17 11:23:57 -07:00
multiline-str.py Address multiline node lineno inaccuracies 2015-06-29 12:56:40 -07:00
nonsense.py Add support for skipping files 2014-07-17 12:10:18 -07:00
okay.py Rework case where no findings are found 2014-07-25 11:20:20 -07:00
os-chmod-py2.py Clean up tests and examples for Python 3.4 2015-06-03 16:47:25 -05:00
os-chmod-py3.py Clean up tests and examples for Python 3.4 2015-06-03 16:47:25 -05:00
os-exec.py Modify call_bad_names test to use regex and add to blacklist 2014-07-25 11:10:03 -07:00
os-popen.py Modify call_bad_names test to use regex and add to blacklist 2014-07-25 11:10:03 -07:00
os-spawn.py Modify call_bad_names test to use regex and add to blacklist 2014-07-25 11:10:03 -07:00
os-startfile.py Modify call_bad_names test to use regex and add to blacklist 2014-07-25 11:10:03 -07:00
os_system.py Add tests for subprocesses and deserialization 2015-03-09 14:46:04 -05:00
paramiko_injection.py Adding paramiko injections check to blacklist functions 2015-06-18 14:47:01 -06:00
pickle_deserialize.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
popen_wrappers.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
random_module.py Add tests for subprocesses and deserialization 2015-03-09 14:46:04 -05:00
requests-ssl-verify-disabled.py initial commit 2014-07-16 10:27:50 -07:00
secret-config-option.py Add check for secret=True on oslo password options 2015-02-25 17:39:22 -08:00
skip.py Allow individual lines of code to be flagged for exclusion 2014-08-14 12:01:58 -07:00
sql_statements_with_sqlalchemy.py Adding SQL Injection test, examples, and profile. 2014-09-10 15:38:27 -07:00
sql_statements_without_sql_alchemy.py Adding SQL Injection test, examples, and profile. 2014-09-10 15:38:27 -07:00
ssl-insecure-version.py Remove the check for PROTOCOL_SSLv23 2015-02-12 11:33:26 -06:00
subprocess_shell.py Add tests for subprocesses and deserialization 2015-03-09 14:46:04 -05:00
urlopen.py Blacklist urlopen-like functions in urllib, urllib2 2015-01-21 06:09:46 -08:00
utils-shell.py Add tests for subprocesses and deserialization 2015-03-09 14:46:04 -05:00
wildcard-injection.py Wildcard injection requires a shell 2015-03-12 16:54:00 -05:00
xml_etree_celementtree.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
xml_etree_elementtree.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
xml_expatbuilder.py Add XML vulnerability checking 2015-04-24 09:58:26 -07:00
xml_expatreader.py Add XML vulnerability checking 2015-04-24 09:58:26 -07:00
xml_lxml.py Add XML vulnerability checking 2015-04-24 09:58:26 -07:00
xml_minidom.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
xml_pulldom.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
xml_sax.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
xml_xmlrpc.py Update example files to work on Python 2 & 3 2015-06-03 16:28:36 +00:00
yaml_load.py Add yaml.load to blacklist with yaml example file 2015-01-16 11:02:03 -08:00