Add functional tests for B308, B321, and B402

Several checks lack any functional test as described in the bug. This patch adds mark_safe and ftplib tests. There was also a typo in the calls doc where mark_safe was listed under httpsconnection. Also, the mark_safe check wasn't working because the full import path for the call was not specified. That was also corrected. Change-Id: I6f35fb65cb8c25a474175de99fcac04ea2b7d81e Closes-Bug: #1648257
2016-12-18 22:08:02 -08:00 · 2016-12-18 22:08:02 -08:00 · ce17a94c06
commit ce17a94c06
parent 1e4116407d
4 changed files with 26 additions and 4 deletions
--- a/bandit/blacklists/calls.py
+++ b/bandit/blacklists/calls.py
@ -124,7 +124,7 @@ be reviewed.
 +------+---------------------+------------------------------------+-----------+
 | ID   |  Name               |  Calls                             |  Severity |
 +======+=====================+====================================+===========+
-| B308 | mark_safe           | - mark_safe                        | Medium    |
+| B308 | mark_safe           | - django.utils.safestring.mark_safe| Medium    |
 +------+---------------------+------------------------------------+-----------+

 B309: httpsconnection
@ -136,8 +136,7 @@ https://wiki.openstack.org/wiki/OSSN/OSSN-0033
 +------+---------------------+------------------------------------+-----------+
 | ID   |  Name               |  Calls                             |  Severity |
 +======+=====================+====================================+===========+
-| B309 | httpsconnection     | - mark_safe                        | Medium    |
-|      |                     | - httplib.HTTPSConnection          |           |
+| B309 | httpsconnection     | - httplib.HTTPSConnection          | Medium    |
 |      |                     | - http.client.HTTPSConnection      |           |
 |      |                     | - six.moves.http_client            |           |
 |      |                     |   .HTTPSConnection                 |           |
@ -351,7 +350,7 @@ def gen_blacklist():
        ))

    sets.append(utils.build_conf_dict(
-        'mark_safe', 'B308', ['mark_safe'],
+        'mark_safe', 'B308', ['django.utils.safestring.mark_safe'],
        'Use of mark_safe() may expose cross-site scripting '
        'vulnerabilities and should be reviewed.'
        ))
--- a/examples/ftplib.py
+++ b/examples/ftplib.py
@ -0,0 +1,9 @@
+from ftplib import FTP
+
+ftp = FTP('ftp.debian.org')
+ftp.login()
+
+ftp.cwd('debian')
+ftp.retrlines('LIST')
+
+ftp.quit()
--- a/examples/mark_safe.py
+++ b/examples/mark_safe.py
@ -0,0 +1,4 @@
+from django.utils import safestring
+
+mystr = '<b>Hello World</b>'
+mystr = safestring.mark_safe(mystr)
--- a/tests/functional/test_functional.py
+++ b/tests/functional/test_functional.py
@ -133,6 +133,11 @@ class FunctionalTests(testtools.TestCase):
        expect = {'SEVERITY': {'MEDIUM': 3}, 'CONFIDENCE': {'HIGH': 3}}
        self.check_example('eval.py', expect)

+    def test_mark_safe(self):
+        '''Test the `mark_safe` example.'''
+        expect = {'SEVERITY': {'MEDIUM': 1}, 'CONFIDENCE': {'HIGH': 1}}
+        self.check_example('mark_safe.py', expect)
+
    def test_exec(self):
        '''Test the `exec` example.'''
        filename = 'exec-{}.py'
@ -187,6 +192,11 @@ class FunctionalTests(testtools.TestCase):
        expect = {'SEVERITY': {'HIGH': 2}, 'CONFIDENCE': {'HIGH': 2}}
        self.check_example('telnetlib.py', expect)

+    def test_ftp_usage(self):
+        '''Test for `import ftplib` and FTP.* calls.'''
+        expect = {'SEVERITY': {'HIGH': 2}, 'CONFIDENCE': {'HIGH': 2}}
+        self.check_example('ftplib.py', expect)
+
    def test_imports(self):
        '''Test for dangerous imports.'''
        expect = {'SEVERITY': {'LOW': 2}, 'CONFIDENCE': {'HIGH': 2}}