Add functional tests for B308, B321, and B402
Several checks lack any functional test as described in the bug. This patch adds mark_safe and ftplib tests. There was also a typo in the calls doc where mark_safe was listed under httpsconnection. Also, the mark_safe check wasn't working because the full import path for the call was not specified. That was also corrected. Change-Id: I6f35fb65cb8c25a474175de99fcac04ea2b7d81e Closes-Bug: #1648257
This commit is contained in:
parent
1e4116407d
commit
ce17a94c06
@ -124,7 +124,7 @@ be reviewed.
|
||||
+------+---------------------+------------------------------------+-----------+
|
||||
| ID | Name | Calls | Severity |
|
||||
+======+=====================+====================================+===========+
|
||||
| B308 | mark_safe | - mark_safe | Medium |
|
||||
| B308 | mark_safe | - django.utils.safestring.mark_safe| Medium |
|
||||
+------+---------------------+------------------------------------+-----------+
|
||||
|
||||
B309: httpsconnection
|
||||
@ -136,8 +136,7 @@ https://wiki.openstack.org/wiki/OSSN/OSSN-0033
|
||||
+------+---------------------+------------------------------------+-----------+
|
||||
| ID | Name | Calls | Severity |
|
||||
+======+=====================+====================================+===========+
|
||||
| B309 | httpsconnection | - mark_safe | Medium |
|
||||
| | | - httplib.HTTPSConnection | |
|
||||
| B309 | httpsconnection | - httplib.HTTPSConnection | Medium |
|
||||
| | | - http.client.HTTPSConnection | |
|
||||
| | | - six.moves.http_client | |
|
||||
| | | .HTTPSConnection | |
|
||||
@ -351,7 +350,7 @@ def gen_blacklist():
|
||||
))
|
||||
|
||||
sets.append(utils.build_conf_dict(
|
||||
'mark_safe', 'B308', ['mark_safe'],
|
||||
'mark_safe', 'B308', ['django.utils.safestring.mark_safe'],
|
||||
'Use of mark_safe() may expose cross-site scripting '
|
||||
'vulnerabilities and should be reviewed.'
|
||||
))
|
||||
|
9
examples/ftplib.py
Normal file
9
examples/ftplib.py
Normal file
@ -0,0 +1,9 @@
|
||||
from ftplib import FTP
|
||||
|
||||
ftp = FTP('ftp.debian.org')
|
||||
ftp.login()
|
||||
|
||||
ftp.cwd('debian')
|
||||
ftp.retrlines('LIST')
|
||||
|
||||
ftp.quit()
|
4
examples/mark_safe.py
Normal file
4
examples/mark_safe.py
Normal file
@ -0,0 +1,4 @@
|
||||
from django.utils import safestring
|
||||
|
||||
mystr = '<b>Hello World</b>'
|
||||
mystr = safestring.mark_safe(mystr)
|
@ -133,6 +133,11 @@ class FunctionalTests(testtools.TestCase):
|
||||
expect = {'SEVERITY': {'MEDIUM': 3}, 'CONFIDENCE': {'HIGH': 3}}
|
||||
self.check_example('eval.py', expect)
|
||||
|
||||
def test_mark_safe(self):
|
||||
'''Test the `mark_safe` example.'''
|
||||
expect = {'SEVERITY': {'MEDIUM': 1}, 'CONFIDENCE': {'HIGH': 1}}
|
||||
self.check_example('mark_safe.py', expect)
|
||||
|
||||
def test_exec(self):
|
||||
'''Test the `exec` example.'''
|
||||
filename = 'exec-{}.py'
|
||||
@ -187,6 +192,11 @@ class FunctionalTests(testtools.TestCase):
|
||||
expect = {'SEVERITY': {'HIGH': 2}, 'CONFIDENCE': {'HIGH': 2}}
|
||||
self.check_example('telnetlib.py', expect)
|
||||
|
||||
def test_ftp_usage(self):
|
||||
'''Test for `import ftplib` and FTP.* calls.'''
|
||||
expect = {'SEVERITY': {'HIGH': 2}, 'CONFIDENCE': {'HIGH': 2}}
|
||||
self.check_example('ftplib.py', expect)
|
||||
|
||||
def test_imports(self):
|
||||
'''Test for dangerous imports.'''
|
||||
expect = {'SEVERITY': {'LOW': 2}, 'CONFIDENCE': {'HIGH': 2}}
|
||||
|
Loading…
Reference in New Issue
Block a user