openstack/deb-bandit
Code Issues Proposed changes

Fixing partial path detection for Windows

Browse Source 
This commit updates the check for a partial path in the shell
plugin to recognize Windows paths (c:\something\) as complete
paths.

Change-Id: I0e6e3b83f5464e2fe4b06bc72632bb950b5e3d7e
Closes-Bug: #1650392
This commit is contained in:
Travis McPeak 2016-12-19 09:27:05 -08:00
parent a9f47e5d03
commit e3f19b0dca
3 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bandit/plugins/injection_shell.py
View File

@ -15,10 +15,15 @@
# under the License. # under the License.
import ast import ast
import re
import bandit import bandit
from bandit.core import test_properties as test from bandit.core import test_properties as test
# yuck, regex: starts with a windows drive letter (eg C:)
# or one of our path delimeter characters (/, \, .)
full_path_match = re.compile(r'^(?:[A-Za-z](?=\:)|[\\\/\.])')
def _evaluate_shell_call(context): def _evaluate_shell_call(context):
no_formatting = isinstance(context.node.args[0], ast.Str) no_formatting = isinstance(context.node.args[0], ast.Str)
@ -615,14 +620,13 @@ def start_process_with_partial_path(context, config):
context.call_function_name_qual in config['shell'] or context.call_function_name_qual in config['shell'] or
context.call_function_name_qual in config['no_shell']): context.call_function_name_qual in config['no_shell']):
delims = ['/', '\\', '.']
node = context.node.args[0] node = context.node.args[0]
# some calls take an arg list, check the first part # some calls take an arg list, check the first part
if isinstance(node, ast.List): if isinstance(node, ast.List):
node = node.elts[0] node = node.elts[0]
# make sure the param is a string literal and not a var name # make sure the param is a string literal and not a var name
if isinstance(node, ast.Str) and node.s[0] not in delims: if isinstance(node, ast.Str) and not full_path_match.match(node.s):
return bandit.Issue( return bandit.Issue(
severity=bandit.LOW, severity=bandit.LOW,
confidence=bandit.HIGH, confidence=bandit.HIGH,

3
examples/partial_path_process.py
View File

@ -8,3 +8,6 @@ pop(['ls', '-l'], shell=False)
pop(['/bin/ls', '-l'], shell=False) pop(['/bin/ls', '-l'], shell=False)
pop('../ls -l', shell=False) pop('../ls -l', shell=False)
pop('c:\hello\something', shell=False)
pop('c:/hello/something_else', shell=False)

4
tests/functional/test_functional.py
View File

@ -419,8 +419,8 @@ class FunctionalTests(testtools.TestCase):
def test_partial_path(self): def test_partial_path(self):
'''Test process spawning with partial file paths.''' '''Test process spawning with partial file paths.'''
expect = {'SEVERITY': {'LOW': 9}, expect = {'SEVERITY': {'LOW': 11},
'CONFIDENCE': {'HIGH': 9}} 'CONFIDENCE': {'HIGH': 11}}
self.check_example('partial_path_process.py', expect) self.check_example('partial_path_process.py', expect)