Bug fix for SQL tests

A very interesting edge case in the AST came up to cause this bug.
When calling a function returned from a function the AST will
wrap a call node in a call node, resulting in a completely anonymous
function call. Even more anonymous than a Lambda, since you can
detect that from its node type.

def derp():
    def herp():
        print "meta!"
    return herp

derp()()

The fix is a try, except block since we can't do anything useful in
this situation. Tests on Nova now run to completion.

Change-Id: Ice0a165009ae7b5a72b6b6661ee24aafa7ef4075
Closes-bug: 1479625

bandit/core/utils.py

@@ -340,4 +340,7 @@ def get_called_name(node):
     :returns: (String) the function name
     '''
     func = node.func
-    return (func.attr if isinstance(func, ast.Attribute) else func.id)
+    try:
+        return (func.attr if isinstance(func, ast.Attribute) else func.id)
+    except AttributeError:
+        return ""

examples/sql_statements.py

@@ -24,6 +24,15 @@ query = "SELECT " + val + " FROM " + val +" WHERE id = " + val
 # bad
 cur.execute("SELECT " + val + " FROM " + val +" WHERE id = " + val)
 
+
+# bug: https://bugs.launchpad.net/bandit/+bug/1479625
+def a():
+    def b():
+        pass
+    return b
+
+a()("SELECT %s FROM foo" % val)
+
 # real world false positives
 choices=[('server_list', _("Select from active instances"))]
 print("delete from the cache as the first argument")

tests/test_functional.py

@@ -252,8 +252,8 @@ class FunctionalTests(unittest.TestCase):
     def test_sql_statements(self):
         '''Test for SQL injection through string building.'''
         expect = {
-            'SEVERITY': {'MEDIUM': 10},
-            'CONFIDENCE': {'LOW': 5, 'MEDIUM': 5}}
+            'SEVERITY': {'MEDIUM': 11},
+            'CONFIDENCE': {'LOW': 6, 'MEDIUM': 5}}
         self.check_example('sql_statements.py', expect)
 
     def test_ssl_insecure_version(self):