Bug fix for SQL tests
A very interesting edge case in the AST came up to cause this bug. When calling a function returned from a function the AST will wrap a call node in a call node, resulting in a completely anonymous function call. Even more anonymous than a Lambda, since you can detect that from its node type. def derp(): def herp(): print "meta!" return herp derp()() The fix is a try, except block since we can't do anything useful in this situation. Tests on Nova now run to completion. Change-Id: Ice0a165009ae7b5a72b6b6661ee24aafa7ef4075 Closes-bug: 1479625
This commit is contained in:
parent
4b03e062f1
commit
f696ce0a0d
@ -340,4 +340,7 @@ def get_called_name(node):
|
||||
:returns: (String) the function name
|
||||
'''
|
||||
func = node.func
|
||||
try:
|
||||
return (func.attr if isinstance(func, ast.Attribute) else func.id)
|
||||
except AttributeError:
|
||||
return ""
|
||||
|
@ -24,6 +24,15 @@ query = "SELECT " + val + " FROM " + val +" WHERE id = " + val
|
||||
# bad
|
||||
cur.execute("SELECT " + val + " FROM " + val +" WHERE id = " + val)
|
||||
|
||||
|
||||
# bug: https://bugs.launchpad.net/bandit/+bug/1479625
|
||||
def a():
|
||||
def b():
|
||||
pass
|
||||
return b
|
||||
|
||||
a()("SELECT %s FROM foo" % val)
|
||||
|
||||
# real world false positives
|
||||
choices=[('server_list', _("Select from active instances"))]
|
||||
print("delete from the cache as the first argument")
|
||||
|
@ -252,8 +252,8 @@ class FunctionalTests(unittest.TestCase):
|
||||
def test_sql_statements(self):
|
||||
'''Test for SQL injection through string building.'''
|
||||
expect = {
|
||||
'SEVERITY': {'MEDIUM': 10},
|
||||
'CONFIDENCE': {'LOW': 5, 'MEDIUM': 5}}
|
||||
'SEVERITY': {'MEDIUM': 11},
|
||||
'CONFIDENCE': {'LOW': 6, 'MEDIUM': 5}}
|
||||
self.check_example('sql_statements.py', expect)
|
||||
|
||||
def test_ssl_insecure_version(self):
|
||||
|
Loading…
Reference in New Issue
Block a user