How to use the bandit.core.test_properties function in bandit

To help you get started, we’ve selected a few bandit examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github PyCQA / bandit / bandit / plugins / jinja2_templates.py View on Github external
@test.test_id('B701')
def jinja2_autoescape_false(context):
    # check type just to be safe
    if isinstance(context.call_function_name_qual, str):
        qualname_list = context.call_function_name_qual.split('.')
        func = qualname_list[-1]
        if 'jinja2' in qualname_list and func == 'Environment':
            for node in ast.walk(context.node):
                if isinstance(node, ast.keyword):
                    # definite autoescape = False
                    if (getattr(node, 'arg', None) == 'autoescape' and
                            (getattr(node.value, 'id', None) == 'False' or
                             getattr(node.value, 'value', None) is False)):
                        return bandit.Issue(
                            severity=bandit.HIGH,
                            confidence=bandit.HIGH,
                            text="Using jinja2 templates with autoescape="
github PyCQA / bandit / bandit / plugins / injection_sql.py View on Github external
@test.checks('Str')
@test.test_id('B608')
def hardcoded_sql_expressions(context):
    val = _evaluate_ast(context.node)
    if _check_string(val[1]):
        return bandit.Issue(
            severity=bandit.MEDIUM,
            confidence=bandit.MEDIUM if val[0] else bandit.LOW,
            text="Possible SQL injection vector through string-based "
                 "query construction."
github PyCQA / bandit / bandit / plugins / injection_sql.py View on Github external
@test.test_id('B608')
def hardcoded_sql_expressions(context):
    val = _evaluate_ast(context.node)
    if _check_string(val[1]):
        return bandit.Issue(
            severity=bandit.MEDIUM,
            confidence=bandit.MEDIUM if val[0] else bandit.LOW,
            text="Possible SQL injection vector through string-based "
                 "query construction."
github PyCQA / bandit / bandit / plugins / try_except_continue.py View on Github external
@test.checks('ExceptHandler')
@test.test_id('B112')
def try_except_continue(context, config):
    node = context.node
    if len(node.body) == 1:
        if (not config['check_typed_exception'] and
                node.type is not None and
                getattr(node.type, 'id', None) != 'Exception'):
            return

        if isinstance(node.body[0], ast.Continue):
            return bandit.Issue(
                severity=bandit.LOW,
                confidence=bandit.HIGH,
                text=("Try, Except, Continue detected."))
github PyCQA / bandit / bandit / plugins / blacklist_imports.py View on Github external
@test.takes_config
@test.checks('Import', 'ImportFrom')
@test.test_id('B401')
def blacklist_imports(context, config):
    """**B401: Test for blacklisted imports**

    A number of Python modules are known to provide collections of
    functionality with potential security implications. The blacklist imports
    plugin test is designed to detect the use of these modules by scanning code
    for `import` statements and checking for the imported modules presence in a
    configurable blacklist. The imported modules are fully qualified and
    de-aliased prior to checking. To illustrate this, imagine a check for
    "module.evil" running on the following example code:

    .. code-block:: python

        import module                    # no warning
github PyCQA / bandit / bandit / plugins / crypto_request_no_cert_validation.py View on Github external
@test.test_id('B501')
def request_with_no_cert_validation(context):
    http_verbs = ('get', 'options', 'head', 'post', 'put', 'patch', 'delete')
    if ('requests' in context.call_function_name_qual and
            context.call_function_name in http_verbs):
        if context.check_call_arg_value('verify', 'False'):
            issue = bandit.Issue(
                severity=bandit.HIGH,
                confidence=bandit.HIGH,
                text="Requests call with verify=False disabling SSL "
                     "certificate checks, security issue.",
                lineno=context.get_lineno_for_call_arg('verify'),
            )
            return issue
github PyCQA / bandit / bandit / formatters / html.py View on Github external
@test_properties.accepts_baseline
def report(manager, fileobj, sev_level, conf_level, lines=-1):
    """Writes issues to 'fileobj' in HTML format

    :param manager: the bandit manager object
    :param fileobj: The output file object, which may be sys.stdout
    :param sev_level: Filtering severity level
    :param conf_level: Filtering confidence level
    :param lines: Number of lines to report, -1 for all
    """

    header_block = u"""




github PyCQA / bandit / bandit / formatters / custom.py View on Github external
@test_properties.accepts_baseline
def report(manager, fileobj, sev_level, conf_level, template=None):
    """Prints issues in custom format

    :param manager: the bandit manager object
    :param fileobj: The output file object, which may be sys.stdout
    :param sev_level: Filtering severity level
    :param conf_level: Filtering confidence level
    :param template: Output template with non-terminal tags 
                    (default: '{abspath}:{line}:
                    {test_id}[bandit]: {severity}: {msg}')
    """

    machine_output = {'results': [], 'errors': []}
    for (fname, reason) in manager.get_skipped():
        machine_output['errors'].append({'filename': fname,
                                         'reason': reason})
github PyCQA / bandit / bandit / formatters / screen.py View on Github external
@test_properties.accepts_baseline
def report(manager, fileobj, sev_level, conf_level, lines=-1):
    """Prints discovered issues formatted for screen reading

    This makes use of VT100 terminal codes for colored text.

    :param manager: the bandit manager object
    :param fileobj: The output file object, which may be sys.stdout
    :param sev_level: Filtering severity level
    :param conf_level: Filtering confidence level
    :param lines: Number of lines to report, -1 for all
    """

    bits = []
    if not manager.quiet or manager.results_count(sev_level, conf_level):
        bits.append(header("Run started:%s", datetime.datetime.utcnow()))