How to use the bandit.core.test_properties.test_id function in bandit
To help you get started, we’ve selected a few bandit examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
PyCQA / bandit / bandit / plugins / yaml_load.py View on Github 
@test.test_id('B506')
@test.checks('Call')
def yaml_load(context):
imported = context.is_module_imported_exact('yaml')
qualname = context.call_function_name_qual
if not imported and isinstance(qualname, str):
return
qualname_list = qualname.split('.')
func = qualname_list[-1]
if all([
'yaml' in qualname_list,
func == 'load',
not context.check_call_arg_value('Loader', 'SafeLoader'),
not context.check_call_arg_value('Loader', 'CSafeLoader'),
]):
return bandit.Issue(@test.test_id('B301')
def blacklist_calls(context, config):
_ensure_cache(config)
checks = _cached_blacklist_checks
# for each check, go through and see if it matches all qualifications
for qualnames, names, message_tpl, level, params in checks:
confidence = 'HIGH'
does_match = True
# item 0=qualnames, 1=names, 2=message, 3=level, 4=params
if does_match and qualnames:
# match the qualname - respect wildcards if present
does_match = any(
fnmatch.fnmatch(context.call_function_name_qual, qn)
for qn in qualnames)
if does_match and names:@test.test_id('B504')
def ssl_with_no_version(context):
"""**B504: Test for SSL use with no version specified**
This plugin is part of a family of tests that detect the use of known bad
versions of SSL/TLS, please see :doc:`../plugins/ssl_with_bad_version` for
a complete discussion. Specifically, This plugin test scans for specific
methods in Python's native SSL/TLS support and the pyOpenSSL module that
configure the version of SSL/TLS protocol to use. These methods are known
to provide default value that maximize compatibility, but permit use of the
aforementioned broken protocol versions. A LOW severity warning will be
reported whenever this is detected.
**Config Options:**
This test shares the configuration provided for the standard
:doc:`../plugins/ssl_with_bad_version` test, please refer to its@test.test_id('B703')
def django_mark_safe(context):
"""**B703: Potential XSS on mark_safe function**
.. seealso::
- https://docs.djangoproject.com/en/dev/topics/
security/#cross-site-scripting-xss-protection
- https://docs.djangoproject.com/en/dev/
ref/utils/#module-django.utils.safestring
- https://docs.djangoproject.com/en/dev/
ref/utils/#django.utils.html.format_html
.. versionadded:: 1.5.0
"""
if context.is_module_imported_like('django.utils.safestring'):@test.test_id('B502')
def ssl_with_bad_version(context, config):
"""**B502: Test for SSL use with bad version used**
Several highly publicized exploitable flaws have been discovered
in all versions of SSL and early versions of TLS. It is strongly
recommended that use of the following known broken protocol versions be
avoided:
- SSL v2
- SSL v3
- TLS v1
- TLS v1.1
This plugin test scans for calls to Python methods with parameters that
indicate the used broken SSL/TLS protocol versions. Currently, detection
supports methods using Python's native SSL/TLS support and the pyOpenSSL@test.test_id('B603')
def subprocess_without_shell_equals_true(context, config):
"""**B603: Test for use of subprocess without shell equals true**
Python possesses many mechanisms to invoke an external executable. However,
doing so may present a security issue if appropriate care is not taken to
sanitize any user provided or variable input.
This plugin test is part of a family of tests built to check for process
spawning and warn appropriately. Specifically, this test looks for the
spawning of a subprocess without the use of a command shell. This type of
subprocess invocation is not vulnerable to shell injection attacks, but
care should still be taken to ensure validity of input.
Because this is a lesser issue than that described in
`subprocess_popen_with_shell_equals_true` a LOW severity warning is
reported.@test.test_id('B201')
@test.checks('Call')
def flask_debug_true(context):
if context.is_module_imported_like('flask'):
if context.call_function_name_qual.endswith('.run'):
if context.check_call_arg_value('debug', 'True'):
return bandit.Issue(
severity=bandit.HIGH,
confidence=bandit.MEDIUM,
text="A Flask app appears to be run with debug=True, "
"which exposes the Werkzeug debugger and allows "
"the execution of arbitrary code.",
lineno=context.get_lineno_for_call_arg('debug'),
)bandit
Security oriented static analyser for python code.
Package Health Score
100 / 100Popular bandit functions
- bandit.blacklists.utils.build_conf_dict
- bandit.core.config.BanditConfig
- bandit.core.constants
- bandit.core.constants.RANKING
- bandit.core.context.Context
- bandit.core.docs_utils.get_url
- bandit.core.extension_loader
- bandit.core.extension_loader.MANAGER
- bandit.core.issue.Issue
- bandit.core.manager.BanditManager
- bandit.core.test_properties
- bandit.core.test_properties.checks
- bandit.core.test_properties.takes_config
- bandit.core.test_properties.test_id
- bandit.core.test_set.BanditTestSet
- bandit.core.utils
- bandit.HIGH
- bandit.Issue
- bandit.LOW
- bandit.MEDIUM