3
# Copyright 2014 Hewlett-Packard Development Company, L.P.
5
# Licensed under the Apache License, Version 2.0 (the "License"); you may
6
# not use this file except in compliance with the License. You may obtain
7
# a copy of the License at
9
# http://www.apache.org/licenses/LICENSE-2.0
11
# Unless required by applicable law or agreed to in writing, software
12
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14
# License for the specific language governing permissions and limitations
19
from bandit.core.test_properties import *
23
@checks('Import', 'ImportFrom')
24
def blacklist_imports(context, config):
25
checks = _load_checks(config)
27
# for each check, go through and see if it matches all qualifications
29
# item 0=import, 1=message, 2=level
32
if context.is_module_being_imported(im):
33
return _get_result(check, im)
36
@takes_config('blacklist_imports')
38
def blacklist_import_func(context, config):
39
checks = _load_checks(config)
40
if context.call_function_name_qual == '__import__':
42
# item 0=import, 1=message, 2=level
45
if len(context.call_args) and im == context.call_args[0]:
46
return _get_result(check, im)
49
def _load_checks(config):
50
# load all the checks from the config file
51
if config is not None and 'bad_import_sets' in config:
52
sets = config['bad_import_sets']
58
for blacklist_item in cur_item:
59
blacklist_object = cur_item[blacklist_item]
60
cur_check = _get_tuple_for_item(blacklist_object)
63
checks.append(cur_check)
67
def _get_tuple_for_item(blacklist_object):
73
# if the item we got passed isn't a dictionary, do nothing with the object;
74
# if the item we got passed doesn't have an imports field, we can't do
75
# anything with this. Return None
76
if (not isinstance(blacklist_object, dict) or
77
'imports' not in blacklist_object):
80
imports = blacklist_object['imports']
82
if 'message' in blacklist_object:
83
message = blacklist_object['message']
85
if 'level' in blacklist_object:
86
if blacklist_object['level'] == 'HIGH':
88
elif blacklist_object['level'] == 'MEDIUM':
90
elif blacklist_object['level'] == 'LOW':
93
return_tuple = (imports, message, level)
97
def _get_result(check, im):
98
# substitute '{module}' for the imported module name
99
message = check[1].replace('{module}', im)
102
if check[2] == 'HIGH':
104
elif check[2] == 'MEDIUM':
105
level = bandit.MEDIUM
106
elif check[2] == 'LOW':
109
return bandit.Issue(severity=level, confidence=bandit.HIGH, text=message)