Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fast fix for yaml import #303

Merged
merged 9 commits into from
Jun 14, 2018
Merged

Fast fix for yaml import #303

merged 9 commits into from
Jun 14, 2018

Conversation

ehooo
Copy link
Contributor

@ehooo ehooo commented May 10, 2018
edited
Loading

Fast fix for #286

  • Fix pep8 in example
  • Check importation

@ehooo
Fast fix for #286
3ee2540 
- Fix pep8 in example
- Check importation
@ehooo ehooo changed the title Fast fix for #286 Fast fix for yaml import May 10, 2018
lukehinds
lukehinds previously requested changes May 11, 2018
View reviewed changes
Copy link
Member

@lukehinds lukehinds left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does not find an issue when running against your example:

bandit -r examples/yaml_lib_load.py

However if you change bandit/plugins/yaml_load.py:58 to:

if context.is_module_imported_like('yaml') and \

It reports the issue

@ehooo
Copy link
Contributor Author

ehooo commented May 11, 2018

@lukehinds as I undertood on the ticket #286 the issue is that the "examples/yaml_lib_load.py" is false positive; so bandit -r examples/yaml_lib_load.py must be 0 issues.

In other case change is not requierd because now "examples/yaml_lib_load.py" cause 1 issue.

@lukehinds
Copy link
Member

@ehooo yes, you're totally correct, I misread the issue.

ericwb
ericwb requested changes May 11, 2018
View reviewed changes
bandit/plugins/yaml_load.py Outdated
@@ -55,7 +55,8 @@
@test.test_id('B506')
@test.checks('Call')
def yaml_load(context):
if isinstance(context.call_function_name_qual, str):
if context.is_module_imported_exact('yaml') and \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please avoid using \ in long if statement lines. Use ( ) instead

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@lukehinds lukehinds dismissed their stale review May 11, 2018 12:40

misunderstood issue

lukehinds
lukehinds reviewed May 11, 2018
View reviewed changes
Copy link
Member

@lukehinds lukehinds left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I don't think we need the examples/yaml_lib_load.py in the patch. Its good for validating the patch works as expected, but I believe examples/* is for code snippets that have a positive match, and not insuring false positives do not occur, e.g. everything in examples should find an issue.

@ericwb ericwb merged commit 82f877b into PyCQA:master Jun 14, 2018
@ehooo ehooo deleted the yaml_false_positive branch July 13, 2018 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukehinds lukehinds lukehinds left review comments

@ericwb ericwb ericwb approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ehooo @lukehinds @ericwb