-
-
Notifications
You must be signed in to change notification settings - Fork 603
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fast fix for yaml import #303
Conversation
- Fix pep8 in example - Check importation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This does not find an issue when running against your example:
bandit -r examples/yaml_lib_load.py
However if you change bandit/plugins/yaml_load.py:58 to:
if context.is_module_imported_like('yaml') and \
It reports the issue
@lukehinds as I undertood on the ticket #286 the issue is that the "examples/yaml_lib_load.py" is false positive; so In other case change is not requierd because now "examples/yaml_lib_load.py" cause 1 issue. |
@ehooo yes, you're totally correct, I misread the issue. |
bandit/plugins/yaml_load.py
Outdated
@@ -55,7 +55,8 @@ | |||
@test.test_id('B506') | |||
@test.checks('Call') | |||
def yaml_load(context): | |||
if isinstance(context.call_function_name_qual, str): | |||
if context.is_module_imported_exact('yaml') and \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please avoid using \ in long if statement lines. Use ( ) instead
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I don't think we need the examples/yaml_lib_load.py in the patch. Its good for validating the patch works as expected, but I believe examples/* is for code snippets that have a positive match, and not insuring false positives do not occur, e.g. everything in examples should find an issue.
Fast fix for #286