From 75d527bfc7277a402640353b85d4b67b3b5ffbaa Mon Sep 17 00:00:00 2001
From: Lucas Cimon <925560+Lucas-C@users.noreply.github.com>
Date: Tue, 16 Nov 2021 20:19:01 +0100
Subject: [PATCH] Handling Python source files using a non-UTF8 encoding

---
 bandit/plugins/trojansource.py      | 12 ++++++++----
 examples/trojansource_latin1.py     |  7 +++++++
 tests/functional/test_functional.py |  7 +++++++
 3 files changed, 22 insertions(+), 4 deletions(-)
 create mode 100644 examples/trojansource_latin1.py

diff --git a/bandit/plugins/trojansource.py b/bandit/plugins/trojansource.py
index 5749c1f5f..10acfdc68 100755
--- a/bandit/plugins/trojansource.py
+++ b/bandit/plugins/trojansource.py
@@ -14,7 +14,7 @@
 
 .. code-block:: none
 
-    >> Issue: [B113:trojansource] A Python source file seems to contain bidirectional control characters ('\u202e').
+    >> Issue: [B113:trojansource] A Python source file contains bidirectional control characters ('\u202e').
        Severity: High   Confidence: Medium
        Location: examples/trojansource.py:0:0
 
@@ -23,10 +23,12 @@
  .. [1] https://trojansource.codes/
  .. [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42574
 
-.. versionadded:: 1.7.1
+.. versionadded:: 1.7.2
 
 """  # noqa: E501
 
+from tokenize import detect_encoding
+
 import bandit
 from bandit.core import test_properties as test
 
@@ -37,7 +39,9 @@
 @test.test_id('B113')
 @test.checks('File')
 def trojansource(context):
-    with open(context.filename, encoding='utf8') as src_file:
+    with open(context.filename, 'rb') as src_file:
+        encoding, _ = detect_encoding(src_file.readline)
+    with open(context.filename, encoding=encoding) as src_file:
         for lineno, line in enumerate(src_file.readlines(), start=1):
             for char in BIDI_CHARACTERS:
                 try:
@@ -47,7 +51,7 @@ def trojansource(context):
                 return bandit.Issue(
                     severity=bandit.HIGH,
                     confidence=bandit.MEDIUM,
-                    text="A Python source file seems to contain bidirectional control characters (%r)." % char,
+                    text="A Python source file contains bidirectional control characters (%r)." % char,
                     lineno=lineno,
                     col_offset=col_offset,
                 )
diff --git a/examples/trojansource_latin1.py b/examples/trojansource_latin1.py
new file mode 100644
index 000000000..dee24e07c
--- /dev/null
+++ b/examples/trojansource_latin1.py
@@ -0,0 +1,7 @@
+#!/usr/bin/env python3
+# -*- coding: latin-1 -*-
+# cf. https://trojansource.codes & https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42574
+# Some special characters: ������
+access_level = "user"
+if access_level != 'none??': # Check if admin ??' and access_level != 'user
+    print("You are an admin.\n")
diff --git a/tests/functional/test_functional.py b/tests/functional/test_functional.py
index ab022b106..73dfd3ae4 100644
--- a/tests/functional/test_functional.py
+++ b/tests/functional/test_functional.py
@@ -797,3 +797,10 @@ def test_trojansource(self):
             'CONFIDENCE': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 1, 'HIGH': 0}
         }
         self.check_example('trojansource.py', expect)
+
+    def test_trojansource_latin1(self):
+        expect = {
+            'SEVERITY': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 0},
+            'CONFIDENCE': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 0}
+        }
+        self.check_example('trojansource_latin1.py', expect)