Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add test for usage of FTP_TLS #1149

Merged
merged 2 commits into from
Jun 24, 2024
Merged

Add test for usage of FTP_TLS #1149

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b4b0d90
Performance improvement in blacklist function
ericwb Jun 23, 2024
a339b15
Add test for usage of FTP_TLS
ericwb Jun 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions bandit/blacklists/calls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -537,7 +537,7 @@ def gen_blacklist():
"telnetlib",
"B312",
issue.Cwe.CLEARTEXT_TRANSMISSION,
["telnetlib.*"],
["telnetlib.Telnet"],
"Telnet-related functions are being called. Telnet is considered "
"insecure. Use SSH or some other encrypted protocol.",
"HIGH",
Expand Down Expand Up @@ -662,7 +662,7 @@ def gen_blacklist():
"ftplib",
"B321",
issue.Cwe.CLEARTEXT_TRANSMISSION,
["ftplib.*"],
["ftplib.FTP"],
"FTP-related functions are being called. FTP is considered "
"insecure. Use SSH/SFTP/SCP or some other encrypted protocol.",
"HIGH",
Expand Down
3 changes: 1 addition & 2 deletions bandit/core/blacklisting.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
#
# SPDX-License-Identifier: Apache-2.0
import ast
import fnmatch

from bandit.core import issue

Expand Down Expand Up @@ -55,7 +54,7 @@ def blacklist(context, config):
name = context.call_keywords["name"]
for check in blacklists[node_type]:
for qn in check["qualnames"]:
if name is not None and fnmatch.fnmatch(name, qn):
if name is not None and name == qn:
return report_issue(check, name)

if node_type.startswith("Import"):
Expand Down
17 changes: 16 additions & 1 deletion examples/ftplib.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,24 @@
from ftplib import FTP
from ftplib import FTP_TLS


# bad
ftp = FTP('ftp.debian.org')
ftp.login()

ftp.cwd('debian')
ftp.retrlines('LIST')

ftp.quit()
ftp.quit()

# okay
ftp = ftplib.FTP_TLS(
"ftp.us.debian.org",
context=ssl.create_default_context(),
)
ftp.login()

ftp.cwd("debian")
ftp.retrlines("LIST")

ftp.quit()
4 changes: 2 additions & 2 deletions tests/functional/test_functional.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -246,8 +246,8 @@ def test_telnet_usage(self):
def test_ftp_usage(self):
"""Test for `import ftplib` and FTP.* calls."""
expect = {
"SEVERITY": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 0, "HIGH": 2},
"CONFIDENCE": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 0, "HIGH": 2},
"SEVERITY": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 0, "HIGH": 3},
"CONFIDENCE": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 0, "HIGH": 3},
}
self.check_example("ftplib.py", expect)

Expand Down
Loading