How to use the bandit.LOW function in bandit
To help you get started, we’ve selected a few bandit examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
PyCQA / bandit / tests / unit / formatters / test_text.py View on Github 
def test_no_issues(self, get_issue_list):
conf = config.BanditConfig()
self.manager = manager.BanditManager(conf, 'file')
(tmp_fd, self.tmp_fname) = tempfile.mkstemp()
self.manager.out_file = self.tmp_fname
get_issue_list.return_value = collections.OrderedDict()
with open(self.tmp_fname, 'w') as tmp_file:
b_text.report(self.manager, tmp_file, bandit.LOW, bandit.LOW,
lines=5)
with open(self.tmp_fname) as f:
data = f.read()
self.assertIn('No issues identified.', data)def test_matches_issue(self):
issue_a = _get_issue_instance()
issue_b = _get_issue_instance(severity=bandit.HIGH)
issue_c = _get_issue_instance(confidence=bandit.LOW)
issue_d = _get_issue_instance()
issue_d.text = 'ABCD'
issue_e = _get_issue_instance()
issue_e.fname = 'file1.py'
issue_f = issue_a
issue_g = _get_issue_instance()
issue_g.test = 'ZZZZ'
issue_h = issue_a
issue_h.lineno = 12345
# positive testsdef test_no_issues(self, get_issue_list):
conf = config.BanditConfig()
self.manager = manager.BanditManager(conf, 'file')
(tmp_fd, self.tmp_fname) = tempfile.mkstemp()
self.manager.out_file = self.tmp_fname
get_issue_list.return_value = collections.OrderedDict()
with mock.patch('bandit.formatters.screen.do_print') as m:
with open(self.tmp_fname, 'w') as tmp_file:
screen.report(self.manager, tmp_file, bandit.LOW, bandit.LOW,
lines=5)
self.assertIn('No issues identified.',
'\n'.join([str(a) for a in m.call_args]))def setUp(self):
super(YamlFormatterTests, self).setUp()
conf = config.BanditConfig()
self.manager = manager.BanditManager(conf, 'file')
(tmp_fd, self.tmp_fname) = tempfile.mkstemp()
self.context = {'filename': self.tmp_fname,
'lineno': 4,
'linerange': [4]}
self.check_name = 'hardcoded_bind_all_interfaces'
self.issue = issue.Issue(bandit.MEDIUM, bandit.MEDIUM,
'Possible binding to all interfaces.')
self.candidates = [issue.Issue(bandit.LOW, bandit.LOW, 'Candidate A',
lineno=1),
issue.Issue(bandit.HIGH, bandit.HIGH, 'Candiate B',
lineno=2)]
self.manager.out_file = self.tmp_fname
self.issue.fname = self.context['filename']
self.issue.lineno = self.context['lineno']
self.issue.linerange = self.context['linerange']
self.issue.test = self.check_name
self.manager.results.append(self.issue)
self.manager.metrics = metrics.Metrics()
# mock up the metrics
for key in ['_totals', 'binding.py']:if context.check_call_arg_value('secret',
constants.FALSE_VALUES) in [
True, None]:
return bandit.Issue(
severity=bandit.MEDIUM,
confidence=bandit.MEDIUM,
text="oslo config option not marked secret=True "
"identified, security issue.",
lineno=context.get_lineno_for_call_arg('secret'),
)
# Checks whether secret is not True, for example when its set to a
# variable, secret=secret.
elif not context.check_call_arg_value('secret', 'True'):
return bandit.Issue(
severity=bandit.MEDIUM,
confidence=bandit.LOW,
text="oslo config option possibly not marked secret=True "
"identified.",
lineno=context.get_lineno_for_call_arg('secret'),
)def execute_with_run_as_root_equals_true(context, config):
if (context.call_function_name_qual in config['function_names']):
if context.check_call_arg_value('run_as_root', 'True'):
return bandit.Issue(
severity=bandit.LOW,
confidence=bandit.MEDIUM,
text="Execute with run_as_root=True identified, possible "
"security issue.",
lineno=context.get_lineno_for_call_arg('run_as_root'),
)def _report(strings):
reports = []
for string_data in strings:
if string_data.confidence == 1:
confidence = bandit.LOW
elif string_data.confidence == 2:
confidence = bandit.MEDIUM
elif string_data.confidence >= 3:
confidence = bandit.HIGH
if string_data.severity == 1:
severity = bandit.LOW
elif string_data.severity == 2:
severity = bandit.MEDIUM
elif string_data.severity >= 3:
severity = bandit.HIGH
if type(string_data.string) is not unicode:
string_data.string = string_data.string.decode('utf-8', errors='replace')
string_data.string = string_data.string.encode('ascii', errors='replace')
if len(string_data.string) > 12:def _get_tuple_for_item(blacklist_object):
level_map = {'LOW': bandit.LOW, 'MEDIUM': bandit.MEDIUM,
'HIGH': bandit.HIGH}
# if the item we got passed isn't a dictionary, do nothing with this object
if not isinstance(blacklist_object, dict):
return None
# not all of the fields will be set, so all have default fallbacks
qualnames = blacklist_object.get('qualnames')
names = blacklist_object.get('names')
message = blacklist_object.get('message', '')
params = blacklist_object.get('params')
level_name = blacklist_object.get('level', 'MEDIUM').upper()
level = level_map.get(level_name, 'MEDIUM')
return (qualnames, names, message, level, params)- :func:`ssl_with_bad_defaults`
- http://heartbleed.com/
- https://poodlebleed.com/
- https://security.openstack.org/
- https://security.openstack.org/guidelines/dg_move-data-securely.html
.. versionadded:: 0.9.0
"""
if context.call_function_name_qual == 'ssl.wrap_socket':
if context.check_call_arg_value('ssl_version') is None:
# check_call_arg_value() returns False if the argument is found
# but does not match the supplied value (or the default None).
# It returns None if the arg_name passed doesn't exist. This
# tests for that (ssl_version is not specified).
return bandit.Issue(
severity=bandit.LOW,
confidence=bandit.MEDIUM,
text="ssl.wrap_socket call with no SSL/TLS protocol version "
"specified, the default SSLv23 could be insecure, "
"possible security issue.",
lineno=context.get_lineno_for_call_arg('ssl_version'),
)2
3 os.system('/bin/echo hi')
.. seealso::
- https://security.openstack.org
- https://docs.python.org/3/library/os.html#os.system
- https://docs.python.org/3/library/subprocess.html#frequently-used-arguments # noqa
- https://security.openstack.org/guidelines/dg_use-subprocess-securely.html
.. versionadded:: 0.10.0
"""
if config and context.call_function_name_qual in config['shell']:
if len(context.call_args) > 0:
sev = _evaluate_shell_call(context)
if sev == bandit.LOW:
return bandit.Issue(
severity=bandit.LOW,
confidence=bandit.HIGH,
text='Starting a process with a shell: '
'Seems safe, but may be changed in the future, '
'consider rewriting without shell'
)
else:
return bandit.Issue(
severity=bandit.HIGH,
confidence=bandit.HIGH,
text='Starting a process with a shell, possible injection'
' detected, security issue.'bandit
Security oriented static analyser for python code.
Package Health Score
100 / 100Popular bandit functions
- bandit.blacklists.utils.build_conf_dict
- bandit.core.config.BanditConfig
- bandit.core.constants
- bandit.core.constants.RANKING
- bandit.core.context.Context
- bandit.core.docs_utils.get_url
- bandit.core.extension_loader
- bandit.core.extension_loader.MANAGER
- bandit.core.issue.Issue
- bandit.core.manager.BanditManager
- bandit.core.test_properties
- bandit.core.test_properties.checks
- bandit.core.test_properties.takes_config
- bandit.core.test_properties.test_id
- bandit.core.test_set.BanditTestSet
- bandit.core.utils
- bandit.HIGH
- bandit.Issue
- bandit.LOW
- bandit.MEDIUM