Python
/
ruff
mirror of https://github.com/astral-sh/ruff
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Avoid Bandit false-positives for empty-string-as-password (#2421)

This commit is contained in:
Charlie Marsh 2023-01-31 16:56:03 -05:00 committed by GitHub
parent fbf231e1b8
commit 142b627bb8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 98 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
resources/test/fixtures/flake8_bandit/S105.py vendored
View File

@ -4,6 +4,7 @@ d = {}
safe = "s3cr3t" safe = "s3cr3t"
password = True password = True
password = safe password = safe
password = ""
password is True password is True
password == 1 password == 1
d["safe"] = "s3cr3t" d["safe"] = "s3cr3t"

1
resources/test/fixtures/flake8_bandit/S106.py vendored
View File

@ -7,6 +7,7 @@ string = "Hello World"
# OK # OK
func("s3cr3t") func("s3cr3t")
func(1, password=string) func(1, password=string)
func(1, password="")
func(pos="s3cr3t", password=string) func(pos="s3cr3t", password=string)
# Error # Error

4
resources/test/fixtures/flake8_bandit/S107.py vendored
View File

@ -28,3 +28,7 @@ def ok_all(first, /, pos, default="posonly", *, kwonly="kwonly"):
def default_all(first, /, pos, secret="posonly", *, password="kwonly"): def default_all(first, /, pos, secret="posonly", *, password="kwonly"):
pass pass
def ok_empty(first, password=""):
pass

2
src/rules/flake8_bandit/rules/hardcoded_password_default.rs
View File

@ -6,7 +6,7 @@ use crate::registry::Diagnostic;
use crate::violations; use crate::violations;
fn check_password_kwarg(arg: &Located<ArgData>, default: &Expr) -> Option<Diagnostic> { fn check_password_kwarg(arg: &Located<ArgData>, default: &Expr) -> Option<Diagnostic> {
let string = string_literal(default)?; let string = string_literal(default).filter(|string| !string.is_empty())?;
let kwarg_name = &arg.node.arg; let kwarg_name = &arg.node.arg;
if !matches_password_name(kwarg_name) { if !matches_password_name(kwarg_name) {
return None; return None;

2
src/rules/flake8_bandit/rules/hardcoded_password_func_arg.rs
View File

@ -10,7 +10,7 @@ pub fn hardcoded_password_func_arg(keywords: &[Keyword]) -> Vec<Diagnostic> {
keywords keywords
.iter() .iter()
.filter_map(|keyword| { .filter_map(|keyword| {
let string = string_literal(&keyword.node.value)?; let string = string_literal(&keyword.node.value).filter(|string| !string.is_empty())?;
let arg = keyword.node.arg.as_ref()?; let arg = keyword.node.arg.as_ref()?;
if !matches_password_name(arg) { if !matches_password_name(arg) {
return None; return None;

4
src/rules/flake8_bandit/rules/hardcoded_password_string.rs
View File

@ -30,7 +30,7 @@ pub fn compare_to_hardcoded_password_string(left: &Expr, comparators: &[Expr]) -
comparators comparators
.iter() .iter()
.filter_map(|comp| { .filter_map(|comp| {
let string = string_literal(comp)?; let string = string_literal(comp).filter(|string| !string.is_empty())?;
if !is_password_target(left) { if !is_password_target(left) {
return None; return None;
} }
@ -46,7 +46,7 @@ pub fn compare_to_hardcoded_password_string(left: &Expr, comparators: &[Expr]) -
/// S105 /// S105
pub fn assign_hardcoded_password_string(value: &Expr, targets: &[Expr]) -> Option<Diagnostic> { pub fn assign_hardcoded_password_string(value: &Expr, targets: &[Expr]) -> Option<Diagnostic> {
if let Some(string) = string_literal(value) { if let Some(string) = string_literal(value).filter(|string| !string.is_empty()) {
for target in targets { for target in targets {
if is_password_target(target) { if is_password_target(target) {
return Some(Diagnostic::new( return Some(Diagnostic::new(

172
src/rules/flake8_bandit/snapshots/ruff__rules__flake8_bandit__tests__S105_S105.py.snap
View File

@ -6,10 +6,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 12 row: 13
column: 11 column: 11
end_location: end_location:
row: 12 row: 13
column: 19 column: 19
fix: ~ fix: ~
parent: ~ parent: ~
@ -17,10 +17,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 13 row: 14
column: 8 column: 8
end_location: end_location:
row: 13 row: 14
column: 16 column: 16
fix: ~ fix: ~
parent: ~ parent: ~
@ -28,10 +28,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 14 row: 15
column: 9 column: 9
end_location: end_location:
row: 14 row: 15
column: 17 column: 17
fix: ~ fix: ~
parent: ~ parent: ~
@ -39,10 +39,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 15 row: 16
column: 6 column: 6
end_location: end_location:
row: 15 row: 16
column: 14 column: 14
fix: ~ fix: ~
parent: ~ parent: ~
@ -50,10 +50,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 16 row: 17
column: 9 column: 9
end_location: end_location:
row: 16 row: 17
column: 17 column: 17
fix: ~ fix: ~
parent: ~ parent: ~
@ -61,10 +61,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 17 row: 18
column: 8 column: 8
end_location: end_location:
row: 17 row: 18
column: 16 column: 16
fix: ~ fix: ~
parent: ~ parent: ~
@ -72,22 +72,11 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 18 row: 19
column: 10 column: 10
end_location: end_location:
row: 18
column: 18
fix: ~
parent: ~
- kind:
HardcodedPasswordString:
string: s3cr3t
location:
row: 19 row: 19
column: 18 column: 18
end_location:
row: 19
column: 26
fix: ~ fix: ~
parent: ~ parent: ~
- kind: - kind:
@ -105,10 +94,21 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 22 row: 21
column: 18
end_location:
row: 21
column: 26
fix: ~
parent: ~
- kind:
HardcodedPasswordString:
string: s3cr3t
location:
row: 23
column: 16 column: 16
end_location: end_location:
row: 22 row: 23
column: 24 column: 24
fix: ~ fix: ~
parent: ~ parent: ~
@ -116,10 +116,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 23 row: 24
column: 12 column: 12
end_location: end_location:
row: 23 row: 24
column: 20 column: 20
fix: ~ fix: ~
parent: ~ parent: ~
@ -127,10 +127,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 24 row: 25
column: 14 column: 14
end_location: end_location:
row: 24 row: 25
column: 22 column: 22
fix: ~ fix: ~
parent: ~ parent: ~
@ -138,10 +138,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 25 row: 26
column: 11 column: 11
end_location: end_location:
row: 25 row: 26
column: 19 column: 19
fix: ~ fix: ~
parent: ~ parent: ~
@ -149,10 +149,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 26 row: 27
column: 14 column: 14
end_location: end_location:
row: 26 row: 27
column: 22 column: 22
fix: ~ fix: ~
parent: ~ parent: ~
@ -160,10 +160,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 27 row: 28
column: 13 column: 13
end_location: end_location:
row: 27 row: 28
column: 21 column: 21
fix: ~ fix: ~
parent: ~ parent: ~
@ -171,22 +171,11 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 28 row: 29
column: 15 column: 15
end_location: end_location:
row: 28
column: 23
fix: ~
parent: ~
- kind:
HardcodedPasswordString:
string: s3cr3t
location:
row: 29 row: 29
column: 23 column: 23
end_location:
row: 29
column: 31
fix: ~ fix: ~
parent: ~ parent: ~
- kind: - kind:
@ -204,10 +193,21 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 34 row: 31
column: 23
end_location:
row: 31
column: 31
fix: ~
parent: ~
- kind:
HardcodedPasswordString:
string: s3cr3t
location:
row: 35
column: 15 column: 15
end_location: end_location:
row: 34 row: 35
column: 23 column: 23
fix: ~ fix: ~
parent: ~ parent: ~
@ -215,10 +215,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 38 row: 39
column: 19 column: 19
end_location: end_location:
row: 38 row: 39
column: 27 column: 27
fix: ~ fix: ~
parent: ~ parent: ~
@ -226,10 +226,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 39 row: 40
column: 16 column: 16
end_location: end_location:
row: 39 row: 40
column: 24 column: 24
fix: ~ fix: ~
parent: ~ parent: ~
@ -237,10 +237,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 40 row: 41
column: 17 column: 17
end_location: end_location:
row: 40 row: 41
column: 25 column: 25
fix: ~ fix: ~
parent: ~ parent: ~
@ -248,10 +248,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 41 row: 42
column: 14 column: 14
end_location: end_location:
row: 41 row: 42
column: 22 column: 22
fix: ~ fix: ~
parent: ~ parent: ~
@ -259,10 +259,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 42 row: 43
column: 17 column: 17
end_location: end_location:
row: 42 row: 43
column: 25 column: 25
fix: ~ fix: ~
parent: ~ parent: ~
@ -270,10 +270,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 43 row: 44
column: 16 column: 16
end_location: end_location:
row: 43 row: 44
column: 24 column: 24
fix: ~ fix: ~
parent: ~ parent: ~
@ -281,10 +281,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 44 row: 45
column: 18 column: 18
end_location: end_location:
row: 44 row: 45
column: 26 column: 26
fix: ~ fix: ~
parent: ~ parent: ~
@ -292,10 +292,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 46 row: 47
column: 12 column: 12
end_location: end_location:
row: 46 row: 47
column: 20 column: 20
fix: ~ fix: ~
parent: ~ parent: ~
@ -303,10 +303,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 47 row: 48
column: 9 column: 9
end_location: end_location:
row: 47 row: 48
column: 17 column: 17
fix: ~ fix: ~
parent: ~ parent: ~
@ -314,10 +314,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 48 row: 49
column: 10 column: 10
end_location: end_location:
row: 48 row: 49
column: 18 column: 18
fix: ~ fix: ~
parent: ~ parent: ~
@ -325,10 +325,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 49 row: 50
column: 7 column: 7
end_location: end_location:
row: 49 row: 50
column: 15 column: 15
fix: ~ fix: ~
parent: ~ parent: ~
@ -336,10 +336,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 50 row: 51
column: 10 column: 10
end_location: end_location:
row: 50 row: 51
column: 18 column: 18
fix: ~ fix: ~
parent: ~ parent: ~
@ -347,10 +347,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 51 row: 52
column: 9 column: 9
end_location: end_location:
row: 51 row: 52
column: 17 column: 17
fix: ~ fix: ~
parent: ~ parent: ~
@ -358,10 +358,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 52 row: 53
column: 11 column: 11
end_location: end_location:
row: 52 row: 53
column: 19 column: 19
fix: ~ fix: ~
parent: ~ parent: ~
@ -369,10 +369,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: s3cr3t string: s3cr3t
location: location:
row: 53 row: 54
column: 20 column: 20
end_location: end_location:
row: 53 row: 54
column: 28 column: 28
fix: ~ fix: ~
parent: ~ parent: ~
@ -380,10 +380,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: "1\n2" string: "1\n2"
location: location:
row: 55 row: 56
column: 12 column: 12
end_location: end_location:
row: 55 row: 56
column: 18 column: 18
fix: ~ fix: ~
parent: ~ parent: ~
@ -391,10 +391,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: "3\t4" string: "3\t4"
location: location:
row: 58 row: 59
column: 12 column: 12
end_location: end_location:
row: 58 row: 59
column: 18 column: 18
fix: ~ fix: ~
parent: ~ parent: ~
@ -402,10 +402,10 @@ expression: diagnostics
HardcodedPasswordString: HardcodedPasswordString:
string: "5\r6" string: "5\r6"
location: location:
row: 61 row: 62
column: 12 column: 12
end_location: end_location:
row: 61 row: 62
column: 18 column: 18
fix: ~ fix: ~
parent: ~ parent: ~

4
src/rules/flake8_bandit/snapshots/ruff__rules__flake8_bandit__tests__S106_S106.py.snap
View File

@ -6,10 +6,10 @@ expression: diagnostics
HardcodedPasswordFuncArg: HardcodedPasswordFuncArg:
string: s3cr3t string: s3cr3t
location: location:
row: 13 row: 14
column: 8 column: 8
end_location: end_location:
row: 13 row: 14
column: 25 column: 25
fix: ~ fix: ~
parent: ~ parent: ~