From cd9fbeb56042e1fa537626fca3e5e09ad8e6f54d Mon Sep 17 00:00:00 2001 From: "Edgar R. M" Date: Sat, 25 Feb 2023 14:32:53 -0600 Subject: [PATCH] [bandit]: Do not treat "passed" as "password" for `S105`/`S106`/`S107` (#3222) --- .../resources/test/fixtures/flake8_bandit/S105.py | 10 ++++++++++ crates/ruff/src/rules/flake8_bandit/helpers.rs | 11 +++++------ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/crates/ruff/resources/test/fixtures/flake8_bandit/S105.py b/crates/ruff/resources/test/fixtures/flake8_bandit/S105.py index 919fe574ed..bc84ea6da1 100644 --- a/crates/ruff/resources/test/fixtures/flake8_bandit/S105.py +++ b/crates/ruff/resources/test/fixtures/flake8_bandit/S105.py @@ -61,3 +61,13 @@ if token == "3\t4": if token == "5\r6": pass + + +# These should not be flagged +passed_msg = "You have passed!" +compassion = "Please don't match!" +impassable = "You shall not pass!" +passwords = "" +passphrases = "" +tokens = "" +secrets = "" diff --git a/crates/ruff/src/rules/flake8_bandit/helpers.rs b/crates/ruff/src/rules/flake8_bandit/helpers.rs index 7dd1124147..eb58f12248 100644 --- a/crates/ruff/src/rules/flake8_bandit/helpers.rs +++ b/crates/ruff/src/rules/flake8_bandit/helpers.rs @@ -1,10 +1,11 @@ +use once_cell::sync::Lazy; +use regex::Regex; use rustpython_parser::ast::{Constant, Expr, ExprKind}; use crate::checkers::ast::Checker; -const PASSWORD_NAMES: [&str; 7] = [ - "password", "pass", "passwd", "pwd", "secret", "token", "secrete", -]; +static PASSWORD_CANDIDATE_REGEX: Lazy = + Lazy::new(|| Regex::new(r"(^|_)(pas+wo?r?d|pass(phrase)?|pwd|token|secrete?)($|_)").unwrap()); pub fn string_literal(expr: &Expr) -> Option<&str> { match &expr.node { @@ -18,9 +19,7 @@ pub fn string_literal(expr: &Expr) -> Option<&str> { // Maybe use regex for this? pub fn matches_password_name(string: &str) -> bool { - PASSWORD_NAMES - .iter() - .any(|name| string.to_lowercase().contains(name)) + PASSWORD_CANDIDATE_REGEX.is_match(string) } pub fn is_untyped_exception(type_: Option<&Expr>, checker: &Checker) -> bool {