Merge branch 'main' into ericwb-patch-2

PyCQA · Dec 8, 2023 · 3f66a96 · 3f66a96
2 parents dae47ea + 6b2e247
commit 3f66a96
Show file tree

Hide file tree

Showing 7 changed files with 26 additions and 10 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml
@@ -68,7 +68,8 @@ body:
       label: Python version
       description: Run "bandit --version" if unsure of version number
       options:
-        - "3.11 (Default)"
+        - "3.12 (Default)"
+        - "3.11"
         - "3.10"
         - "3.9"
         - "3.8"

diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml
@@ -47,7 +47,11 @@ jobs:
     strategy:
       matrix:
         python-version: [
-          ["3.8", "38"], ["3.9", "39"], ["3.10", "310"], ["3.11", "311"]
+          ["3.8", "38"],
+          ["3.9", "39"],
+          ["3.10", "310"],
+          ["3.11", "311"],
+          ["3.12", "312"],
         ]
         os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -12,8 +12,8 @@ repos:
   hooks:
   - id: reorder-python-imports
     args: [--application-directories, '.:src', --py38-plus]
-- repo: https://github.com/psf/black
-  rev: 23.3.0
+- repo: https://github.com/psf/black-pre-commit-mirror
+  rev: 23.10.1
   hooks:
   - id: black
     args: [--line-length=79, --target-version=py38]

diff --git a/bandit/plugins/ssh_no_host_key_verification.py b/bandit/plugins/ssh_no_host_key_verification.py
@@ -35,6 +35,8 @@
     CWE information added
 
 """
+import ast
+
 import bandit
 from bandit.core import issue
 from bandit.core import test_properties as test
@@ -46,11 +48,17 @@ def ssh_no_host_key_verification(context):
     if (
         context.is_module_imported_like("paramiko")
         and context.call_function_name == "set_missing_host_key_policy"
+        and context.node.args
     ):
-        if context.call_args and context.call_args[0] in [
-            "AutoAddPolicy",
-            "WarningPolicy",
-        ]:
+        policy_argument = context.node.args[0]
+
+        policy_argument_value = None
+        if isinstance(policy_argument, ast.Attribute):
+            policy_argument_value = policy_argument.attr
+        elif isinstance(policy_argument, ast.Call):
+            policy_argument_value = policy_argument.func.attr
+
+        if policy_argument_value in ["AutoAddPolicy", "WarningPolicy"]:
             return bandit.Issue(
                 severity=bandit.HIGH,
                 confidence=bandit.MEDIUM,

diff --git a/examples/no_host_key_verification.py b/examples/no_host_key_verification.py
@@ -3,3 +3,5 @@
 ssh_client = client.SSHClient()
 ssh_client.set_missing_host_key_policy(client.AutoAddPolicy)
 ssh_client.set_missing_host_key_policy(client.WarningPolicy)
+ssh_client.set_missing_host_key_policy(client.AutoAddPolicy())
+ssh_client.set_missing_host_key_policy(client.WarningPolicy())
diff --git a/setup.cfg b/setup.cfg
@@ -22,6 +22,7 @@ classifier =
     Programming Language :: Python :: 3.9
     Programming Language :: Python :: 3.10
     Programming Language :: Python :: 3.11
+    Programming Language :: Python :: 3.12
     Programming Language :: Python :: 3 :: Only
     Topic :: Security
 project_urls =

diff --git a/tests/functional/test_functional.py b/tests/functional/test_functional.py
@@ -543,8 +543,8 @@ def test_yaml(self):
     def test_host_key_verification(self):
         """Test for ignoring host key verification."""
         expect = {
-            "SEVERITY": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 0, "HIGH": 2},
-            "CONFIDENCE": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 2, "HIGH": 0},
+            "SEVERITY": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 0, "HIGH": 4},
+            "CONFIDENCE": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 4, "HIGH": 0},
         }
         self.check_example("no_host_key_verification.py", expect)