Remove openstack specific utils.exec checks

Bandit is no longer OpenStack specific. As such, the utils.exec from OpenStack Oslo should also be removed from Bandit Signed-off-by: Eric Brown <browne@vmware.com>
PyCQA · Jul 1, 2018 · 652fd71 · 652fd71
1 parent 02bad2e
commit 652fd71
Show file tree

Hide file tree

Showing 6 changed files with 4 additions and 77 deletions.
diff --git a/bandit/plugins/injection_shell.py b/bandit/plugins/injection_shell.py
@@ -43,9 +43,7 @@ def gen_config(name):
             ['subprocess.Popen',
              'subprocess.call',
              'subprocess.check_call',
-             'subprocess.check_output',
-             'utils.execute',
-             'utils.execute_with_timeout'],
+             'subprocess.check_output'],
 
             # Start a process with a function vulnerable to shell injection.
             'shell':
@@ -344,8 +342,8 @@ def any_other_function_with_shell_equals_true(context, config):
             # Start a process using the subprocess module, or one of its
             wrappers.
             subprocess: [subprocess.Popen, subprocess.call,
-                         subprocess.check_call, subprocess.check_output,
-                         utils.execute, utils.execute_with_timeout]
+                         subprocess.check_call, subprocess.check_output
+                         execute_with_timeout]
 
 
     :Example:

diff --git a/doc/source/config.rst b/doc/source/config.rst
@@ -30,8 +30,7 @@ look like the following:
       popen2.popen2, popen2.popen3, popen2.popen4, popen2.Popen3,
       popen2.Popen4, commands.getoutput,  commands.getstatusoutput]
     subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call,
-      subprocess.check_output,
-      utils.execute, utils.execute_with_timeout]
+      subprocess.check_output]
 
 If you require several sets of tests for specific tasks, then you should create
 several config files and pick from them using `-c`. If you only wish to control

diff --git a/examples/exec-as-root.py b/examples/exec-as-root.py
diff --git a/examples/secret-config-option.py b/examples/secret-config-option.py
diff --git a/examples/utils-shell.py b/examples/utils-shell.py
diff --git a/tests/functional/test_functional.py b/tests/functional/test_functional.py
@@ -422,14 +422,6 @@ def test_urlopen(self):
         }
         self.check_example('urlopen.py', expect)
 
-    def test_utils_shell(self):
-        '''Test for `utils.execute*` with `shell=True`.'''
-        expect = {
-            'SEVERITY': {'UNDEFINED': 0, 'LOW': 5, 'MEDIUM': 0, 'HIGH': 0},
-            'CONFIDENCE': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 5}
-        }
-        self.check_example('utils-shell.py', expect)
-
     def test_wildcard_injection(self):
         '''Test for wildcard injection in shell commands.'''
         expect = {