Skip to content

Commit

Permalink
Fix code review
Browse files Browse the repository at this point in the history
  • Loading branch information
@ehooo @ericwb
ehooo authored and ericwb committed Jun 14, 2018
1 parent d3f8164 commit 82f877b
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 16 deletions.
7 changes: 4 additions & 3 deletions bandit/plugins/yaml_load.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,10 @@
@test.test_id('B506')
@test.checks('Call')
def yaml_load(context):
if context.is_module_imported_exact('yaml') and \
isinstance(context.call_function_name_qual, str):
qualname_list = context.call_function_name_qual.split('.')
imported = context.is_module_imported_exact('yaml')
qualname = context.call_function_name_qual
if imported and isinstance(qualname, str):
qualname_list = qualname.split('.')
func = qualname_list[-1]
if 'yaml' in qualname_list and func == 'load':
if not context.check_call_arg_value('Loader', 'SafeLoader'):
Expand Down
7 changes: 0 additions & 7 deletions examples/yaml_lib_load.py
View file

This file was deleted.

6 changes: 0 additions & 6 deletions tests/functional/test_functional.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -464,12 +464,6 @@ def test_yaml(self):
}
self.check_example('yaml_load.py', expect)

expect = {
'SEVERITY': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 0},
'CONFIDENCE': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 0}
}
self.check_example('yaml_lib_load.py', expect)

def test_jinja2_templating(self):
'''Test jinja templating for potential XSS bugs.'''
expect = {
Expand Down

0 comments on commit 82f877b

Please sign in to comment.