blacklist getattr calls

[KOLANICH]

Is your feature request related to a problem? Please describe.
One of use cases for bandit is a backdoor detection. It doesn't fit it well though, since for proper backdoor detection intermodule and runtime interactions must be addressed, i.e. with taint analysis (and the fact that using bandit for backdoor detection can be easily bypassed must be clearly stated in bold big red font).

It can detect very crude backdoors with explicit eval. But it is easy to mask them, by just obfuscating the string eval and getting the function using getattr.

Also getattr is a bad smell by itself, since it is often dangerously misused. I.e.

class A:
    b = lambda b: b

function_id = "string from the net"
getattr(A, function_id)(*args_from_the_net)

Instead a collection should be used and A[function_id], which will only allow calling an explicitly defined set of functions.

Describe the solution you'd like

getattr should be blacklisted.

[CodePint]

Blanket blacklisting getattr is a misguided sledge hammer approach to security. It's use is not a code smell when used appropriately. The scenario above is obviously a security risk but getattr calls not implicitly unsafe and are widely used in metaprogramming often replacing verbose factory patterns. Go ask any ruby developer!

Whilst I would caution against the use of getattr using arguments from external sources.
You could still implement your example securely by strictly sticking to _ prefixing for private methods and performing validation on the function name (perhaps using a metaclass and decorating every function).

[KOLANICH]

You could still implement your example securely by strictly sticking to _ prefixing for private methods and performing validation on the function name (perhaps using a metaclass and decorating every function).

Why to do such things instead of using a collection, which should be much easier?