Inconsistency of random.Random
detection between different platforms
#926
Labels
bug
Something isn't working
random.Random
detection between different platforms
#926
Describe the bug
The
blacklisting
module usesfnmatch
for matching call names, which results in differing behavior on Windows vs other platforms.bandit/bandit/core/blacklisting.py
Line 58 in 5809d1b
Particularly, usage of
random.random
generally results in B311 being emitted:bandit/bandit/blacklists/calls.py
Lines 523 to 528 in 5809d1b
Since
fnmatch
callsos.path.normcase
, this blacklist entry also matchesrandom.Random
on Windows, but not Linux.Reproduction steps
Run
bandit
on the following code on Windows and Linux:Expected behavior
I'm not exactly sure what the correct behavior should be - probably
random.Random
resulting in B311 on all platforms, not just Windows - but it should be consistent regardless of platform.Bandit version
1.7.4 (Default)
Python version
3.9
Additional context
No response
The text was updated successfully, but these errors were encountered: