Rename blacklist to banlist within internal modules and documentation

bandit/blacklists/calls.py → bandit/banlists/calls.py

@@ -5,12 +5,12 @@
 # SPDX-License-Identifier: Apache-2.0
 
 r"""
-====================================================
-Blacklist various Python calls known to be dangerous
-====================================================
+==================================================
+Banlist various Python calls known to be dangerous
+==================================================
 
-This blacklist data checks for a number of Python calls known to have possible
-security implications. The following blacklist tests are run against any
+This banlist data checks for a number of Python calls known to have possible
+security implications. The following banlist tests are run against any
 function calls encoutered in the scanned code base, triggered by encoutering
 ast.Call nodes.
 
@@ -313,19 +313,19 @@
 
 """
 
-from bandit.blacklists import utils
+from bandit.banlists import utils
 
 
-def gen_blacklist():
-    """Generate a list of items to blacklist.
+def gen_banlist():
+    """Generate a list of items to banlist.
 
-    Methods of this type, "bandit.blacklist" plugins, are used to build a list
-    of items that bandit's built in blacklisting tests will use to trigger
-    issues. They replace the older blacklist* test plugins and allow
-    blacklisted items to have a unique bandit ID for filtering and profile
+    Methods of this type, "bandit.banlist" plugins, are used to build a list
+    of items that bandit's built in banlisting tests will use to trigger
+    issues. They replace the older banlist* test plugins and allow
+    banlisted items to have a unique bandit ID for filtering and profile
     usage.
 
-    :return: a dictionary mapping node types to a list of blacklist data
+    :return: a dictionary mapping node types to a list of banlist data
     """
 
     sets = []

bandit/blacklists/imports.py → bandit/banlists/imports.py

@@ -5,12 +5,12 @@
 # SPDX-License-Identifier: Apache-2.0
 
 r"""
-======================================================
-Blacklist various Python imports known to be dangerous
-======================================================
+====================================================
+Banlist various Python imports known to be dangerous
+====================================================
 
-This blacklist data checks for a number of Python modules known to have
-possible security implications. The following blacklist tests are run against
+This banlist data checks for a number of Python modules known to have
+possible security implications. The following banlist tests are run against
 any import statements or calls encountered in the scanned code base.
 
 Note that the XML rules listed here are mostly based off of Christian Heimes'
@@ -193,7 +193,7 @@
 
 B414: import_pycryptodome
 -------------------------
-This import blacklist has been removed. The information here has been
+This import banlist has been removed. The information here has been
 left for historical purposes.
 
 pycryptodome is a direct fork of pycrypto that has not fully addressed
@@ -216,19 +216,19 @@
 
 """
 
-from bandit.blacklists import utils
+from bandit.banlists import utils
 
 
-def gen_blacklist():
-    """Generate a list of items to blacklist.
+def gen_banlist():
+    """Generate a list of items to banlist.
 
-    Methods of this type, "bandit.blacklist" plugins, are used to build a list
-    of items that bandit's built in blacklisting tests will use to trigger
-    issues. They replace the older blacklist* test plugins and allow
-    blacklisted items to have a unique bandit ID for filtering and profile
+    Methods of this type, "bandit.banlist" plugins, are used to build a list
+    of items that bandit's built in banlisting tests will use to trigger
+    issues. They replace the older banlist* test plugins and allow
+    banlisted items to have a unique bandit ID for filtering and profile
     usage.
 
-    :return: a dictionary mapping node types to a list of blacklist data
+    :return: a dictionary mapping node types to a list of banlist data
     """
 
     sets = []

bandit/blacklists/utils.py → bandit/banlists/utils.py

@@ -6,7 +6,7 @@
 
 
 def build_conf_dict(name, bid, qualnames, message, level='MEDIUM'):
-    """Build and return a blacklist configuration dict."""
+    """Build and return a banlist configuration dict."""
 
     return {'name': name, 'id': bid, 'message': message,
             'qualnames': qualnames, 'level': level}

bandit/cli/config_generator.py

@@ -148,7 +148,7 @@ def main():
                              for t in extension_loader.MANAGER.plugins]
 
                 others = [tpl.format(k, v['name']) for k, v in (
-                    extension_loader.MANAGER.blacklist_by_id.items())]
+                    extension_loader.MANAGER.banlist_by_id.items())]
                 test_list.extend(others)
                 test_list.sort()
 

bandit/cli/main.py

@@ -256,12 +256,12 @@ def main():
 
     plugin_info = ["%s\t%s" % (a[0], a[1].name) for a in
                    extension_mgr.plugins_by_id.items()]
-    blacklist_info = []
-    for a in extension_mgr.blacklist.items():
+    banlist_info = []
+    for a in extension_mgr.banlist.items():
         for b in a[1]:
-            blacklist_info.append('%s\t%s' % (b['id'], b['name']))
+            banlist_info.append('%s\t%s' % (b['id'], b['name']))
 
-    plugin_list = '\n\t'.join(sorted(set(plugin_info + blacklist_info)))
+    plugin_list = '\n\t'.join(sorted(set(plugin_info + banlist_info)))
     dedent_text = textwrap.dedent('''
     CUSTOM FORMATTING
     -----------------

bandit/core/blacklisting.py → bandit/core/banlisting.py

@@ -17,17 +17,17 @@ def report_issue(check, name):
         ident=name, test_id=check.get("id", 'LEGACY'))
 
 
-def blacklist(context, config):
-    """Generic blacklist test, B001.
+def banlist(context, config):
+    """Generic banlist test, B001.
 
-    This generic blacklist test will be called for any encountered node with
-    defined blacklist data available. This data is loaded via plugins using
-    the 'bandit.blacklists' entry point. Please see the documentation for more
-    details. Each blacklist datum has a unique bandit ID that may be used for
-    filtering purposes, or alternatively all blacklisting can be filtered using
+    This generic banlist test will be called for any encountered node with
+    defined banlist data available. This data is loaded via plugins using
+    the 'bandit.banlists' entry point. Please see the documentation for more
+    details. Each banlist datum has a unique bandit ID that may be used for
+    filtering purposes, or alternatively all banlisting can be filtered using
     the id of this built in test, 'B001'.
     """
-    blacklists = config
+    banlists = config
     node_type = context.node.__class__.__name__
 
     if node_type == 'Call':
@@ -48,7 +48,7 @@ def blacklist(context, config):
             # Will produce None if argument is not a literal or identifier
             if name in ["importlib.import_module", "importlib.__import__"]:
                 name = context.call_args[0]
-        for check in blacklists[node_type]:
+        for check in banlists[node_type]:
             for qn in check['qualnames']:
                 if name is not None and fnmatch.fnmatch(name, qn):
                     return report_issue(check, name)
@@ -59,7 +59,7 @@ def blacklist(context, config):
             if context.node.module is not None:
                 prefix = context.node.module + "."
 
-        for check in blacklists[node_type]:
+        for check in banlists[node_type]:
             for name in context.node.names:
                 for qn in check['qualnames']:
                     if (prefix + name.name).startswith(qn):

bandit/core/config.py

@@ -171,34 +171,34 @@ def _clean_set(name, data):
                 data.add('B001')
 
         for name, profile in profiles.items():
-            blacklist = {}
+            banlist = {}
             include = profile['include']
             exclude = profile['exclude']
 
             name = 'blacklist_calls'
             if name in include and name not in exclude:
-                blacklist.setdefault('Call', []).extend(bad_calls)
+                banlist.setdefault('Call', []).extend(bad_calls)
 
             _clean_set(name, include)
             _clean_set(name, exclude)
 
             name = 'blacklist_imports'
             if name in include and name not in exclude:
-                blacklist.setdefault('Import', []).extend(bad_imports)
-                blacklist.setdefault('ImportFrom', []).extend(bad_imports)
-                blacklist.setdefault('Call', []).extend(bad_imports)
+                banlist.setdefault('Import', []).extend(bad_imports)
+                banlist.setdefault('ImportFrom', []).extend(bad_imports)
+                banlist.setdefault('Call', []).extend(bad_imports)
 
             _clean_set(name, include)
             _clean_set(name, exclude)
             _clean_set('blacklist_import_func', include)
             _clean_set('blacklist_import_func', exclude)
 
             # This can happen with a legacy config that includes
-            # blacklist_calls but exclude blacklist_imports for example
+            # banlist_calls but exclude banlist_imports for example
             if 'B001' in include and 'B001' in exclude:
                 exclude.remove('B001')
 
-            profile['blacklist'] = blacklist
+            profile['banlist'] = banlist
 
     def validate(self, path):
         '''Validate the config data.'''

bandit/core/docs_utils.py

@@ -19,9 +19,9 @@ def get_url(bid):
         return '%splugins/%s_%s.html' % (BASE_URL, bid.lower(),
                                          info.plugin.__name__)
 
-    info = extension_loader.MANAGER.blacklist_by_id.get(bid)
+    info = extension_loader.MANAGER.banlist_by_id.get(bid)
     if info is not None:
-        template = 'blacklists/blacklist_{kind}.html#{id}-{name}'
+        template = 'banlists/banlist_{kind}.html#{id}-{name}'
         info['name'] = info['name'].replace('_', '-')
 
         if info['id'].startswith('B3'):  # B3XX

bandit/core/extension_loader.py

@@ -5,6 +5,7 @@
 from __future__ import print_function
 
 import sys
+import warnings
 
 import six
 from stevedore import extension
@@ -15,16 +16,17 @@
 class Manager(object):
     # These IDs are for bandit built in tests
     builtin = [
-        'B001'  # Built in blacklist test
+        'B001'  # Built in banlist test
         ]
 
     def __init__(self, formatters_namespace='bandit.formatters',
                  plugins_namespace='bandit.plugins',
-                 blacklists_namespace='bandit.blacklists'):
+                 banlists_namespace='bandit.banlists',
+                 load_legacy_blacklists=True):
         # Cache the extension managers, loaded extensions, and extension names
         self.load_formatters(formatters_namespace)
         self.load_plugins(plugins_namespace)
-        self.load_blacklists(blacklists_namespace)
+        self.load_banlists(banlists_namespace, load_legacy_blacklists)
 
     def load_formatters(self, formatters_namespace):
         self.formatters_mgr = extension.ExtensionManager(
@@ -60,25 +62,40 @@ def get_plugin_id(self, plugin_name):
             return self.plugins_by_name[plugin_name].plugin._test_id
         return None
 
-    def load_blacklists(self, blacklist_namespace):
-        self.blacklists_mgr = extension.ExtensionManager(
-            namespace=blacklist_namespace,
+    def load_banlists(self, banlist_namespace, load_legacy_blacklists=True):
+        self.banlists_mgr = extension.ExtensionManager(
+            namespace=banlist_namespace,
             invoke_on_load=False,
             verify_requirements=False,
             )
-        self.blacklist = {}
-        blacklist = list(self.blacklists_mgr)
-        for item in blacklist:
+        self.banlist = {}
+        banlist = list(self.banlists_mgr)
+
+        if load_legacy_blacklists:
+            self.legacy_banlists_mgr = extension.ExtensionManager(
+                namespace='bandit.blacklists',
+                invoke_on_load=False,
+                verify_requirements=False,
+            )
+            legacy_banlist = list(self.legacy_banlists_mgr)
+            if len(legacy_banlist) > 0:
+                warnings.warn(
+                    "bandit.blacklists will be deprecated in future versions,"
+                    " use bandit.banlists instead.",
+                    DeprecationWarning)
+            banlist = banlist + legacy_banlist
+
+        for item in banlist:
             for key, val in item.plugin().items():
                 utils.check_ast_node(key)
-                self.blacklist.setdefault(key, []).extend(val)
+                self.banlist.setdefault(key, []).extend(val)
 
-        self.blacklist_by_id = {}
-        self.blacklist_by_name = {}
-        for val in six.itervalues(self.blacklist):
+        self.banlist_by_id = {}
+        self.banlist_by_name = {}
+        for val in six.itervalues(self.banlist):
             for b in val:
-                self.blacklist_by_id[b['id']] = b
-                self.blacklist_by_name[b['name']] = b
+                self.banlist_by_id[b['id']] = b
+                self.banlist_by_name[b['name']] = b
 
     def validate_profile(self, profile):
         '''Validate that everything in the configured profiles looks good.'''
@@ -98,7 +115,7 @@ def validate_profile(self, profile):
     def check_id(self, test):
         return (
             test in self.plugins_by_id or
-            test in self.blacklist_by_id or
+            test in self.banlist_by_id or
             test in self.builtin)