Fixing a bug and cleaning up in blacklisting code

Closes-bug: 1536414 Change-Id: I574e8c673c7a7dd197599286ec98f106a6d94fb5
2016-01-21 14:48:06 +00:00 · 2016-01-21 14:48:06 +00:00 · 5180c65d26
parent 7f9524e63e
commit 5180c65d26
2 changed files with 9 additions and 3 deletions
--- a/bandit/core/blacklisting.py
+++ b/bandit/core/blacklisting.py
@ -31,14 +31,16 @@ def report_issue(check, name):
 def blacklist(context):
    blacklists = extension_loader.MANAGER.blacklist
    node_type = context.node.__class__.__name__
-    if node_type not in blacklists:
-        return

    if node_type == 'Call':
        func = context.node.func
        if isinstance(func, ast.Name) and func.id == '__import__':
            if len(context.node.args):
-                name = context.node.args[0].s
+                if isinstance(context.node.args[0], ast.Str):
+                    name = context.node.args[0].s
+                else:
+                    # TODO(??): import through a variable, need symbol tab
+                    name = "UNKNOWN"
            else:
                name = ""  # handle '__import__()'
        else:
--- a/examples/imports-function.py
+++ b/examples/imports-function.py
@ -6,3 +6,7 @@ subprocess = __import__("subprocess")
 # this has been reported in the wild, though it's invalid python
 # see bug https://bugs.launchpad.net/bandit/+bug/1396333
 __import__()
+
+# TODO(??): bandit can not find this one unfortunatly (no symbol tab)
+a = 'subprocess'
+__import__(a)