From 91a796b805be34332054a9b5448914093b1a3395 Mon Sep 17 00:00:00 2001
From: Tin Lam <tin@irrational.io>
Date: Sun, 18 Feb 2018 00:36:37 -0600
Subject: [PATCH] Fix false positives for pyCrypto

This patch set fixes an issue where modules whose names begin with
string ``Crypto`` are incorrectly flagged for pyCrypto imports.  The
fix will now explicitly calls out pyCrypto module one sub-level to
avoid the false positives.

Change-Id: Iafd3fae2fc7a13a0a93800ee570c4e1354be1391
Closes-Bug: #1749603
Signed-off-by: Tin Lam <tin@irrational.io>
---
 bandit/blacklists/imports.py | 19 +++++++++++++++++--
 examples/pycrypto.py         |  3 +++
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/bandit/blacklists/imports.py b/bandit/blacklists/imports.py
index 6805a02e..9bb55994 100644
--- a/bandit/blacklists/imports.py
+++ b/bandit/blacklists/imports.py
@@ -189,7 +189,14 @@ library.
 +------+---------------------+------------------------------------+-----------+
 | ID   |  Name               |  Imports                           |  Severity |
 +======+=====================+====================================+===========+
-| B413 | import_pycrypto     | - Crypto                           | high      |
+| B413 | import_pycrypto     | - Crypto.Cipher                    | high      |
+|      |                     | - Crypto.Hash                      |           |
+|      |                     | - Crypto.IO                        |           |
+|      |                     | - Crypto.Protocol                  |           |
+|      |                     | - Crypto.PublicKey                 |           |
+|      |                     | - Crypto.Random                    |           |
+|      |                     | - Crypto.Signature                 |           |
+|      |                     | - Crypto.Util                      |           |
 +------+---------------------+------------------------------------+-----------+
 
 """
@@ -282,7 +289,15 @@ def gen_blacklist():
         ))
 
     sets.append(utils.build_conf_dict(
-        'import_pycrypto', 'B413', ['Crypto'],
+        'import_pycrypto', 'B413',
+        ['Crypto.Cipher',
+         'Crypto.Hash',
+         'Crypto.IO',
+         'Crypto.Protocol',
+         'Crypto.PublicKey',
+         'Crypto.Random',
+         'Crypto.Signature',
+         'Crypto.Util'],
         'The pyCrypto library and its module {name} are no longer actively '
         'maintained and have been deprecated. '
         'Consider using pyca/cryptography library.', 'HIGH'))
diff --git a/examples/pycrypto.py b/examples/pycrypto.py
index 8fa00c7a..fe8de076 100644
--- a/examples/pycrypto.py
+++ b/examples/pycrypto.py
@@ -1,8 +1,11 @@
 from Crypto.Cipher import AES
 from Crypto import Random
 
+from . import CryptoMaterialsCacheEntry
+
 
 def test_pycrypto():
     key = b'Sixteen byte key'
     iv = Random.new().read(AES.block_size)
     cipher = pycrypto_arc2.new(key, AES.MODE_CFB, iv)
+    factory = CryptoMaterialsCacheEntry()