Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rename blacklist to banlist within internal modules and documentation #627

Closed
wants to merge 17 commits into from
Closed
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
File renamed without changes.
22 changes: 11 additions & 11 deletions bandit/blacklists/calls.py → bandit/banlists/calls.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@

r"""
====================================================
tonybaloney marked this conversation as resolved.
Show resolved Hide resolved
Blacklist various Python calls known to be dangerous
Banlist various Python calls known to be dangerous
====================================================
tonybaloney marked this conversation as resolved.
Show resolved Hide resolved

This blacklist data checks for a number of Python calls known to have possible
security implications. The following blacklist tests are run against any
This banlist data checks for a number of Python calls known to have possible
security implications. The following banlist tests are run against any
function calls encoutered in the scanned code base, triggered by encoutering
ast.Call nodes.

Expand Down Expand Up @@ -313,19 +313,19 @@

"""

from bandit.blacklists import utils
from bandit.banlists import utils


def gen_blacklist():
"""Generate a list of items to blacklist.
def gen_banlist():
"""Generate a list of items to banlist.

Methods of this type, "bandit.blacklist" plugins, are used to build a list
of items that bandit's built in blacklisting tests will use to trigger
issues. They replace the older blacklist* test plugins and allow
blacklisted items to have a unique bandit ID for filtering and profile
Methods of this type, "bandit.banlist" plugins, are used to build a list
of items that bandit's built in banlisting tests will use to trigger
issues. They replace the older banlist* test plugins and allow
banlisted items to have a unique bandit ID for filtering and profile
usage.

:return: a dictionary mapping node types to a list of blacklist data
:return: a dictionary mapping node types to a list of banlist data
"""

sets = []
Expand Down
24 changes: 12 additions & 12 deletions bandit/blacklists/imports.py → bandit/banlists/imports.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@

r"""
======================================================
tonybaloney marked this conversation as resolved.
Show resolved Hide resolved
Blacklist various Python imports known to be dangerous
Banlist various Python imports known to be dangerous
======================================================
tonybaloney marked this conversation as resolved.
Show resolved Hide resolved

This blacklist data checks for a number of Python modules known to have
possible security implications. The following blacklist tests are run against
This banlist data checks for a number of Python modules known to have
possible security implications. The following banlist tests are run against
any import statements or calls encountered in the scanned code base.

Note that the XML rules listed here are mostly based off of Christian Heimes'
Expand Down Expand Up @@ -193,7 +193,7 @@

B414: import_pycryptodome
-------------------------
This import blacklist has been removed. The information here has been
This import banlist has been removed. The information here has been
left for historical purposes.

pycryptodome is a direct fork of pycrypto that has not fully addressed
Expand All @@ -216,19 +216,19 @@

"""

from bandit.blacklists import utils
from bandit.banlists import utils


def gen_blacklist():
"""Generate a list of items to blacklist.
def gen_banlist():
"""Generate a list of items to banlist.

Methods of this type, "bandit.blacklist" plugins, are used to build a list
of items that bandit's built in blacklisting tests will use to trigger
issues. They replace the older blacklist* test plugins and allow
blacklisted items to have a unique bandit ID for filtering and profile
Methods of this type, "bandit.banlist" plugins, are used to build a list
of items that bandit's built in banlisting tests will use to trigger
issues. They replace the older banlist* test plugins and allow
banlisted items to have a unique bandit ID for filtering and profile
usage.

:return: a dictionary mapping node types to a list of blacklist data
:return: a dictionary mapping node types to a list of banlist data
"""

sets = []
Expand Down
2 changes: 1 addition & 1 deletion bandit/blacklists/utils.py → bandit/banlists/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@


def build_conf_dict(name, bid, qualnames, message, level='MEDIUM'):
"""Build and return a blacklist configuration dict."""
"""Build and return a banlist configuration dict."""

return {'name': name, 'id': bid, 'message': message,
'qualnames': qualnames, 'level': level}
2 changes: 1 addition & 1 deletion bandit/cli/config_generator.py
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ def main():
for t in extension_loader.MANAGER.plugins]

others = [tpl.format(k, v['name']) for k, v in (
extension_loader.MANAGER.blacklist_by_id.items())]
extension_loader.MANAGER.banlist_by_id.items())]
test_list.extend(others)
test_list.sort()

Expand Down
8 changes: 4 additions & 4 deletions bandit/cli/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -256,12 +256,12 @@ def main():

plugin_info = ["%s\t%s" % (a[0], a[1].name) for a in
extension_mgr.plugins_by_id.items()]
blacklist_info = []
for a in extension_mgr.blacklist.items():
banlist_info = []
for a in extension_mgr.banlist.items():
for b in a[1]:
blacklist_info.append('%s\t%s' % (b['id'], b['name']))
banlist_info.append('%s\t%s' % (b['id'], b['name']))

plugin_list = '\n\t'.join(sorted(set(plugin_info + blacklist_info)))
plugin_list = '\n\t'.join(sorted(set(plugin_info + banlist_info)))
dedent_text = textwrap.dedent('''
CUSTOM FORMATTING
-----------------
Expand Down
20 changes: 10 additions & 10 deletions bandit/core/blacklisting.py → bandit/core/banlisting.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,17 @@ def report_issue(check, name):
ident=name, test_id=check.get("id", 'LEGACY'))


def blacklist(context, config):
"""Generic blacklist test, B001.
def banlist(context, config):
"""Generic banlist test, B001.

This generic blacklist test will be called for any encountered node with
defined blacklist data available. This data is loaded via plugins using
the 'bandit.blacklists' entry point. Please see the documentation for more
details. Each blacklist datum has a unique bandit ID that may be used for
filtering purposes, or alternatively all blacklisting can be filtered using
This generic banlist test will be called for any encountered node with
defined banlist data available. This data is loaded via plugins using
the 'bandit.banlists' entry point. Please see the documentation for more
details. Each banlist datum has a unique bandit ID that may be used for
filtering purposes, or alternatively all banlisting can be filtered using
the id of this built in test, 'B001'.
"""
blacklists = config
banlists = config
node_type = context.node.__class__.__name__

if node_type == 'Call':
Expand All @@ -48,7 +48,7 @@ def blacklist(context, config):
# Will produce None if argument is not a literal or identifier
if name in ["importlib.import_module", "importlib.__import__"]:
name = context.call_args[0]
for check in blacklists[node_type]:
for check in banlists[node_type]:
for qn in check['qualnames']:
if name is not None and fnmatch.fnmatch(name, qn):
return report_issue(check, name)
Expand All @@ -59,7 +59,7 @@ def blacklist(context, config):
if context.node.module is not None:
prefix = context.node.module + "."

for check in blacklists[node_type]:
for check in banlists[node_type]:
for name in context.node.names:
for qn in check['qualnames']:
if (prefix + name.name).startswith(qn):
Expand Down
28 changes: 17 additions & 11 deletions bandit/core/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -115,8 +115,14 @@ def convert_legacy_config(self):

if updated_profiles:
self.convert_legacy_blacklist_tests(updated_profiles,
bad_calls, bad_imports)
bad_calls, bad_imports)
self._config['profiles'] = updated_profiles
self.convert_blacklist_to_banlist()

def convert_blacklist_to_banlist(self):
'''Blacklist was renamed to banlist, migrate any legacy config'''
# TODO : Copy any 'blacklist' config properties to banlist
pass

def convert_names_to_ids(self):
'''Convert test names to IDs, unknown names are left unchanged.'''
Expand Down Expand Up @@ -171,34 +177,34 @@ def _clean_set(name, data):
data.add('B001')

for name, profile in profiles.items():
blacklist = {}
banlist = {}
include = profile['include']
exclude = profile['exclude']

name = 'blacklist_calls'
if name in include and name not in exclude:
blacklist.setdefault('Call', []).extend(bad_calls)
banlist.setdefault('Call', []).extend(bad_calls)

_clean_set(name, include)
_clean_set(name, exclude)

name = 'blacklist_imports'
if name in include and name not in exclude:
blacklist.setdefault('Import', []).extend(bad_imports)
blacklist.setdefault('ImportFrom', []).extend(bad_imports)
blacklist.setdefault('Call', []).extend(bad_imports)
banlist.setdefault('Import', []).extend(bad_imports)
banlist.setdefault('ImportFrom', []).extend(bad_imports)
banlist.setdefault('Call', []).extend(bad_imports)

_clean_set(name, include)
_clean_set(name, exclude)
_clean_set('blacklist_import_func', include)
_clean_set('blacklist_import_func', exclude)

# This can happen with a legacy config that includes
# blacklist_calls but exclude blacklist_imports for example
# banlist_calls but exclude banlist_imports for example
if 'B001' in include and 'B001' in exclude:
exclude.remove('B001')

profile['blacklist'] = blacklist
profile['banlist'] = banlist

def validate(self, path):
'''Validate the config data.'''
Expand All @@ -221,9 +227,9 @@ def _test(key, block, exclude, include):
inc = profile.get('include') or set()
exc = profile.get('exclude') or set()

_test('blacklist_imports', 'blacklist_imports', inc, exc)
_test('blacklist_import_func', 'blacklist_imports', inc, exc)
_test('blacklist_calls', 'blacklist_calls', inc, exc)
_test('banlist_imports', 'banlist_imports', inc, exc)
_test('banlist_import_func', 'banlist_imports', inc, exc)
_test('banlist_calls', 'banlist_calls', inc, exc)

# show deprecation message
if legacy:
Expand Down
4 changes: 2 additions & 2 deletions bandit/core/docs_utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,9 @@ def get_url(bid):
return '%splugins/%s_%s.html' % (BASE_URL, bid.lower(),
info.plugin.__name__)

info = extension_loader.MANAGER.blacklist_by_id.get(bid)
info = extension_loader.MANAGER.banlist_by_id.get(bid)
if info is not None:
template = 'blacklists/blacklist_{kind}.html#{id}-{name}'
template = 'banlists/banlist_{kind}.html#{id}-{name}'
info['name'] = info['name'].replace('_', '-')

if info['id'].startswith('B3'): # B3XX
Expand Down
32 changes: 16 additions & 16 deletions bandit/core/extension_loader.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,16 +15,16 @@
class Manager(object):
# These IDs are for bandit built in tests
builtin = [
'B001' # Built in blacklist test
'B001' # Built in banlist test
]

def __init__(self, formatters_namespace='bandit.formatters',
plugins_namespace='bandit.plugins',
blacklists_namespace='bandit.blacklists'):
banlists_namespace='bandit.banlists'):
tonybaloney marked this conversation as resolved.
Show resolved Hide resolved
# Cache the extension managers, loaded extensions, and extension names
self.load_formatters(formatters_namespace)
self.load_plugins(plugins_namespace)
self.load_blacklists(blacklists_namespace)
self.load_banlists(banlists_namespace)

def load_formatters(self, formatters_namespace):
self.formatters_mgr = extension.ExtensionManager(
Expand Down Expand Up @@ -60,25 +60,25 @@ def get_plugin_id(self, plugin_name):
return self.plugins_by_name[plugin_name].plugin._test_id
return None

def load_blacklists(self, blacklist_namespace):
self.blacklists_mgr = extension.ExtensionManager(
namespace=blacklist_namespace,
def load_banlists(self, banlist_namespace):
self.banlists_mgr = extension.ExtensionManager(
namespace=banlist_namespace,
invoke_on_load=False,
verify_requirements=False,
)
self.blacklist = {}
blacklist = list(self.blacklists_mgr)
for item in blacklist:
self.banlist = {}
banlist = list(self.banlists_mgr)
for item in banlist:
for key, val in item.plugin().items():
utils.check_ast_node(key)
self.blacklist.setdefault(key, []).extend(val)
self.banlist.setdefault(key, []).extend(val)

self.blacklist_by_id = {}
self.blacklist_by_name = {}
for val in six.itervalues(self.blacklist):
self.banlist_by_id = {}
self.banlist_by_name = {}
for val in six.itervalues(self.banlist):
for b in val:
self.blacklist_by_id[b['id']] = b
self.blacklist_by_name[b['name']] = b
self.banlist_by_id[b['id']] = b
self.banlist_by_name[b['name']] = b

def validate_profile(self, profile):
'''Validate that everything in the configured profiles looks good.'''
Expand All @@ -98,7 +98,7 @@ def validate_profile(self, profile):
def check_id(self, test):
return (
test in self.plugins_by_id or
test in self.blacklist_by_id or
test in self.banlist_by_id or
test in self.builtin)


Expand Down
Loading