B 1zf@sdZddlZddlZddlZddlmZddlmZddlm Z m Z m Z ddl Z ddl mZddlmZddlmZdd lmZdd lmZdd lmZdd lmZd ZGddde ZGdddeZdS)z4Implementation of bandit security testing in Flake8.N) lru_cache)Path)Dict NamedTupleSet)ConfigFileFinder)utils) BanditConfig) BanditMetaAst)Metrics)BanditNodeVisitor) BanditTestSetz3.0.0c@sBeZdZUeed<eed<eed<eeddddddZd S) Flake8BanditConfigprofile target_pathsexcluded_paths )maxsize)returnc Csi}t}t}tddd}t}y||dd|dD}|drp|ddd d|d<|d r|d dd d|d <|d r|d  d}x,|D]$}| d rd |}| t |qW|dr,|d d}x0|D](}| d rd |}| t |qWWnPtj ttfk r~} z(i}t| dkrntjd| Wdd} ~ XYnX||||S)NZbanditcSsi|]\}}||qSr).0kvrrP/home/ankuromar296_gmail_com/.local/lib/python3.7/site-packages/flake8_bandit.py )sz7Flake8BanditConfig.from_config_file..skipsSB,excludetestsincludetargets/.zNo section: 'bandit'zUnable to parse config file: )setrZlocal_config_files configparser ConfigParserreaditemsgetreplacesplit startswithaddrErrorKeyError TypeErrorstrsysstderrwrite) clsrrrZini_fileconfigZ bandit_configpathspatherrrfrom_config_files:         $z#Flake8BanditConfig.from_config_fileN) __name__ __module__ __qualname__r__annotations__r classmethodrr;rrrrrs rc@s8eZdZdZdZeZddZddZddZ d d Z d S) BanditTesterzFlake8 class for checking code for bandit test errors. This class is necessary and used by flake8 to check the python file or files that are being tested. z flake8-banditcCs||_||_||_dS)N)filenametreelines)selfrCrBrDrrr__init__YszBanditTester.__init__c Cst}t|j}t|j}|||jr8|j|sR|j rVt |j |dkrVgSy,t |jdt t t|jdditd}Wn:tk rt |jt t t|jddgtd}YnX||jdd|jjDS)Nr)rF)fnamefdatametaasttestsetdebug nosec_linesmetrics)rGrIrJrKrLrMcSs&g|]}|jdd|j|jdqS)rr)test_id issue_text line_number)rNr+textlineno)ritemrrr sz.BanditTester._check_source..)rr;rrBr%parentsr.r intersectionrlenr r r r rr r1 generic_visitrCtesterresults)rEr7filepathZ filepathsZbnvrrr _check_source^s8    zBanditTester._check_sourceccsT|jr |js|x:|D].}d|d|df}|dd|t|fVqWdS)z:run will check file source through the bandit code linter.z%s %srNrOrPrN)rCrD _load_sourcer\type)rEwarnmessagerrrruns  zBanditTester.runcCsN|jdkr"d|_td|_nt|j|_|jsJt d |j|_dS)zLoads the file in a way that auto-detects source encoding and deals with broken terminal encodings for stdin. Stolen from flake8_import_order because it's good. )stdin-NrbTN) rB stdin_utilsZstdin_get_value splitlinesrD pycodestyle readlinesrCastparsejoin)rErrrr]s  zBanditTester._load_sourceN) r<r=r>__doc__name __version__versionrFr\rar]rrrrrANs1 rA) rlrir&r3 functoolsrpathlibrtypingrrrrgZflake8.options.configrZflake8rreZbandit.core.configr Zbandit.core.meta_astr Zbandit.core.metricsr Zbandit.core.node_visitorr Zbandit.core.test_setr rnrobjectrArrrrs"         7