tests.functional package¶
Submodules¶
tests.functional.test_baseline module¶
-
class
tests.functional.test_baseline.
BaselineFunctionalTests
(*args, **kwargs)¶ Bases:
testtools.testcase.TestCase
Functional tests for Bandit baseline.
This set of tests is used to verify that the baseline comparison handles finding and comparing results appropriately. The only comparison is the number of candidates per file, meaning that any candidates found may already exist in the baseline. In this case, all candidates are flagged and a user will need to investigate the candidates related to that file.
-
setUp
()¶
-
test_existing_and_new_candidates
()¶ Tests when tere are new candidates and existing candidates
Test that bandit returns issues found in file with existing candidates. The new candidates should be returned in this case.
-
test_new_candidates_include_nosec_new_nosecs
()¶ Test to check nosec references with new candidates, including nosecs
Test that nosec references are included during a baseline test, which would normally be ignored. In this test case, there are new candidates that also includes new nosec references as well.
-
test_new_candidates_include_nosec_only_nosecs
()¶ Test to check nosec references with new only nosec candidates
Test that nosec references are included during a baseline test, which would normally be ignored. In this test case, there are new candidates which are specifically nosec references.
-
test_no_existing_no_new_candidates
()¶ Tests when there are no new or existing candidates
Test file with no existing candidates from baseline and no new candidates.
-
test_no_existing_with_new_candidates
()¶ Tests when there are new candidates and no existing candidates
Test that bandit returns issues found in file that had no existing candidates from baseline but now contain candidates.
-
test_no_new_candidates
()¶ Tests when there are no new candidates
Test that bandit returns no issues found, as there are no new candidates found compared with those found from the baseline.
-
test_no_new_candidates_include_nosec
()¶ Test to check nosec references with no new candidates
Test that nosec references are included during a baseline test, which would normally be ignored. In this test case, there are no new candidates even while including the nosec references.
-
tests.functional.test_functional module¶
-
class
tests.functional.test_functional.
FunctionalTests
(*args, **kwargs)¶ Bases:
testtools.testcase.TestCase
Functional tests for bandit test plugins.
This set of tests runs bandit against each example file in turn and records the score returned. This is compared to a known good value. When new tests are added to an example the expected result should be adjusted to match.
-
check_example
(example_script, expect, ignore_nosec=False)¶ A helper method to test the scores for example scripts.
Parameters: - example_script – Filename of an example script to test
- expect – dict with expected counts of issue types
-
check_metrics
(example_script, expect)¶ A helper method to test the metrics being returned.
Parameters: - example_script – Filename of an example script to test
- expect – dict with expected values of metrics
-
run_example
(example_script, ignore_nosec=False)¶ A helper method to run the specified test
This method runs the test, which populates the self.b_mgr.scores value. Call this directly if you need to run a test, but do not need to test the resulting scores against specified values. :param example_script: Filename of an example script to test
-
setUp
()¶
-
test_asserts
()¶ Test catching the use of assert.
-
test_baseline_filter
()¶
-
test_binding
()¶ Test the bind-to-0.0.0.0 example.
-
test_blacklist_input
()¶
-
test_cipher_modes
()¶ Test for insecure cipher modes.
-
test_ciphers
()¶ Test the Crypto.Cipher example.
-
test_code_line_numbers
()¶
-
test_crypto_md5
()¶ Test the hashlib.md5 example.
-
test_eval
()¶ Test the eval example.
-
test_exec
()¶ Test the exec example.
-
test_exec_as_root
()¶ Test for the run_as_root=True keyword argument.
-
test_flask_debug_true
()¶
-
test_hardcoded_passwords
()¶ Test for hard-coded passwords.
-
test_hardcoded_tmp
()¶ Test for hard-coded /tmp, /var/tmp, /dev/shm.
-
test_httplib_https
()¶ Test for httplib.HTTPSConnection.
-
test_httpoxy
()¶ Test httpoxy vulnerability.
-
test_ignore_skip
()¶ Test –ignore-nosec flag.
-
test_imports
()¶ Test for dangerous imports.
-
test_imports_aliases
()¶ Test the import X as Y syntax.
-
test_imports_from
()¶ Test the from X import Y syntax.
-
test_imports_function
()¶ Test the __import__ function.
-
test_jinja2_templating
()¶ Test jinja templating for potential XSS bugs.
-
test_mako_templating
()¶ Test Mako templates for XSS.
-
test_metric_gathering
()¶
-
test_mktemp
()¶ Test for tempfile.mktemp.
-
test_multiline_code
()¶ Test issues in multiline statements return code as expected.
-
test_nonsense
()¶ Test that a syntactically invalid module is skipped.
-
test_nosec
()¶
-
test_okay
()¶ Test a vulnerability-free file.
-
test_os_chmod
()¶ Test setting file permissions.
-
test_os_exec
()¶ Test for os.exec*.
-
test_os_popen
()¶ Test for os.popen.
-
test_os_spawn
()¶ Test for os.spawn*.
-
test_os_startfile
()¶ Test for os.startfile.
-
test_os_system
()¶ Test for os.system.
-
test_paramiko_injection
()¶ Test paramiko command execution.
-
test_partial_path
()¶ Test process spawning with partial file paths.
-
test_pickle
()¶ Test for the pickle module.
-
test_popen_wrappers
()¶ Test the popen2 and commands modules.
-
test_random_module
()¶ Test for the random module.
-
test_requests_ssl_verify_disabled
()¶ Test for the requests library skipping verification.
-
test_secret_config_option
()¶ Test for secret=True in Oslo’s config.
-
test_skip
()¶ Test #nosec and #noqa comments.
-
test_sql_statements
()¶ Test for SQL injection through string building.
-
test_ssl_insecure_version
()¶ Test for insecure SSL protocol versions.
-
test_subprocess_shell
()¶ Test for subprocess.Popen with shell=True.
-
test_telnet_usage
()¶ Test for import telnetlib and Telnet.* calls.
-
test_try_except_continue
()¶ Test try, except, continue detection.
-
test_try_except_pass
()¶ Test try, except pass detection.
-
test_urlopen
()¶ Test for dangerous URL opening.
-
test_utils_shell
()¶ Test for utils.execute* with shell=True.
-
test_weak_cryptographic_key
()¶ Test for weak key sizes.
-
test_wildcard_injection
()¶ Test for wildcard injection in shell commands.
-
test_xml
()¶ Test xml vulnerabilities.
-
test_yaml
()¶ Test for yaml.load.
-
tests.functional.test_runtime module¶
-
class
tests.functional.test_runtime.
RuntimeTests
(*args, **kwargs)¶ Bases:
testtools.testcase.TestCase
-
test_example_imports
()¶
-
test_example_nonexistent
()¶
-
test_example_nonsense
()¶
-
test_example_nonsense2
()¶
-
test_example_okay
()¶
-
test_help_arg
()¶
-
test_help_in_readme
()¶
-
test_no_arguments
()¶
-
test_nonexistent_config
()¶
-