tests.functional package

Submodules

tests.functional.test_baseline module

class tests.functional.test_baseline.BaselineFunctionalTests(*args, **kwargs)

Bases: testtools.testcase.TestCase

Functional tests for Bandit baseline.

This set of tests is used to verify that the baseline comparison handles finding and comparing results appropriately. The only comparison is the number of candidates per file, meaning that any candidates found may already exist in the baseline. In this case, all candidates are flagged and a user will need to investigate the candidates related to that file.

setUp()
test_existing_and_new_candidates()

Tests when tere are new candidates and existing candidates

Test that bandit returns issues found in file with existing candidates. The new candidates should be returned in this case.

test_new_candidates_include_nosec_new_nosecs()

Test to check nosec references with new candidates, including nosecs

Test that nosec references are included during a baseline test, which would normally be ignored. In this test case, there are new candidates that also includes new nosec references as well.

test_new_candidates_include_nosec_only_nosecs()

Test to check nosec references with new only nosec candidates

Test that nosec references are included during a baseline test, which would normally be ignored. In this test case, there are new candidates which are specifically nosec references.

test_no_existing_no_new_candidates()

Tests when there are no new or existing candidates

Test file with no existing candidates from baseline and no new candidates.

test_no_existing_with_new_candidates()

Tests when there are new candidates and no existing candidates

Test that bandit returns issues found in file that had no existing candidates from baseline but now contain candidates.

test_no_new_candidates()

Tests when there are no new candidates

Test that bandit returns no issues found, as there are no new candidates found compared with those found from the baseline.

test_no_new_candidates_include_nosec()

Test to check nosec references with no new candidates

Test that nosec references are included during a baseline test, which would normally be ignored. In this test case, there are no new candidates even while including the nosec references.

tests.functional.test_functional module

class tests.functional.test_functional.FunctionalTests(*args, **kwargs)

Bases: testtools.testcase.TestCase

Functional tests for bandit test plugins.

This set of tests runs bandit against each example file in turn and records the score returned. This is compared to a known good value. When new tests are added to an example the expected result should be adjusted to match.

check_example(example_script, expect, ignore_nosec=False)

A helper method to test the scores for example scripts.

Parameters:
  • example_script – Filename of an example script to test
  • expect – dict with expected counts of issue types
check_metrics(example_script, expect)

A helper method to test the metrics being returned.

Parameters:
  • example_script – Filename of an example script to test
  • expect – dict with expected values of metrics
run_example(example_script, ignore_nosec=False)

A helper method to run the specified test

This method runs the test, which populates the self.b_mgr.scores value. Call this directly if you need to run a test, but do not need to test the resulting scores against specified values. :param example_script: Filename of an example script to test

setUp()
test_asserts()

Test catching the use of assert.

test_baseline_filter()
test_binding()

Test the bind-to-0.0.0.0 example.

test_blacklist_input()
test_cipher_modes()

Test for insecure cipher modes.

test_ciphers()

Test the Crypto.Cipher example.

test_code_line_numbers()
test_crypto_md5()

Test the hashlib.md5 example.

test_eval()

Test the eval example.

test_exec()

Test the exec example.

test_exec_as_root()

Test for the run_as_root=True keyword argument.

test_flask_debug_true()
test_ftp_usage()

Test for import ftplib and FTP.* calls.

test_hardcoded_passwords()

Test for hard-coded passwords.

test_hardcoded_tmp()

Test for hard-coded /tmp, /var/tmp, /dev/shm.

test_httplib_https()

Test for httplib.HTTPSConnection.

test_httpoxy()

Test httpoxy vulnerability.

test_ignore_skip()

Test –ignore-nosec flag.

test_imports()

Test for dangerous imports.

test_imports_aliases()

Test the import X as Y syntax.

test_imports_from()

Test the from X import Y syntax.

test_imports_function()

Test the __import__ function.

test_jinja2_templating()

Test jinja templating for potential XSS bugs.

test_mako_templating()

Test Mako templates for XSS.

test_mark_safe()

Test the mark_safe example.

test_metric_gathering()
test_mktemp()

Test for tempfile.mktemp.

test_multiline_code()

Test issues in multiline statements return code as expected.

test_nonsense()

Test that a syntactically invalid module is skipped.

test_nosec()
test_okay()

Test a vulnerability-free file.

test_os_chmod()

Test setting file permissions.

test_os_exec()

Test for os.exec*.

test_os_popen()

Test for os.popen.

test_os_spawn()

Test for os.spawn*.

test_os_startfile()

Test for os.startfile.

test_os_system()

Test for os.system.

test_paramiko_injection()

Test paramiko command execution.

test_partial_path()

Test process spawning with partial file paths.

test_pickle()

Test for the pickle module.

test_popen_wrappers()

Test the popen2 and commands modules.

test_random_module()

Test for the random module.

test_requests_ssl_verify_disabled()

Test for the requests library skipping verification.

test_secret_config_option()

Test for secret=True in Oslo’s config.

test_skip()

Test #nosec and #noqa comments.

test_sql_statements()

Test for SQL injection through string building.

test_ssl_insecure_version()

Test for insecure SSL protocol versions.

test_subprocess_shell()

Test for subprocess.Popen with shell=True.

test_telnet_usage()

Test for import telnetlib and Telnet.* calls.

test_try_except_continue()

Test try, except, continue detection.

test_try_except_pass()

Test try, except pass detection.

test_unverified_context()

Test for ssl._create_unverified_context.

test_urlopen()

Test for dangerous URL opening.

test_utils_shell()

Test for utils.execute* with shell=True.

test_weak_cryptographic_key()

Test for weak key sizes.

test_wildcard_injection()

Test for wildcard injection in shell commands.

test_xml()

Test xml vulnerabilities.

test_yaml()

Test for yaml.load.

tests.functional.test_runtime module

class tests.functional.test_runtime.RuntimeTests(*args, **kwargs)

Bases: testtools.testcase.TestCase

test_example_imports()
test_example_nonexistent()
test_example_nonsense()
test_example_nonsense2()
test_example_okay()
test_help_arg()
test_help_in_readme()
test_no_arguments()
test_nonexistent_config()
test_piped_input()

Module contents