Check imports created from importlib
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Bandit |
Fix Released
|
Medium
|
Rajath Agasthya | ||
Bug Description
Bandit only checks for imports if 'import' keyword or '__import__()' function is used. It should also check for imports using 'importlib.
Example:
$ cat import.py
import importlib
s = importlib.
t = importlib.
$ bandit import.py
[main] INFO profile include tests: None
[main] INFO profile exclude tests: None
[main] INFO cli include tests: None
[main] INFO cli exclude tests: None
[main] INFO running on Python 2.7.13
[node_visitor] INFO Unable to find qualified name for module: import.py
Run started:2017-09-20 18:31:32.185419
Test results:
No issues identified.
Code scanned:
Total lines of code: 3
Total lines skipped (#nosec): 0
Run metrics:
Total issues (by severity):
Undefined: 0
Low: 0
Medium: 0
High: 0
Total issues (by confidence):
Undefined: 0
Low: 0
Medium: 0
High: 0
Files skipped (0):
I'm happy to help fix this if this is confirmed.
| summary: |
- Check imports created from importlib.import_module() + Check imports created from importlib |
| Changed in bandit: | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| importance: | High → Medium |
| assignee: | nobody → Rajath Agasthya (rajagast) |
| Colin Best (cbest47) wrote | #1 |
| OpenStack Infra (hudson-openstack) wrote Fix merged to bandit (master) | #2 |
| Changed in bandit: | |
| status: | Confirmed → Fix Released |
Official Python documentation suggests the use of importlib.