Remove blacklist call check for os.tempnam (#859)

This removes the check non-existent functions os.tempnam() and os.tmpnam(). This functions were removed in Python 3.0, so Bandit no longer needs to scan for them since our minimum version is 3.7. Signed-off-by: Eric Brown <browne@vmware.com>
PyCQA · Mar 19, 2022 · dd423ff · dd423ff
1 parent 130a467
commit dd423ff
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 31 deletions.
diff --git a/bandit/blacklists/calls.py b/bandit/blacklists/calls.py
@@ -299,6 +299,8 @@
 B325: tempnam
 --------------
 
+The check for this call has been removed.
+
 Use of os.tempnam() and os.tmpnam() is vulnerable to symlink attacks. Consider
 using tmpfile() instead.
 
@@ -684,15 +686,7 @@ def gen_blacklist():
 
     # skipped B324 (used in bandit/plugins/hashlib_new_insecure_functions.py)
 
-    sets.append(
-        utils.build_conf_dict(
-            "tempnam",
-            "B325",
-            issue.Cwe.INSECURE_TEMP_FILE,
-            ["os.tempnam", "os.tmpnam"],
-            "Use of os.tempnam() and os.tmpnam() is vulnerable to symlink "
-            "attacks. Consider using tmpfile() instead.",
-        )
-    )
+    # skipped B325 as the check for a call to os.tempnam and os.tmpnam have
+    # been removed
 
     return {"Call": sets}
diff --git a/examples/tempnam.py b/examples/tempnam.py
diff --git a/tests/functional/test_functional.py b/tests/functional/test_functional.py
@@ -276,14 +276,6 @@ def test_mktemp(self):
         }
         self.check_example("mktemp.py", expect)
 
-    def test_tempnam(self):
-        """Test for `os.tempnam` / `os.tmpnam`."""
-        expect = {
-            "SEVERITY": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 6, "HIGH": 0},
-            "CONFIDENCE": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 0, "HIGH": 6},
-        }
-        self.check_example("tempnam.py", expect)
-
     def test_nonsense(self):
         """Test that a syntactically invalid module is skipped."""
         self.run_example("nonsense.py")