fix(rules): detect policy instances in S507

Applying the same fix as in `bandit` (PyCQA/bandit#1064). `paramiko` supports passing both a class and a class instance for the policy in `set_missing_host_key_policy` (https://github.com/paramiko/paramiko/blob/8e389c77660c5cdae3069b478665427d23012853/paramiko/client.py#L171-L191).
astral-sh · Sep 25, 2023 · 4b9ec46 · 4b9ec46
1 parent 93b5d8a
commit 4b9ec46
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 23 deletions.
diff --git a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S507.py b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S507.py
@@ -12,6 +12,7 @@
 # Errors
 ssh_client.set_missing_host_key_policy(client.AutoAddPolicy)
 ssh_client.set_missing_host_key_policy(client.WarningPolicy)
+ssh_client.set_missing_host_key_policy(client.AutoAddPolicy())
 ssh_client.set_missing_host_key_policy(AutoAddPolicy)
 ssh_client.set_missing_host_key_policy(policy=client.AutoAddPolicy)
 ssh_client.set_missing_host_key_policy(policy=client.WarningPolicy)

diff --git a/crates/ruff_linter/src/rules/flake8_bandit/rules/ssh_no_host_key_verification.rs b/crates/ruff_linter/src/rules/flake8_bandit/rules/ssh_no_host_key_verification.rs
@@ -42,6 +42,14 @@ impl Violation for SSHNoHostKeyVerification {
     }
 }
 
+fn extract_policy_argument(call: &ExprCall) -> Option<&Expr> {
+    return match call.arguments.find_argument("policy", 0) {
+        Some(Expr::Call(ExprCall { func, .. })) => Some(func.as_ref()),
+        Some(argument) => Some(argument),
+        _ => None,
+    };
+}
+
 /// S507
 pub(crate) fn ssh_no_host_key_verification(checker: &mut Checker, call: &ExprCall) {
     let Expr::Attribute(ExprAttribute { attr, value, .. }) = call.func.as_ref() else {
@@ -52,7 +60,7 @@ pub(crate) fn ssh_no_host_key_verification(checker: &mut Checker, call: &ExprCal
         return;
     }
 
-    let Some(policy_argument) = call.arguments.find_argument("policy", 0) else {
+    let Some(policy_argument) = extract_policy_argument(call) else {
         return;
     };
 

diff --git a/...rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S507_S507.py.snap b/...rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S507_S507.py.snap
@@ -7,7 +7,7 @@ S507.py:13:40: S507 Paramiko call with policy set to automatically trust the unk
 13 | ssh_client.set_missing_host_key_policy(client.AutoAddPolicy)
    |                                        ^^^^^^^^^^^^^^^^^^^^ S507
 14 | ssh_client.set_missing_host_key_policy(client.WarningPolicy)
-15 | ssh_client.set_missing_host_key_policy(AutoAddPolicy)
+15 | ssh_client.set_missing_host_key_policy(client.AutoAddPolicy())
    |
 
 S507.py:14:40: S507 Paramiko call with policy set to automatically trust the unknown host key
@@ -16,47 +16,57 @@ S507.py:14:40: S507 Paramiko call with policy set to automatically trust the unk
 13 | ssh_client.set_missing_host_key_policy(client.AutoAddPolicy)
 14 | ssh_client.set_missing_host_key_policy(client.WarningPolicy)
    |                                        ^^^^^^^^^^^^^^^^^^^^ S507
-15 | ssh_client.set_missing_host_key_policy(AutoAddPolicy)
-16 | ssh_client.set_missing_host_key_policy(policy=client.AutoAddPolicy)
+15 | ssh_client.set_missing_host_key_policy(client.AutoAddPolicy())
+16 | ssh_client.set_missing_host_key_policy(AutoAddPolicy)
    |
 
 S507.py:15:40: S507 Paramiko call with policy set to automatically trust the unknown host key
    |
 13 | ssh_client.set_missing_host_key_policy(client.AutoAddPolicy)
 14 | ssh_client.set_missing_host_key_policy(client.WarningPolicy)
-15 | ssh_client.set_missing_host_key_policy(AutoAddPolicy)
-   |                                        ^^^^^^^^^^^^^ S507
-16 | ssh_client.set_missing_host_key_policy(policy=client.AutoAddPolicy)
-17 | ssh_client.set_missing_host_key_policy(policy=client.WarningPolicy)
+15 | ssh_client.set_missing_host_key_policy(client.AutoAddPolicy())
+   |                                        ^^^^^^^^^^^^^^^^^^^^ S507
+16 | ssh_client.set_missing_host_key_policy(AutoAddPolicy)
+17 | ssh_client.set_missing_host_key_policy(policy=client.AutoAddPolicy)
    |
 
-S507.py:16:47: S507 Paramiko call with policy set to automatically trust the unknown host key
+S507.py:16:40: S507 Paramiko call with policy set to automatically trust the unknown host key
    |
 14 | ssh_client.set_missing_host_key_policy(client.WarningPolicy)
-15 | ssh_client.set_missing_host_key_policy(AutoAddPolicy)
-16 | ssh_client.set_missing_host_key_policy(policy=client.AutoAddPolicy)
-   |                                               ^^^^^^^^^^^^^^^^^^^^ S507
-17 | ssh_client.set_missing_host_key_policy(policy=client.WarningPolicy)
-18 | ssh_client.set_missing_host_key_policy(policy=WarningPolicy)
+15 | ssh_client.set_missing_host_key_policy(client.AutoAddPolicy())
+16 | ssh_client.set_missing_host_key_policy(AutoAddPolicy)
+   |                                        ^^^^^^^^^^^^^ S507
+17 | ssh_client.set_missing_host_key_policy(policy=client.AutoAddPolicy)
+18 | ssh_client.set_missing_host_key_policy(policy=client.WarningPolicy)
    |
 
 S507.py:17:47: S507 Paramiko call with policy set to automatically trust the unknown host key
    |
-15 | ssh_client.set_missing_host_key_policy(AutoAddPolicy)
-16 | ssh_client.set_missing_host_key_policy(policy=client.AutoAddPolicy)
-17 | ssh_client.set_missing_host_key_policy(policy=client.WarningPolicy)
+15 | ssh_client.set_missing_host_key_policy(client.AutoAddPolicy())
+16 | ssh_client.set_missing_host_key_policy(AutoAddPolicy)
+17 | ssh_client.set_missing_host_key_policy(policy=client.AutoAddPolicy)
    |                                               ^^^^^^^^^^^^^^^^^^^^ S507
-18 | ssh_client.set_missing_host_key_policy(policy=WarningPolicy)
+18 | ssh_client.set_missing_host_key_policy(policy=client.WarningPolicy)
+19 | ssh_client.set_missing_host_key_policy(policy=WarningPolicy)
    |
 
 S507.py:18:47: S507 Paramiko call with policy set to automatically trust the unknown host key
    |
-16 | ssh_client.set_missing_host_key_policy(policy=client.AutoAddPolicy)
-17 | ssh_client.set_missing_host_key_policy(policy=client.WarningPolicy)
-18 | ssh_client.set_missing_host_key_policy(policy=WarningPolicy)
+16 | ssh_client.set_missing_host_key_policy(AutoAddPolicy)
+17 | ssh_client.set_missing_host_key_policy(policy=client.AutoAddPolicy)
+18 | ssh_client.set_missing_host_key_policy(policy=client.WarningPolicy)
+   |                                               ^^^^^^^^^^^^^^^^^^^^ S507
+19 | ssh_client.set_missing_host_key_policy(policy=WarningPolicy)
+   |
+
+S507.py:19:47: S507 Paramiko call with policy set to automatically trust the unknown host key
+   |
+17 | ssh_client.set_missing_host_key_policy(policy=client.AutoAddPolicy)
+18 | ssh_client.set_missing_host_key_policy(policy=client.WarningPolicy)
+19 | ssh_client.set_missing_host_key_policy(policy=WarningPolicy)
    |                                               ^^^^^^^^^^^^^ S507
-19 | 
-20 | # Unrelated
+20 | 
+21 | # Unrelated
    |