feat(rules): flag Random and randbytes in S311

Ref: PyCQA/bandit#1096 and PyCQA/bandit#940
mkniewallner · Mar 8, 2024 · 144e32c · 144e32c
1 parent f3d2d99
commit 144e32c
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 3 deletions.
diff --git a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S311.py b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S311.py
@@ -15,6 +15,7 @@
 random.choices()
 random.uniform()
 random.triangular()
+random.randbytes()
 
 # Unrelated
 os.urandom()

diff --git a/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_function_call.rs b/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_function_call.rs
@@ -867,7 +867,7 @@ pub(crate) fn suspicious_function_call(checker: &mut Checker, call: &ExprCall) {
             ["urllib", "request", "URLopener" | "FancyURLopener"] |
             ["six", "moves", "urllib", "request", "URLopener" | "FancyURLopener"] => Some(SuspiciousURLOpenUsage.into()),
             // NonCryptographicRandom
-            ["random", "random" | "randrange" | "randint" | "choice" | "choices" | "uniform" | "triangular"] => Some(SuspiciousNonCryptographicRandomUsage.into()),
+            ["random", "Random" | "random" | "randrange" | "randint" | "choice" | "choices" | "uniform" | "triangular" | "randbytes"] => Some(SuspiciousNonCryptographicRandomUsage.into()),
             // UnverifiedContext
             ["ssl", "_create_unverified_context"] => Some(SuspiciousUnverifiedContextUsage.into()),
             // XMLCElementTree

diff --git a/...rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S311_S311.py.snap b/...rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S311_S311.py.snap
@@ -1,6 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
+S311.py:10:1: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+   |
+ 9 | # Errors
+10 | random.Random()
+   | ^^^^^^^^^^^^^^^ S311
+11 | random.random()
+12 | random.randrange()
+   |
+
 S311.py:11:1: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
    |
  9 | # Errors
@@ -58,6 +67,7 @@ S311.py:16:1: S311 Standard pseudo-random generators are not suitable for crypto
 16 | random.uniform()
    | ^^^^^^^^^^^^^^^^ S311
 17 | random.triangular()
+18 | random.randbytes()
    |
 
 S311.py:17:1: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
@@ -66,6 +76,15 @@ S311.py:17:1: S311 Standard pseudo-random generators are not suitable for crypto
 16 | random.uniform()
 17 | random.triangular()
    | ^^^^^^^^^^^^^^^^^^^ S311
-18 | 
-19 | # Unrelated
+18 | random.randbytes()
+   |
+
+S311.py:18:1: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+   |
+16 | random.uniform()
+17 | random.triangular()
+18 | random.randbytes()
+   | ^^^^^^^^^^^^^^^^^^ S311
+19 | 
+20 | # Unrelated
    |