Implement W8012

Author: Takishima

pylint_secure_coding_standard.py

@@ -95,6 +95,42 @@ def _is_builtin_open_for_writing(node):
     return False
 
 
+def _is_os_open(node):
+    return (
+        isinstance(node.func, astroid.Attribute)
+        and isinstance(node.func.expr, astroid.Name)
+        and node.func.attrname == 'open'
+        and node.func.expr.name == 'os'
+    )
+
+
+def _is_os_open_allowed_mode(node, allowed_modes):
+    if _is_os_open(node):
+        mode = None
+        flags = None  # pylint: disable=unused-variable
+        if len(node.args) > 1 and isinstance(node.args[1], (astroid.Attribute, astroid.BinOp)):
+            # Cover:
+            #  * os.open(xxx, os.O_WRONLY)
+            #  * os.open(xxx, os.O_WRONLY | os.O_CREATE)
+            #  * os.open(xxx, os.O_WRONLY | os.O_CREATE | os.O_FSYNC)
+            flags = node.args[1]
+        if len(node.args) > 2 and isinstance(node.args[2], astroid.Const):
+            mode = node.args[2].value
+        elif node.keywords:
+            for keyword in node.keywords:
+                if keyword.arg == 'flags':
+                    flags = keyword.value  # pylint: disable=unused-variable # noqa: F841
+                if keyword.arg == 'mode':
+                    mode = keyword.value.value
+                    break
+        if mode is not None:
+            # TODO: condition check on the flags value if present (ie. ignore if read-only)
+            return mode in allowed_modes
+
+    # NB: default to True in all other cases
+    return True
+
+
 def _is_shell_true_call(node):
     if not (isinstance(node.func, astroid.Attribute) and isinstance(node.func.expr, astroid.Name)):
         return False
@@ -320,7 +356,7 @@ def __init__(self, *args, **kwargs):
         """Initialize a SecureCodingStandardChecker object."""
         super().__init__(*args, **kwargs)
         self._prefer_os_open = False
-        self._os_open_mode_allowed = []
+        self._os_open_modes_allowed = []
 
     def visit_call(self, node):
         """Visitor method called for astroid.Call nodes."""
@@ -346,6 +382,12 @@ def visit_call(self, node):
             self.add_message('avoid-eval-exec', node=node)
         elif not _is_posix() and _is_shlex_quote_call(node):
             self.add_message('avoid-shlex-quote-on-non-posix', node=node)
+        elif (
+            _is_os_open(node)
+            and self._prefer_os_open
+            and not _is_os_open_allowed_mode(node, self._os_open_modes_allowed)
+        ):
+            self.add_message('os-open-unsafe-permissions', node=node)
 
     def visit_import(self, node):
         """Visitor method called for astroid.Import nodes."""
@@ -380,8 +422,11 @@ def visit_with(self, node):
         """Visitor method called for astroid.With nodes."""
         if self._prefer_os_open:
             for item in node.items:
-                if item and isinstance(item[0], astroid.Call) and _is_builtin_open_for_writing(item[0]):
-                    self.add_message('replace-builtin-open', node=node)
+                if item and isinstance(item[0], astroid.Call):
+                    if _is_builtin_open_for_writing(item[0]):
+                        self.add_message('replace-builtin-open', node=node)
+                    elif _is_os_open(item[0]) and not _is_os_open_allowed_mode(item[0], self._os_open_modes_allowed):
+                        self.add_message('os-open-unsafe-permissions', node=node)
 
     def visit_assert(self, node):
         """Visitor method called for astroid.Assert nodes."""
@@ -417,8 +462,8 @@ def _update_display_msg(suffix=''):
         if len(modes) > 1:
             # Lists of allowed modes
             try:
-                self._os_open_mode_allowed = [_str_to_int(mode) for mode in modes if mode]
-                if not self._os_open_mode_allowed:
+                self._os_open_modes_allowed = [_str_to_int(mode) for mode in modes if mode]
+                if not self._os_open_modes_allowed:
                     raise ValueError('Calculated empty value for `os_open_mode`!')
                 self._prefer_os_open = True
                 _update_display_msg(suffix=f' (mode in {modes})')
@@ -430,18 +475,18 @@ def _update_display_msg(suffix=''):
                 val = _str_to_int(arg)
                 self._prefer_os_open = val > 0
                 if self._prefer_os_open:
-                    self._os_open_mode_allowed = list(range(0, val + 1))
+                    self._os_open_modes_allowed = list(range(0, val + 1))
                     _update_display_msg(suffix=f' (mode <= {arg})')
                 else:
-                    self._os_open_mode_allowed.clear()
+                    self._os_open_modes_allowed.clear()
             except ValueError as error:
                 if arg in ('y', 'yes', 'true'):
                     self._prefer_os_open = True
-                    self._os_open_mode_allowed = list(range(0, self.DEFAULT_MAX_MODE + 1))
+                    self._os_open_modes_allowed = list(range(0, self.DEFAULT_MAX_MODE + 1))
                     _update_display_msg(suffix=f' (mode <= {oct(self.DEFAULT_MAX_MODE)})')
                 elif arg in ('n', 'no', 'false'):
                     self._prefer_os_open = False
-                    self._os_open_mode_allowed.clear()
+                    self._os_open_modes_allowed.clear()
                 else:
                     raise ValueError(f'Invalid value for `os_open_mode`: {arg}!') from error
         else:

pyproject.toml

@@ -61,6 +61,10 @@ build-backend = "setuptools.build_meta"
     [tool.pylint.reports]
     msg-template = '{path}:{line}: [{msg_id}, {obj}] {msg} ({symbol})'
 
+    [tool.pylint.messages_control]
+    disable = [
+         'fixme'
+    ]
 
 [tool.pytest.ini_options]
 minversion = '6.0'

tests/os_open_test.py

@@ -0,0 +1,169 @@
+# -*- coding: utf-8 -*-
+# Copyright 2021 Damien Nguyen
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import astroid
+import pylint.testutils
+import pytest
+
+import pylint_secure_coding_standard as pylint_scs
+
+
+class TestSecureCodingStandardChecker(pylint.testutils.CheckerTestCase):
+    CHECKER_CLASS = pylint_scs.SecureCodingStandardChecker
+
+    @pytest.mark.parametrize(
+        'arg',
+        ('True', '0o644', '0o644,'),
+    )
+    def test_os_open_ok(self, arg):
+        nodes = astroid.extract_node(
+            """
+            int(0) #@
+            foo() #@
+            os.open("file.txt") #@
+            os.open("file.txt", os.O_RDONLY) #@
+            os.open("file.txt", os.O_RDONLY, 0o644) #@
+            os.open("file.txt", os.O_RDONLY | os.O_NOFOLLOW) #@
+            os.open("file.txt", os.O_RDONLY | os.O_NOFOLLOW, 0o644) #@
+            bla.open("file.txt") #@
+            bla.open("file.txt", os.O_RDONLY) #@
+            bla.open("file.txt", os.O_RDONLY, 0o644) #@
+            bla.open("file.txt", os.O_RDONLY, 0o755) #@
+            bla.open("file.txt", os.O_RDONLY | os.O_NOFOLLOW) #@
+            bla.open("file.txt", os.O_RDONLY | os.O_NOFOLLOW, 0o644) #@
+            bla.open("file.txt", os.O_RDONLY | os.O_NOFOLLOW, 0o755) #@
+            with os.open("file.txt") as fd: fd.read() #@
+            with os.open("file.txt", os.O_RDONLY) as fd: fd.read() #@
+            with os.open("file.txt", os.O_RDONLY, 0o644) as fd: fd.read() #@
+            with os.open("file.txt", os.O_RDONLY | os.O_NOFOLLOW) as fd: fd.read() #@
+            with os.open("file.txt", os.O_RDONLY | os.O_NOFOLLOW, 0o644) as fd: fd.read() #@
+            with bla.open("file.txt") as fd: fd.read() #@
+            with bla.open("file.txt", os.O_RDONLY) as fd: fd.read() #@
+            with bla.open("file.txt", os.O_RDONLY, 0o644) as fd: fd.read() #@
+            with bla.open("file.txt", os.O_RDONLY, 0o755) as fd: fd.read() #@
+            with bla.open("file.txt", os.O_RDONLY | os.O_NOFOLLOW) as fd: fd.read() #@
+            with bla.open("file.txt", os.O_RDONLY | os.O_NOFOLLOW, 0o644) as fd: fd.read() #@
+            with bla.open("file.txt", os.O_RDONLY | os.O_NOFOLLOW, 0o755) as fd: fd.read() #@
+            """
+        )
+
+        self.checker.set_os_open_mode('True')
+        assert self.checker._prefer_os_open
+
+        call_nodes = nodes[:14]
+        with_nodes = nodes[14:]
+
+        with self.assertNoMessages():
+            for idx, node in enumerate(call_nodes):
+                self.checker.visit_call(node)
+            for idx, node in enumerate(with_nodes):
+                self.checker.visit_with(node)
+
+    # ==========================================================================
+
+    @pytest.mark.parametrize('mode', range(0o756, 0o777 + 1), ids=lambda arg: oct(arg))
+    @pytest.mark.parametrize(
+        'arg, expected_warning',
+        (
+            ('False', False),
+            ('True', True),
+        ),
+    )
+    def test_os_open_call_default_modes(self, mode, arg, expected_warning):
+        node = astroid.extract_node(f'os.open("file.txt", os.O_WRONLY, 0o{mode:o}) #@')
+        self.checker.set_os_open_mode(arg)
+        if expected_warning:
+            with self.assertAddsMessages(pylint.testutils.Message(msg_id='os-open-unsafe-permissions', node=node)):
+                self.checker.visit_call(node)
+        else:
+            with self.assertNoMessages():
+                self.checker.visit_call(node)
+
+    # --------------------------------------------------------------------------
+
+    @pytest.mark.parametrize('mode', range(0o750, 0o761), ids=lambda arg: oct(arg))
+    @pytest.mark.parametrize(
+        'call_mode',
+        (
+            'os.open("file.txt", os.O_WRONLY, 0o{:o}) #@',
+            'os.open("file.txt", flags=os.O_WRONLY, mode=0o{:o}) #@',
+        ),
+        ids=('args', 'keyword'),
+    )
+    @pytest.mark.parametrize(
+        'arg, expected_warning',
+        (
+            ('False', False),
+            ('0o755,', True),
+        ),
+        ids=('False-False', '[0o755]-True'),
+    )
+    def test_os_open_call(self, mode, call_mode, arg, expected_warning):
+        node = astroid.extract_node(call_mode.format(mode))
+        self.checker.set_os_open_mode(arg)
+        if expected_warning and mode != 0o755:
+            with self.assertAddsMessages(pylint.testutils.Message(msg_id='os-open-unsafe-permissions', node=node)):
+                self.checker.visit_call(node)
+        else:
+            with self.assertNoMessages():
+                self.checker.visit_call(node)
+
+    # ==========================================================================
+
+    @pytest.mark.parametrize('mode', range(0o756, 0o777 + 1), ids=lambda arg: oct(arg))
+    @pytest.mark.parametrize(
+        'call_mode',
+        (
+            'with os.open("file.txt", os.O_WRONLY, 0o{:o}) as fd: fd.read() #@',
+            'with os.open("file.txt", flags=os.O_WRONLY, mode=0o{:o}) as fd: fd.read() #@',
+        ),
+        ids=('args', 'keyword'),
+    )
+    @pytest.mark.parametrize(
+        'arg, expected_warning',
+        (
+            ('False', False),
+            ('True', True),
+        ),
+    )
+    def test_os_open_with_default_modes(self, mode, call_mode, arg, expected_warning):
+        node = astroid.extract_node(call_mode.format(mode))
+        self.checker.set_os_open_mode(arg)
+        if expected_warning:
+            with self.assertAddsMessages(pylint.testutils.Message(msg_id='os-open-unsafe-permissions', node=node)):
+                self.checker.visit_with(node)
+        else:
+            with self.assertNoMessages():
+                self.checker.visit_with(node)
+
+    # --------------------------------------------------------------------------
+
+    @pytest.mark.parametrize('mode', range(0o750, 0o761), ids=lambda arg: oct(arg))
+    @pytest.mark.parametrize(
+        'arg, expected_warning',
+        (
+            ('False', False),
+            ('0o755,', True),
+        ),
+    )
+    def test_os_open_with(self, mode, arg, expected_warning):
+        node = astroid.extract_node(f'with os.open("file.txt", os.O_WRONLY, 0o{mode:o}) as fd: fd.read() #@')
+        self.checker.set_os_open_mode(arg)
+        if expected_warning and mode != 0o755:
+            with self.assertAddsMessages(pylint.testutils.Message(msg_id='os-open-unsafe-permissions', node=node)):
+                self.checker.visit_with(node)
+        else:
+            with self.assertNoMessages():
+                self.checker.visit_with(node)

tests/plugin_options_test.py

@@ -64,10 +64,9 @@ class TestSecureCodingStandardChecker(pylint.testutils.CheckerTestCase):
     )
     def test_os_open_mode_option(self, arg, prefer_os_open, allowed_modes):
         print(f'INFO: allowed_modes: {allowed_modes}')
-        print(self.checker._os_open_mode_allowed)
         self.checker.set_os_open_mode(arg)
         assert self.checker._prefer_os_open == prefer_os_open
-        assert self.checker._os_open_mode_allowed == allowed_modes
+        assert self.checker._os_open_modes_allowed == allowed_modes
 
     @pytest.mark.parametrize('arg', ('', ',', ',,', 'asd', 'a,', '493, a'))
     def test_os_open_mode_option_invalid(self, arg):