Skip to content

Commit

Permalink
Allow select_autoescape to be an attribute (i.e. jinja2.select_autoes…
Browse files Browse the repository at this point in the history 
…cape)
  • Loading branch information
@kinow
kinow committed Mar 25, 2019
1 parent a975e63 commit 7a73f85
Showing 1 changed file with 15 additions and 4 deletions.
19 changes: 15 additions & 4 deletions bandit/plugins/jinja2_templates.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,12 +103,23 @@ def jinja2_autoescape_false(context):
# found autoescape
if getattr(node, 'arg', None) == 'autoescape':
value = getattr(node, 'value', None)
if (getattr(value, 'id', None) == 'True' or
getattr(value, 'value', None) is True):
if (
getattr(value, 'id', None) == 'True'
or getattr(value, 'value', None) is True
):
return
# Check if select_autoescape function is used.
elif isinstance(value, ast.Call) and getattr(
value.func, 'id', None) == 'select_autoescape':
elif (
isinstance(value, ast.Call)
and getattr(value.func, 'id',
None) == 'select_autoescape'
):
return
elif (
isinstance(value, ast.Call)
and getattr(value.func, 'attr',
None) == 'select_autoescape'
):
return
else:
return bandit.Issue(
Expand Down

0 comments on commit 7a73f85

Please sign in to comment.