From fbaf2cefcfa2d204518064e31c5b14a530e8b790 Mon Sep 17 00:00:00 2001 From: Eric Brown Date: Mon, 28 Feb 2022 03:06:00 -0800 Subject: [PATCH] Fix traceback in hashlib_insecure_functions (#834) This check should not raise an exception if there are no keywords defined for the call. Makes use of dict get() for safety. Closes #832 Signed-off-by: Eric Brown --- bandit/plugins/hashlib_insecure_functions.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bandit/plugins/hashlib_insecure_functions.py b/bandit/plugins/hashlib_insecure_functions.py index 7e7afcb95..60a6e9053 100644 --- a/bandit/plugins/hashlib_insecure_functions.py +++ b/bandit/plugins/hashlib_insecure_functions.py @@ -52,9 +52,7 @@ def _hashlib_func(context): if "hashlib" in qualname_list: func = qualname_list[-1] - args = context.call_args keywords = context.call_keywords - name = args[0] if args else keywords["name"] if func in ("md4", "md5", "sha", "sha1"): if keywords.get("usedforsecurity", "True") == "True": @@ -67,6 +65,8 @@ def _hashlib_func(context): lineno=context.node.lineno, ) elif func == "new": + args = context.call_args + name = args[0] if args else keywords.get("name", None) if isinstance(name, str) and name.lower() in ( "md4", "md5", @@ -92,7 +92,7 @@ def _hashlib_new(context): if "hashlib" in qualname_list and func == "new": args = context.call_args keywords = context.call_keywords - name = args[0] if args else keywords["name"] + name = args[0] if args else keywords.get("name", None) if isinstance(name, str) and name.lower() in ( "md4", "md5",