Remove Python 2-only methods from URLOpen audit (#8047)

These were removed from Bandit on `main` as they don't exist in Python 3.
2025-10-01 06:11:21 +00:00 · 2023-10-18 10:49:54 -04:00 · 2023-10-18 10:49:54 -04:00 · 78d172aad7
commit 78d172aad7
parent 13d6c8237a
3 changed files with 75 additions and 76 deletions
--- a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S310.py
+++ b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S310.py
@ -1,19 +1,19 @@
-import urllib
+import urllib.request

-urllib.urlopen(url='http://www.google.com')
-urllib.urlopen(url='http://www.google.com', **kwargs)
-urllib.urlopen('http://www.google.com')
-urllib.urlopen('file:///foo/bar/baz')
-urllib.urlopen(url)
+urllib.request.urlopen(url='http://www.google.com')
+urllib.request.urlopen(url='http://www.google.com', **kwargs)
+urllib.request.urlopen('http://www.google.com')
+urllib.request.urlopen('file:///foo/bar/baz')
+urllib.request.urlopen(url)

-urllib.Request(url='http://www.google.com', **kwargs)
-urllib.Request(url='http://www.google.com')
-urllib.Request('http://www.google.com')
-urllib.Request('file:///foo/bar/baz')
-urllib.Request(url)
+urllib.request.Request(url='http://www.google.com', **kwargs)
+urllib.request.Request(url='http://www.google.com')
+urllib.request.Request('http://www.google.com')
+urllib.request.Request('file:///foo/bar/baz')
+urllib.request.Request(url)

-urllib.URLopener().open(fullurl='http://www.google.com', **kwargs)
-urllib.URLopener().open(fullurl='http://www.google.com')
-urllib.URLopener().open('http://www.google.com')
-urllib.URLopener().open('file:///foo/bar/baz')
-urllib.URLopener().open(url)
+urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
+urllib.request.URLopener().open(fullurl='http://www.google.com')
+urllib.request.URLopener().open('http://www.google.com')
+urllib.request.URLopener().open('file:///foo/bar/baz')
+urllib.request.URLopener().open(url)
--- a/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_function_call.rs
+++ b/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_function_call.rs
@ -849,10 +849,9 @@ pub(crate) fn suspicious_function_call(checker: &mut Checker, call: &ExprCall) {
            ["" | "builtins", "eval"] => Some(SuspiciousEvalUsage.into()),
            // MarkSafe
            ["django", "utils", "safestring", "mark_safe"] => Some(SuspiciousMarkSafeUsage.into()),
-            // URLOpen
-            ["urllib", "urlopen" | "urlretrieve" | "Request"] |
-            ["urllib", "request", "urlopen" | "urlretrieve"] |
-            ["six", "moves", "urllib", "request", "urlopen" | "urlretrieve"] => {
+            // URLOpen (`urlopen`, `urlretrieve`, `Request`)
+            ["urllib", "request", "urlopen" | "urlretrieve" | "Request"] |
+            ["six", "moves", "urllib", "request", "urlopen" | "urlretrieve" | "Request"] => {
                // If the `url` argument is a string literal, allow `http` and `https` schemes.
                if call.arguments.args.iter().all(|arg| !arg.is_starred_expr()) && call.arguments.keywords.iter().all(|keyword| keyword.arg.is_some()) {
                    if let Some(Expr::Constant(ast::ExprConstant { value: ast::Constant::Str(url), .. })) = &call.arguments.find_argument("url", 0) {
@ -864,7 +863,7 @@ pub(crate) fn suspicious_function_call(checker: &mut Checker, call: &ExprCall) {
                }
                Some(SuspiciousURLOpenUsage.into())
            },
-            ["urllib", "URLopener" | "FancyURLopener"] |
+            // URLOpen (`URLopener`, `FancyURLopener`)
            ["urllib", "request", "URLopener" | "FancyURLopener"] |
            ["six", "moves", "urllib", "request", "URLopener" | "FancyURLopener"] => Some(SuspiciousURLOpenUsage.into()),
            // NonCryptographicRandom
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestsS310_S310.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestsS310_S310.py.snap
@ -3,105 +3,105 @@ source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
 S310.py:4:1: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
  |
-3 | urllib.urlopen(url='http://www.google.com')
-4 | urllib.urlopen(url='http://www.google.com', **kwargs)
-  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ S310
-5 | urllib.urlopen('http://www.google.com')
-6 | urllib.urlopen('file:///foo/bar/baz')
+3 | urllib.request.urlopen(url='http://www.google.com')
+4 | urllib.request.urlopen(url='http://www.google.com', **kwargs)
+  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ S310
+5 | urllib.request.urlopen('http://www.google.com')
+6 | urllib.request.urlopen('file:///foo/bar/baz')
  |

 S310.py:6:1: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
  |
-4 | urllib.urlopen(url='http://www.google.com', **kwargs)
-5 | urllib.urlopen('http://www.google.com')
-6 | urllib.urlopen('file:///foo/bar/baz')
-  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ S310
-7 | urllib.urlopen(url)
+4 | urllib.request.urlopen(url='http://www.google.com', **kwargs)
+5 | urllib.request.urlopen('http://www.google.com')
+6 | urllib.request.urlopen('file:///foo/bar/baz')
+  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ S310
+7 | urllib.request.urlopen(url)
  |

 S310.py:7:1: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
  |
-5 | urllib.urlopen('http://www.google.com')
-6 | urllib.urlopen('file:///foo/bar/baz')
-7 | urllib.urlopen(url)
-  | ^^^^^^^^^^^^^^^^^^^ S310
+5 | urllib.request.urlopen('http://www.google.com')
+6 | urllib.request.urlopen('file:///foo/bar/baz')
+7 | urllib.request.urlopen(url)
+  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ S310
 8 | 
-9 | urllib.Request(url='http://www.google.com', **kwargs)
+9 | urllib.request.Request(url='http://www.google.com', **kwargs)
  |

 S310.py:9:1: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
   |
- 7 | urllib.urlopen(url)
+ 7 | urllib.request.urlopen(url)
 8 | 
- 9 | urllib.Request(url='http://www.google.com', **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ S310
-10 | urllib.Request(url='http://www.google.com')
-11 | urllib.Request('http://www.google.com')
+ 9 | urllib.request.Request(url='http://www.google.com', **kwargs)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ S310
+10 | urllib.request.Request(url='http://www.google.com')
+11 | urllib.request.Request('http://www.google.com')
   |

 S310.py:12:1: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
   |
-10 | urllib.Request(url='http://www.google.com')
-11 | urllib.Request('http://www.google.com')
-12 | urllib.Request('file:///foo/bar/baz')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ S310
-13 | urllib.Request(url)
+10 | urllib.request.Request(url='http://www.google.com')
+11 | urllib.request.Request('http://www.google.com')
+12 | urllib.request.Request('file:///foo/bar/baz')
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ S310
+13 | urllib.request.Request(url)
   |

 S310.py:13:1: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
   |
-11 | urllib.Request('http://www.google.com')
-12 | urllib.Request('file:///foo/bar/baz')
-13 | urllib.Request(url)
-   | ^^^^^^^^^^^^^^^^^^^ S310
+11 | urllib.request.Request('http://www.google.com')
+12 | urllib.request.Request('file:///foo/bar/baz')
+13 | urllib.request.Request(url)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ S310
 14 | 
-15 | urllib.URLopener().open(fullurl='http://www.google.com', **kwargs)
+15 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
   |

 S310.py:15:1: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
   |
-13 | urllib.Request(url)
+13 | urllib.request.Request(url)
 14 | 
-15 | urllib.URLopener().open(fullurl='http://www.google.com', **kwargs)
-   | ^^^^^^^^^^^^^^^^^^ S310
-16 | urllib.URLopener().open(fullurl='http://www.google.com')
-17 | urllib.URLopener().open('http://www.google.com')
+15 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^ S310
+16 | urllib.request.URLopener().open(fullurl='http://www.google.com')
+17 | urllib.request.URLopener().open('http://www.google.com')
   |

 S310.py:16:1: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
   |
-15 | urllib.URLopener().open(fullurl='http://www.google.com', **kwargs)
-16 | urllib.URLopener().open(fullurl='http://www.google.com')
-   | ^^^^^^^^^^^^^^^^^^ S310
-17 | urllib.URLopener().open('http://www.google.com')
-18 | urllib.URLopener().open('file:///foo/bar/baz')
+15 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
+16 | urllib.request.URLopener().open(fullurl='http://www.google.com')
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^ S310
+17 | urllib.request.URLopener().open('http://www.google.com')
+18 | urllib.request.URLopener().open('file:///foo/bar/baz')
   |

 S310.py:17:1: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
   |
-15 | urllib.URLopener().open(fullurl='http://www.google.com', **kwargs)
-16 | urllib.URLopener().open(fullurl='http://www.google.com')
-17 | urllib.URLopener().open('http://www.google.com')
-   | ^^^^^^^^^^^^^^^^^^ S310
-18 | urllib.URLopener().open('file:///foo/bar/baz')
-19 | urllib.URLopener().open(url)
+15 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
+16 | urllib.request.URLopener().open(fullurl='http://www.google.com')
+17 | urllib.request.URLopener().open('http://www.google.com')
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^ S310
+18 | urllib.request.URLopener().open('file:///foo/bar/baz')
+19 | urllib.request.URLopener().open(url)
   |

 S310.py:18:1: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
   |
-16 | urllib.URLopener().open(fullurl='http://www.google.com')
-17 | urllib.URLopener().open('http://www.google.com')
-18 | urllib.URLopener().open('file:///foo/bar/baz')
-   | ^^^^^^^^^^^^^^^^^^ S310
-19 | urllib.URLopener().open(url)
+16 | urllib.request.URLopener().open(fullurl='http://www.google.com')
+17 | urllib.request.URLopener().open('http://www.google.com')
+18 | urllib.request.URLopener().open('file:///foo/bar/baz')
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^ S310
+19 | urllib.request.URLopener().open(url)
   |

 S310.py:19:1: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
   |
-17 | urllib.URLopener().open('http://www.google.com')
-18 | urllib.URLopener().open('file:///foo/bar/baz')
-19 | urllib.URLopener().open(url)
-   | ^^^^^^^^^^^^^^^^^^ S310
+17 | urllib.request.URLopener().open('http://www.google.com')
+18 | urllib.request.URLopener().open('file:///foo/bar/baz')
+19 | urllib.request.URLopener().open(url)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^ S310
   |