Add more random functions to B311 check (#1235)

aripollak · pre-commit-ci[bot] · web-flow · commit c58c00a24270 · 2025-02-19T09:53:19.000Z
* Add sample, randrange, and getrandbits to B311 check * Add to bad examples * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Update test_functional.py --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
diff --git a/bandit/blacklists/calls.py b/bandit/blacklists/calls.py
@@ -205,6 +205,9 @@
 |      |                     | - random.uniform                   |           |
 |      |                     | - random.triangular                |           |
 |      |                     | - random.randbytes                 |           |
+|      |                     | - random.randrange                 |           |
+|      |                     | - random.sample                    |           |
+|      |                     | - random.getrandbits               |           |
 +------+---------------------+------------------------------------+-----------+
 
 B312: telnetlib
@@ -515,6 +518,9 @@ def gen_blacklist():
                 "random.uniform",
                 "random.triangular",
                 "random.randbytes",
+                "random.sample",
+                "random.randrange",
+                "random.getrandbits",
             ],
             "Standard pseudo-random generators are not suitable for "
             "security/cryptographic purposes.",
diff --git a/examples/random_module.py b/examples/random_module.py
@@ -11,6 +11,9 @@
 bad = random.uniform()
 bad = random.triangular()
 bad = random.randbytes()
+bad = random.sample()
+bad = random.randrange()
+bad = random.getrandbits()
 
 good = os.urandom()
 good = random.SystemRandom()
diff --git a/tests/functional/test_functional.py b/tests/functional/test_functional.py
@@ -365,8 +365,8 @@ def test_popen_wrappers(self):
     def test_random_module(self):
         """Test for the `random` module."""
         expect = {
-            "SEVERITY": {"UNDEFINED": 0, "LOW": 9, "MEDIUM": 0, "HIGH": 0},
-            "CONFIDENCE": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 0, "HIGH": 9},
+            "SEVERITY": {"UNDEFINED": 0, "LOW": 12, "MEDIUM": 0, "HIGH": 0},
+            "CONFIDENCE": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 0, "HIGH": 12},
         }
         self.check_example("random_module.py", expect)
 
