Allow getenv

Author: RobGeada

detectors/built_in/custom_detectors_wrapper.py

@@ -136,7 +136,7 @@ def static_code_analysis(module_path, forbidden_imports=None, forbidden_calls=No
         if isinstance(node, ast.ImportFrom):
             if node.module and node.module.split(".")[0] in forbidden_imports:
                 # Allow specific exception: from os import environ
-                if node.module == "os" and len(node.names) == 1 and node.names[0].name == "environ":
+                if node.module == "os" and len(node.names) == 1 and node.names[0].name in {"environ", "getenv"}:
                     continue
                 issues.append(f"- Forbidden import: {node.module} (line {node.lineno})")
 

tests/detectors/builtIn/test_custom.py

@@ -144,6 +144,7 @@ def test_unsafe_code(self, client):
         assert "Unsafe code detected" in str(excinfo.value)
         assert "Forbidden import: os" in str(excinfo.value) or "os.system" in str(excinfo.value)
 
+
     def test_unsafe_code_import_from(self, client):
         write_code_to_custom_detectors(UNSAFE_CODE_IMPORT_FROM)
         from detectors.built_in.custom_detectors_wrapper import CustomDetectorRegistry
@@ -152,7 +153,9 @@ def test_unsafe_code_import_from(self, client):
         assert "Unsafe code detected" in str(excinfo.value)
         assert "Forbidden import: sys" in str(excinfo.value) or "sys.path" in str(excinfo.value)
 
-    def test_unsafe_code_import_from_environ(self, client):
+
+    def test_safe_code_import_from_environ(self, client):
+        # from os import environ <- should not trigger the unsafe import error
         write_code_to_custom_detectors(SAFE_CODE_IMPORT_FROM_ENVIRON)
         from detectors.built_in.custom_detectors_wrapper import CustomDetectorRegistry
         CustomDetectorRegistry()