From 74c3da469dcb65626474f57b7f0d30eb93be19a8 Mon Sep 17 00:00:00 2001
From: MeGaGiGaGon <107241144+MeGaGiGaGon@users.noreply.github.com>
Date: Fri, 27 Jun 2025 22:44:27 -0700
Subject: [PATCH 1/3] Core change

---
 .../src/rules/flake8_bandit/rules/suspicious_imports.rs        | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs b/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs
index a3cb2ae4cd83b..31f657164b8d0 100644
--- a/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs
+++ b/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs
@@ -396,6 +396,9 @@ pub(crate) fn suspicious_imports(checker: &Checker, stmt: &Stmt) {
                     "xmlrpc" => {
                         checker.report_diagnostic_if_enabled(SuspiciousXmlrpcImport, name.range);
                     }
+                    "wsgiref.handlers.CGIHandler" | "twisted.web.twcgi.CGIScript" => {
+                        checker.report_diagnostic_if_enabled(SuspiciousHttpoxyImport, name.range);
+                    }
                     "Crypto.Cipher" | "Crypto.Hash" | "Crypto.IO" | "Crypto.Protocol"
                     | "Crypto.PublicKey" | "Crypto.Random" | "Crypto.Signature" | "Crypto.Util" => {
                         checker.report_diagnostic_if_enabled(SuspiciousPycryptoImport, name.range);

From f403f11f189f7fcc9a5004cd0c83f72c9dbde5f4 Mon Sep 17 00:00:00 2001
From: MeGaGiGaGon <107241144+MeGaGiGaGon@users.noreply.github.com>
Date: Fri, 27 Jun 2025 22:49:45 -0700
Subject: [PATCH 2/3] Update test

---
 .../ruff_linter/resources/test/fixtures/flake8_bandit/S412.py  | 3 +++
 .../ruff_linter/resources/test/fixtures/flake8_bandit/S412.pyi | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.py b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.py
index 1b8163323ab93..fb14922db5102 100644
--- a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.py
+++ b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.py
@@ -1 +1,4 @@
 from twisted.web.twcgi import CGIScript  # S412
+import twisted.web.twcgi.CGIScript  # S412
+from wsgiref.handlers import CGIHandler  # S412
+import wsgiref.handlers.CGIHandler  # S412
\ No newline at end of file
diff --git a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.pyi b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.pyi
index 087d2ca09a0d7..0c0b3537e4280 100644
--- a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.pyi
+++ b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.pyi
@@ -1 +1,4 @@
 from twisted.web.twcgi import CGIScript
+import twisted.web.twcgi.CGIScript
+from wsgiref.handlers import CGIHandler
+import wsgiref.handlers.CGIHandler
\ No newline at end of file

From df5d9d4d5fcb9163a00fa870da5e483ef25e5031 Mon Sep 17 00:00:00 2001
From: MeGaGiGaGon <107241144+MeGaGiGaGon@users.noreply.github.com>
Date: Fri, 27 Jun 2025 23:01:32 -0700
Subject: [PATCH 3/3] Update snapshot

---
 ...s__flake8_bandit__tests__S412_S412.py.snap | 29 ++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S412_S412.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S412_S412.py.snap
index c8c325b36e030..d79dbccc1d6e1 100644
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S412_S412.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S412_S412.py.snap
@@ -1,9 +1,36 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
-snapshot_kind: text
 ---
 S412.py:1:6: S412 `httpoxy` is a set of vulnerabilities that affect application code running inCGI, or CGI-like environments. The use of CGI for web applications should be avoided
   |
 1 | from twisted.web.twcgi import CGIScript  # S412
   |      ^^^^^^^^^^^^^^^^^ S412
+2 | import twisted.web.twcgi.CGIScript  # S412
+3 | from wsgiref.handlers import CGIHandler  # S412
+  |
+
+S412.py:2:8: S412 `httpoxy` is a set of vulnerabilities that affect application code running inCGI, or CGI-like environments. The use of CGI for web applications should be avoided
+  |
+1 | from twisted.web.twcgi import CGIScript  # S412
+2 | import twisted.web.twcgi.CGIScript  # S412
+  |        ^^^^^^^^^^^^^^^^^^^^^^^^^^^ S412
+3 | from wsgiref.handlers import CGIHandler  # S412
+4 | import wsgiref.handlers.CGIHandler  # S412
+  |
+
+S412.py:3:6: S412 `httpoxy` is a set of vulnerabilities that affect application code running inCGI, or CGI-like environments. The use of CGI for web applications should be avoided
+  |
+1 | from twisted.web.twcgi import CGIScript  # S412
+2 | import twisted.web.twcgi.CGIScript  # S412
+3 | from wsgiref.handlers import CGIHandler  # S412
+  |      ^^^^^^^^^^^^^^^^ S412
+4 | import wsgiref.handlers.CGIHandler  # S412
+  |
+
+S412.py:4:8: S412 `httpoxy` is a set of vulnerabilities that affect application code running inCGI, or CGI-like environments. The use of CGI for web applications should be avoided
+  |
+2 | import twisted.web.twcgi.CGIScript  # S412
+3 | from wsgiref.handlers import CGIHandler  # S412
+4 | import wsgiref.handlers.CGIHandler  # S412
+  |        ^^^^^^^^^^^^^^^^^^^^^^^^^^^ S412
   |