[flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)

## Summary

Permits suspicious imports (the `S4` namespaced diagnostics) from stub
files.

Closes #15207.

## Test Plan

Added tests and ran `cargo nextest run`. The test files are copied from
the `.py` variants.

Author: tjkuson

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S401.pyi

@@ -0,0 +1,2 @@
+import telnetlib
+from telnetlib import Telnet

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S402.pyi

@@ -0,0 +1,2 @@
+import ftplib
+from ftplib import FTP

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S403.pyi

@@ -0,0 +1,8 @@
+import dill
+from dill import objects
+import shelve
+from shelve import open
+import cPickle
+from cPickle import load
+import pickle
+from pickle import load

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S404.pyi

@@ -0,0 +1,3 @@
+import subprocess
+from subprocess import Popen
+from subprocess import Popen as pop

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S405.pyi

@@ -0,0 +1,4 @@
+import xml.etree.cElementTree
+from xml.etree import cElementTree
+import xml.etree.ElementTree
+from xml.etree import ElementTree

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S406.pyi

@@ -0,0 +1,3 @@
+from xml import sax
+import xml.sax as xmls
+import xml.sax

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S407.pyi

@@ -0,0 +1,2 @@
+from xml.dom import expatbuilder
+import xml.dom.expatbuilder

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S408.pyi

@@ -0,0 +1,2 @@
+from xml.dom.minidom import parseString
+import xml.dom.minidom

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S409.pyi

@@ -0,0 +1,2 @@
+from xml.dom.pulldom import parseString
+import xml.dom.pulldom

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S410.pyi

@@ -0,0 +1,2 @@
+import lxml
+from lxml import etree

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S411.pyi

@@ -0,0 +1,2 @@
+import xmlrpc
+from xmlrpc import server

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.pyi

@@ -0,0 +1 @@
+from twisted.web.twcgi import CGIScript

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S413.pyi

@@ -0,0 +1,4 @@
+import Crypto.Hash
+from Crypto.Hash import MD2
+import Crypto.PublicKey
+from Crypto.PublicKey import RSA

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S415.pyi

@@ -0,0 +1,2 @@
+import pyghmi
+from pyghmi import foo

crates/ruff_linter/src/rules/flake8_bandit/mod.rs

@@ -52,19 +52,33 @@ mod tests {
     #[test_case(Rule::SuspiciousNonCryptographicRandomUsage, Path::new("S311.py"))]
     #[test_case(Rule::SuspiciousTelnetUsage, Path::new("S312.py"))]
     #[test_case(Rule::SuspiciousTelnetlibImport, Path::new("S401.py"))]
+    #[test_case(Rule::SuspiciousTelnetlibImport, Path::new("S401.pyi"))]
     #[test_case(Rule::SuspiciousFtplibImport, Path::new("S402.py"))]
+    #[test_case(Rule::SuspiciousFtplibImport, Path::new("S402.pyi"))]
     #[test_case(Rule::SuspiciousPickleImport, Path::new("S403.py"))]
+    #[test_case(Rule::SuspiciousPickleImport, Path::new("S403.pyi"))]
     #[test_case(Rule::SuspiciousSubprocessImport, Path::new("S404.py"))]
+    #[test_case(Rule::SuspiciousSubprocessImport, Path::new("S404.pyi"))]
     #[test_case(Rule::SuspiciousXmlEtreeImport, Path::new("S405.py"))]
+    #[test_case(Rule::SuspiciousXmlEtreeImport, Path::new("S405.pyi"))]
     #[test_case(Rule::SuspiciousXmlSaxImport, Path::new("S406.py"))]
+    #[test_case(Rule::SuspiciousXmlSaxImport, Path::new("S406.pyi"))]
     #[test_case(Rule::SuspiciousXmlExpatImport, Path::new("S407.py"))]
+    #[test_case(Rule::SuspiciousXmlExpatImport, Path::new("S407.pyi"))]
     #[test_case(Rule::SuspiciousXmlMinidomImport, Path::new("S408.py"))]
+    #[test_case(Rule::SuspiciousXmlMinidomImport, Path::new("S408.pyi"))]
     #[test_case(Rule::SuspiciousXmlPulldomImport, Path::new("S409.py"))]
+    #[test_case(Rule::SuspiciousXmlPulldomImport, Path::new("S409.pyi"))]
     #[test_case(Rule::SuspiciousLxmlImport, Path::new("S410.py"))]
+    #[test_case(Rule::SuspiciousLxmlImport, Path::new("S410.pyi"))]
     #[test_case(Rule::SuspiciousXmlrpcImport, Path::new("S411.py"))]
+    #[test_case(Rule::SuspiciousXmlrpcImport, Path::new("S411.pyi"))]
     #[test_case(Rule::SuspiciousHttpoxyImport, Path::new("S412.py"))]
+    #[test_case(Rule::SuspiciousHttpoxyImport, Path::new("S412.pyi"))]
     #[test_case(Rule::SuspiciousPycryptoImport, Path::new("S413.py"))]
+    #[test_case(Rule::SuspiciousPycryptoImport, Path::new("S413.pyi"))]
     #[test_case(Rule::SuspiciousPyghmiImport, Path::new("S415.py"))]
+    #[test_case(Rule::SuspiciousPyghmiImport, Path::new("S415.pyi"))]
     #[test_case(Rule::TryExceptContinue, Path::new("S112.py"))]
     #[test_case(Rule::TryExceptPass, Path::new("S110.py"))]
     #[test_case(Rule::UnixCommandWildcardInjection, Path::new("S609.py"))]

crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs

@@ -352,6 +352,11 @@ impl Violation for SuspiciousPyghmiImport {
 
 /// S401, S402, S403, S404, S405, S406, S407, S408, S409, S410, S411, S412, S413, S415
 pub(crate) fn suspicious_imports(checker: &mut Checker, stmt: &Stmt) {
+    // Skip stub files.
+    if checker.source_type.is_stub() {
+        return;
+    }
+
     match stmt {
         Stmt::Import(ast::StmtImport { names, .. }) => {
             for name in names {

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S401_S401.pyi.snap

@@ -0,0 +1,5 @@
+---
+source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
+snapshot_kind: text
+---
+

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S402_S402.pyi.snap

@@ -0,0 +1,5 @@
+---
+source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
+snapshot_kind: text
+---
+

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S403_S403.pyi.snap

@@ -0,0 +1,5 @@
+---
+source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
+snapshot_kind: text
+---
+

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S404_S404.pyi.snap

@@ -0,0 +1,5 @@
+---
+source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
+snapshot_kind: text
+---
+

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S405_S405.pyi.snap

@@ -0,0 +1,5 @@
+---
+source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
+snapshot_kind: text
+---
+

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S406_S406.pyi.snap

@@ -0,0 +1,5 @@
+---
+source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
+snapshot_kind: text
+---
+

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S407_S407.pyi.snap

@@ -0,0 +1,5 @@
+---
+source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
+snapshot_kind: text
+---
+

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S408_S408.pyi.snap

@@ -0,0 +1,5 @@
+---
+source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
+snapshot_kind: text
+---
+

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S409_S409.pyi.snap

@@ -0,0 +1,5 @@
+---
+source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
+snapshot_kind: text
+---
+

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S410_S410.pyi.snap

@@ -0,0 +1,5 @@
+---
+source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
+snapshot_kind: text
+---
+

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S411_S411.pyi.snap

@@ -0,0 +1,5 @@
+---
+source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
+snapshot_kind: text
+---
+

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S412_S412.pyi.snap

@@ -0,0 +1,5 @@
+---
+source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
+snapshot_kind: text
+---
+

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S413_S413.pyi.snap

@@ -0,0 +1,5 @@
+---
+source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
+snapshot_kind: text
+---
+

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S415_S415.pyi.snap

@@ -0,0 +1,5 @@
+---
+source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
+snapshot_kind: text
+---
+