#  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
#  SPDX-License-Identifier: Apache-2.0

# {fact rule=module-injection@v1.0 defects=1}
def module_injection_noncompliant():
    import importlib
    module_name = input('module name')
    # Noncompliant: Untrusted user input is being passed to `import_module`.
    importlib.import_module(module_name)
# {/fact}


# {fact rule=module-injection@v1.0 defects=0}
def module_injection_compliant():
    import importlib
    allowed_module_names_list = ['example_module1', 'example_module2']
    module_name = input('module name')
    if module_name in allowed_module_names_list:
        # Compliant: User input is validated before using in `import_module()`.
        importlib.import_module(module_name)
# {/fact}