def setUp(self):
super(YamlFormatterTests, self).setUp()
conf = config.BanditConfig()
self.manager = manager.BanditManager(conf, 'file')
(tmp_fd, self.tmp_fname) = tempfile.mkstemp()
self.context = {'filename': self.tmp_fname,
'lineno': 4,
'linerange': [4]}
self.check_name = 'hardcoded_bind_all_interfaces'
self.issue = issue.Issue(bandit.MEDIUM, bandit.MEDIUM,
'Possible binding to all interfaces.')
self.candidates = [issue.Issue(bandit.LOW, bandit.LOW, 'Candidate A',
lineno=1),
issue.Issue(bandit.HIGH, bandit.HIGH, 'Candiate B',
lineno=2)]
self.manager.out_file = self.tmp_fname
self.issue.fname = self.context['filename']
self.issue.lineno = self.context['lineno']
self.issue.linerange = self.context['linerange']
self.issue.test = self.check_name
self.manager.results.append(self.issue)
self.manager.metrics = metrics.Metrics()
# mock up the metrics
for key in ['_totals', 'binding.py']:
self.manager.metrics.data[key] = {'loc': 4, 'nosec': 2}
for (criteria, default) in constants.CRITERIA:
for rank in constants.RANKING:
self.manager.metrics.data[key]['{0}.{1}'.format(
criteria, rank
)] = 0
def setUp(self):
super().setUp()
conf = config.BanditConfig()
self.manager = manager.BanditManager(conf, "file")
(tmp_fd, self.tmp_fname) = tempfile.mkstemp()
self.context = {
"filename": self.tmp_fname,
"lineno": 4,
"linerange": [4],
}
self.check_name = "hardcoded_bind_all_interfaces"
self.issue = issue.Issue(bandit.MEDIUM, bandit.MEDIUM,
"Possible binding to all interfaces.")
self.candidates = [
issue.Issue(bandit.LOW, bandit.LOW, "Candidate A", lineno=1),
issue.Issue(bandit.HIGH, bandit.HIGH, "Candiate B", lineno=2),
]
self.manager.out_file = self.tmp_fname
self.issue.fname = self.context["filename"]
self.issue.lineno = self.context["lineno"]
self.issue.linerange = self.context["linerange"]
self.issue.test = self.check_name
self.manager.results.append(self.issue)
self.manager.metrics = metrics.Metrics()
# mock up the metrics
for key in ["_totals", "binding.py"]:
self.manager.metrics.data[key] = {"loc": 4, "nosec": 2}
for (criteria, default) in constants.CRITERIA:
for rank in constants.RANKING:
self.manager.metrics.data[key][f"{criteria}.{rank}"] = 0
def _get_issue_instance(severity=bandit.MEDIUM, confidence=bandit.MEDIUM):
new_issue = issue.Issue(severity, confidence, "Test issue")
new_issue.fname = "code.py"
new_issue.test = "bandit_plugin"
new_issue.test_id = "B999"
new_issue.lineno = 1
return new_issue
def _get_issue_instance(severity=bandit.MEDIUM, confidence=bandit.MEDIUM):
new_issue = issue.Issue(severity, confidence, 'Test issue')
new_issue.fname = 'code.py'
new_issue.test = 'bandit_plugin'
new_issue.test_id = 'B999'
new_issue.lineno = 1
return new_issue
def setUp(self):
super().setUp()
conf = config.BanditConfig()
self.manager = manager.BanditManager(conf, "custom")
(tmp_fd, self.tmp_fname) = tempfile.mkstemp()
self.context = {
"filename": self.tmp_fname,
"lineno": 4,
"linerange": [4],
"col_offset": 30,
}
self.check_name = "hardcoded_bind_all_interfaces"
self.issue = issue.Issue(
bandit.MEDIUM,
bandit.MEDIUM,
text="Possible binding to all interfaces.",
)
self.manager.out_file = self.tmp_fname
self.issue.fname = self.context["filename"]
self.issue.lineno = self.context["lineno"]
self.issue.linerange = self.context["linerange"]
self.issue.col_offset = self.context["col_offset"]
self.issue.test = self.check_name
self.manager.results.append(self.issue)
def test_get_code(self, getline):
getline.return_value = b"\x08\x30"
new_issue = issue.Issue(bandit.MEDIUM, lineno=1)
try:
new_issue.get_code()
except UnicodeDecodeError:
self.fail("Bytes not properly decoded in issue.get_code()")
def report_issue(check, name):
return issue.Issue(
severity=check.get("level", "MEDIUM"),
confidence="HIGH",
text=check["message"].replace("{name}", name),
ident=name,
test_id=check.get("id", "LEGACY"),
)
def test_results_count(self):
levels = [constants.LOW, constants.MEDIUM, constants.HIGH]
self.manager.results = (
[issue.Issue(severity=l, confidence=l) for l in levels])
r = [self.manager.results_count(sev_filter=l, conf_filter=l)
for l in levels]
self.assertEqual([3, 2, 1], r)
def _get_issue_instance(
severity=bandit.MEDIUM,
cwe=issue.Cwe.MULTIPLE_BINDS,
confidence=bandit.MEDIUM,
):
new_issue = issue.Issue(severity, cwe, confidence, "Test issue")
new_issue.fname = "code.py"
new_issue.test = "bandit_plugin"
new_issue.lineno = 1
return new_issue
def _get_issue_instance(
self,
sev=constants.MEDIUM,
cwe=issue.Cwe.MULTIPLE_BINDS,
conf=constants.MEDIUM,
):
new_issue = issue.Issue(sev, cwe, conf, "Test issue")
new_issue.fname = "code.py"
new_issue.test = "bandit_plugin"
new_issue.lineno = 1
return new_issue
def test_results_count(self):
levels = [constants.LOW, constants.MEDIUM, constants.HIGH]
self.manager.results = [
issue.Issue(severity=level,
cwe=issue.Cwe.MULTIPLE_BINDS,
confidence=level) for level in levels
]
r = [
self.manager.results_count(sev_filter=level, conf_filter=level)
for level in levels
]
self.assertEqual([3, 2, 1], r)
def setUp(self):
super(CsvFormatterTests, self).setUp()
conf = config.BanditConfig()
self.manager = manager.BanditManager(conf, 'file')
(tmp_fd, self.tmp_fname) = tempfile.mkstemp()
self.context = {'filename': self.tmp_fname,
'lineno': 4,
'linerange': [4]}
self.check_name = 'hardcoded_bind_all_interfaces'
self.issue = issue.Issue(bandit.MEDIUM, bandit.MEDIUM,
'Possible binding to all interfaces.')
self.manager.out_file = self.tmp_fname
self.issue.fname = self.context['filename']
self.issue.lineno = self.context['lineno']
self.issue.linerange = self.context['linerange']
self.issue.test = self.check_name
self.manager.results.append(self.issue)
def _get_issue_instance(self, sev=constants.MEDIUM, conf=constants.MEDIUM):
new_issue = issue.Issue(sev, conf, 'Test issue')
new_issue.fname = 'code.py'
new_issue.test = 'bandit_plugin'
new_issue.lineno = 1
return new_issue
def report_issue(check, name):
return issue.Issue(severity=check['level'],
confidence='HIGH',
text=check['message'].replace('{name}', name),
ident=name,
test_id=check["id"])
def report_issue(check, name):
return issue.Issue(severity=check.get('level', 'MEDIUM'),
confidence='HIGH',
text=check['message'].replace('{name}', name),
ident=name,
test_id=check.get("id", 'LEGACY'))
