async def bandit_lint_partition(
partition: BanditPartition,
bandit: Bandit,
python_setup: PythonSetup,
subprocess_encoding_environment: SubprocessEncodingEnvironment,
) -> LintResult:
requirements_pex_request = Get[Pex](PexRequest(
output_filename="bandit.pex",
requirements=PexRequirements(bandit.get_requirement_specs()),
interpreter_constraints=(partition.interpreter_constraints
or PexInterpreterConstraints(
bandit.default_interpreter_constraints)),
entry_point=bandit.get_entry_point(),
))
config_path: Optional[str] = bandit.options.config
config_snapshot_request = Get[Snapshot](PathGlobs(
globs=[config_path] if config_path else [],
glob_match_error_behavior=GlobMatchErrorBehavior.error,
description_of_origin="the option `--bandit-config`",
))
all_source_files_request = Get[SourceFiles](AllSourceFilesRequest(
field_set.sources for field_set in partition.field_sets))
specified_source_files_request = Get[SourceFiles](
SpecifiedSourceFilesRequest((field_set.sources, field_set.origin)
for field_set in partition.field_sets))
requirements_pex, config_snapshot, all_source_files, specified_source_files = cast(
Tuple[Pex, Snapshot, SourceFiles, SourceFiles],
await MultiGet([
requirements_pex_request,
config_snapshot_request,
all_source_files_request,
specified_source_files_request,
]),
)
input_digest = await Get[Digest](MergeDigests(
(all_source_files.snapshot.digest, requirements_pex.digest,
config_snapshot.digest)))
address_references = ", ".join(
sorted(field_set.address.reference()
for field_set in partition.field_sets))
process = requirements_pex.create_process(
python_setup=python_setup,
subprocess_encoding_environment=subprocess_encoding_environment,
pex_path="./bandit.pex",
pex_args=generate_args(specified_source_files=specified_source_files,
bandit=bandit),
input_digest=input_digest,
description=
(f"Run Bandit on {pluralize(len(partition.field_sets), 'target')}: {address_references}."
),
)
result = await Get[FallibleProcessResult](Process, process)
return LintResult.from_fallible_process_result(result,
linter_name="Bandit")
async def bandit_lint(
configs: BanditConfigurations,
bandit: Bandit,
python_setup: PythonSetup,
subprocess_encoding_environment: SubprocessEncodingEnvironment,
) -> LintResult:
if bandit.options.skip:
return LintResult.noop()
# NB: Bandit output depends upon which Python interpreter version it's run with. See
# https://github.com/PyCQA/bandit#under-which-version-of-python-should-i-install-bandit.
interpreter_constraints = PexInterpreterConstraints.create_from_compatibility_fields(
(config.compatibility for config in configs), python_setup=python_setup
)
requirements_pex = await Get[Pex](
PexRequest(
output_filename="bandit.pex",
requirements=PexRequirements(bandit.get_requirement_specs()),
interpreter_constraints=interpreter_constraints,
entry_point=bandit.get_entry_point(),
)
)
config_path: Optional[str] = bandit.options.config
config_snapshot = await Get[Snapshot](
PathGlobs(
globs=tuple([config_path] if config_path else []),
glob_match_error_behavior=GlobMatchErrorBehavior.error,
description_of_origin="the option `--bandit-config`",
)
)
all_source_files = await Get[SourceFiles](
AllSourceFilesRequest(config.sources for config in configs)
)
specified_source_files = await Get[SourceFiles](
SpecifiedSourceFilesRequest((config.sources, config.origin) for config in configs)
)
merged_input_files = await Get[Digest](
MergeDigests(
(all_source_files.snapshot.digest, requirements_pex.digest, config_snapshot.digest)
),
)
address_references = ", ".join(sorted(config.address.reference() for config in configs))
process = requirements_pex.create_process(
python_setup=python_setup,
subprocess_encoding_environment=subprocess_encoding_environment,
pex_path=f"./bandit.pex",
pex_args=generate_args(specified_source_files=specified_source_files, bandit=bandit),
input_files=merged_input_files,
description=f"Run Bandit on {pluralize(len(configs), 'target')}: {address_references}.",
)
result = await Get[FallibleProcessResult](Process, process)
return LintResult.from_fallible_process_result(result)
async def lint(
wrapped_target: BanditTarget,
bandit: Bandit,
python_setup: PythonSetup,
subprocess_encoding_environment: SubprocessEncodingEnvironment,
) -> LintResult:
if bandit.options.skip:
return LintResult.noop()
target = wrapped_target.target
# NB: Bandit output depends upon which Python interpreter version it's run with. We ensure that
# each target runs with its own interpreter constraints. See
# https://github.com/PyCQA/bandit#under-which-version-of-python-should-i-install-bandit.
interpreter_constraints = PexInterpreterConstraints.create_from_adaptors(
adaptors=[target] if isinstance(target, PythonTargetAdaptor) else [],
python_setup=python_setup)
config_path: Optional[str] = bandit.options.config
config_snapshot = await Get[Snapshot](PathGlobs(
globs=tuple([config_path] if config_path else []),
glob_match_error_behavior=GlobMatchErrorBehavior.error,
description_of_origin="the option `--bandit-config`",
))
requirements_pex = await Get[Pex](CreatePex(
output_filename="bandit.pex",
requirements=PexRequirements(
requirements=tuple(bandit.get_requirement_specs())),
interpreter_constraints=interpreter_constraints,
entry_point=bandit.get_entry_point(),
))
merged_input_files = await Get[Digest](DirectoriesToMerge(directories=(
target.sources.snapshot.directory_digest,
requirements_pex.directory_digest,
config_snapshot.directory_digest,
)), )
request = requirements_pex.create_execute_request(
python_setup=python_setup,
subprocess_encoding_environment=subprocess_encoding_environment,
pex_path=f'./bandit.pex',
pex_args=generate_args(wrapped_target, bandit),
input_files=merged_input_files,
description=f'Run Bandit for {target.address.reference()}',
)
result = await Get[FallibleExecuteProcessResult](ExecuteProcessRequest,
request)
return LintResult.from_fallible_execute_process_result(result)
async def bandit_lint_partition(partition: BanditPartition,
bandit: Bandit) -> LintResult:
bandit_pex_get = Get(
VenvPex,
PexRequest(
output_filename="bandit.pex",
internal_only=True,
requirements=bandit.pex_requirements(),
interpreter_constraints=partition.interpreter_constraints,
main=bandit.main,
),
)
config_files_get = Get(ConfigFiles, ConfigFilesRequest,
bandit.config_request)
source_files_get = Get(
SourceFiles,
SourceFilesRequest(field_set.source
for field_set in partition.field_sets))
# Ensure that the empty report dir exists.
report_directory_digest_get = Get(Digest,
CreateDigest([Directory(REPORT_DIR)]))
bandit_pex, config_files, report_directory, source_files = await MultiGet(
bandit_pex_get, config_files_get, report_directory_digest_get,
source_files_get)
input_digest = await Get(
Digest,
MergeDigests((source_files.snapshot.digest,
config_files.snapshot.digest, report_directory)),
)
result = await Get(
FallibleProcessResult,
VenvPexProcess(
bandit_pex,
argv=generate_argv(source_files, bandit),
input_digest=input_digest,
description=
f"Run Bandit on {pluralize(len(partition.field_sets), 'file')}.",
output_directories=(REPORT_DIR, ),
level=LogLevel.DEBUG,
),
)
report = await Get(Digest, RemovePrefix(result.output_digest, REPORT_DIR))
return LintResult.from_fallible_process_result(
result,
partition_description=str(
sorted(str(c) for c in partition.interpreter_constraints)),
report=report,
)
async def lint(
linter: BanditLinter,
bandit: Bandit,
python_setup: PythonSetup,
subprocess_encoding_environment: SubprocessEncodingEnvironment,
) -> LintResult:
if bandit.options.skip:
return LintResult.noop()
adaptors_with_origins = linter.adaptors_with_origins
# NB: Bandit output depends upon which Python interpreter version it's run with. We ensure that
# each target runs with its own interpreter constraints. See
# https://github.com/PyCQA/bandit#under-which-version-of-python-should-i-install-bandit.
interpreter_constraints = PexInterpreterConstraints.create_from_adaptors(
(adaptor_with_origin.adaptor
for adaptor_with_origin in adaptors_with_origins),
python_setup=python_setup,
)
requirements_pex = await Get[Pex](PexRequest(
output_filename="bandit.pex",
requirements=PexRequirements(bandit.get_requirement_specs()),
interpreter_constraints=interpreter_constraints,
entry_point=bandit.get_entry_point(),
))
config_path: Optional[str] = bandit.options.config
config_snapshot = await Get[Snapshot](PathGlobs(
globs=tuple([config_path] if config_path else []),
glob_match_error_behavior=GlobMatchErrorBehavior.error,
description_of_origin="the option `--bandit-config`",
))
all_source_files = await Get[SourceFiles](LegacyAllSourceFilesRequest(
adaptor_with_origin.adaptor
for adaptor_with_origin in adaptors_with_origins))
specified_source_files = await Get[SourceFiles](
LegacySpecifiedSourceFilesRequest(adaptors_with_origins))
merged_input_files = await Get[Digest](DirectoriesToMerge(directories=(
all_source_files.snapshot.directory_digest,
requirements_pex.directory_digest,
config_snapshot.directory_digest,
)), )
address_references = ", ".join(
sorted(adaptor_with_origin.adaptor.address.reference()
for adaptor_with_origin in adaptors_with_origins))
request = requirements_pex.create_execute_request(
python_setup=python_setup,
subprocess_encoding_environment=subprocess_encoding_environment,
pex_path=f"./bandit.pex",
pex_args=generate_args(specified_source_files=specified_source_files,
bandit=bandit),
input_files=merged_input_files,
description=f"Run Bandit for {address_references}",
)
result = await Get[FallibleExecuteProcessResult](ExecuteProcessRequest,
request)
return LintResult.from_fallible_execute_process_result(result)