Example #1
0
    def test_report(self):
        b_html.report(self.manager, self.tmp_fname, self.issue.severity, self.issue.confidence)

        with open(self.tmp_fname) as f:
            soup = BeautifulSoup(f.read(), "html.parser")
            sev_span = soup.find_all("span", class_="severity")[0]
            conf_span = soup.find_all("span", class_="confidence")[0]
            text_h2 = soup.find_all("h2", class_="test_text")[0]
            self.assertEqual(self.issue.severity, sev_span.string)
            self.assertEqual(self.issue.confidence, conf_span.string)
            self.assertEqual(self.issue.text, text_h2.string)
Example #2
0
    def test_report_with_skipped(self):
        self.manager.skipped = [('abc.py', 'File is bad')]

        b_html.report(self.manager, self.tmp_fname, bandit.LOW, bandit.LOW)

        with open(self.tmp_fname) as f:
            soup = BeautifulSoup(f.read(), 'html.parser')
            skipped_span = soup.find_all('span', id='skipped')[0]

            self.assertEqual(1, len(soup.find_all('span', id='skipped')))
            self.assertIn('abc.py', skipped_span.text)
            self.assertIn('File is bad', skipped_span.text)
Example #3
0
    def test_report_with_skipped(self):
        self.manager.skipped = [('abc.py', 'File is bad')]

        b_html.report(
            self.manager, self.tmp_fname, bandit.LOW, bandit.LOW)

        with open(self.tmp_fname) as f:
            soup = BeautifulSoup(f.read(), 'html.parser')
            skipped_span = soup.find_all('span', id='skipped')[0]

            self.assertEqual(1, len(soup.find_all('span', id='skipped')))
            self.assertIn('abc.py', skipped_span.text)
            self.assertIn('File is bad', skipped_span.text)
Example #4
0
    def test_report_with_skipped(self):
        self.manager.skipped = [("abc.py", "File is bad")]

        with open(self.tmp_fname, "w") as tmp_file:
            b_html.report(self.manager, tmp_file, bandit.LOW, bandit.LOW)

        with open(self.tmp_fname) as f:
            soup = bs4.BeautifulSoup(f.read(), "html.parser")
            skipped = soup.find_all("div", id="skipped")[0]

            self.assertEqual(1, len(soup.find_all("div", id="skipped")))
            self.assertIn("abc.py", skipped.text)
            self.assertIn("File is bad", skipped.text)
Example #5
0
    def test_escaping(self, get_issue_list, get_code):
        self.manager.metrics.data['_totals'] = {'loc': 1000, 'nosec': 50}
        marker = '<tag in code>'

        issue_a = _get_issue_instance()
        issue_x = _get_issue_instance()
        get_code.return_value = marker

        get_issue_list.return_value = {issue_a: [issue_x]}

        with open(self.tmp_fname, 'w') as tmp_file:
            b_html.report(self.manager, tmp_file, bandit.LOW, bandit.LOW)

        with open(self.tmp_fname) as f:
            contents = f.read()
        self.assertNotIn(marker, contents)
Example #6
0
    def test_report(self):
        b_html.report(
            self.manager, self.tmp_fname, self.issue.severity,
            self.issue.confidence)

        with open(self.tmp_fname) as f:
            soup = BeautifulSoup(f.read(), 'html.parser')
            sev_span = soup.find_all('span', class_='severity')[0]
            conf_span = soup.find_all('span', class_='confidence')[0]
            loc_span = soup.find_all('span', class_='loc')[0]
            nosec_span = soup.find_all('span', class_='nosec')[0]

            self.assertEqual(self.issue.severity, sev_span.string)
            self.assertEqual(self.issue.confidence, conf_span.string)
            self.assertEqual('4', loc_span.string)
            self.assertEqual('2', nosec_span.string)
Example #7
0
    def test_escaping(self, get_issue_list, get_code):
        self.manager.metrics.data['_totals'] = {'loc': 1000, 'nosec': 50}
        marker = '<tag in code>'

        issue_a = _get_issue_instance()
        issue_x = _get_issue_instance()
        get_code.return_value = marker

        get_issue_list.return_value = {issue_a: [issue_x]}

        tmp_file = open(self.tmp_fname, 'w')
        b_html.report(
            self.manager, tmp_file, bandit.LOW, bandit.LOW)

        with open(self.tmp_fname) as f:
            contents = f.read()
        self.assertNotIn(marker, contents)
Example #8
0
    def test_report_contents(self, get_issue_list, get_code):
        self.manager.metrics.data['_totals'] = {'loc': 1000, 'nosec': 50}

        issue_a = _get_issue_instance(severity=bandit.LOW)
        issue_a.fname = 'abc.py'
        issue_a.test = 'AAAAAAA'
        issue_a.text = 'BBBBBBB'
        issue_a.confidence = 'CCCCCCC'
        # don't need to test severity, it determines the color which we're
        # testing separately

        issue_b = _get_issue_instance(severity=bandit.MEDIUM)
        issue_c = _get_issue_instance(severity=bandit.HIGH)

        issue_x = _get_issue_instance()
        get_code.return_value = 'some code'

        issue_y = _get_issue_instance()

        get_issue_list.return_value = OrderedDict([(issue_a, [issue_x, issue_y]),
                                                   (issue_b, [issue_x]),
                                                   (issue_c, [issue_y])])

        b_html.report(
            self.manager, self.tmp_fname, bandit.LOW, bandit.LOW)

        with open(self.tmp_fname) as f:
            soup = BeautifulSoup(f.read(), 'html.parser')

            self.assertEqual('1000', soup.find_all('span', id='loc')[0].text)
            self.assertEqual('50', soup.find_all('span', id='nosec')[0].text)

            issue1 = soup.find_all('span', id='issue-0')[0]
            issue2 = soup.find_all('span', id='issue-1')[0]
            issue3 = soup.find_all('span', id='issue-2')[0]

            # make sure the class has been applied properly
            self.assertEqual(1, len(issue1.find_all(
                'div', {'class': 'issue-sev-low'})))

            self.assertEqual(1, len(issue2.find_all(
                'div', {'class': 'issue-sev-medium'})))

            self.assertEqual(1, len(issue3.find_all(
                'div', {'class': 'issue-sev-high'})))

            # issue1 has a candidates section with 2 candidates in it
            self.assertEqual(1, len(issue1.find_all('span', id='candidates')))
            self.assertEqual(2, len(issue1.find_all('span', id='candidate')))

            # issue2 doesn't have candidates
            self.assertEqual(0, len(issue2.find_all('span', id='candidates')))
            self.assertEqual(0, len(issue2.find_all('span', id='candidate')))

            # issue1 doesn't have code issue 2 and 3 do
            self.assertEqual(0, len(issue1.find_all('span', id='code')))
            self.assertEqual(1, len(issue2.find_all('span', id='code')))
            self.assertEqual(1, len(issue3.find_all('span', id='code')))

            # issue2 code and issue1 first candidate have code
            self.assertIn('some code', issue1.find_all('span',
                                                       id='candidate')[0].text)
            self.assertIn('some code', issue2.find_all('span',
                                                       id='code')[0].text)

            # make sure correct things are being output in issues
            self.assertIn('AAAAAAA:', issue1.text)
            self.assertIn('BBBBBBB', issue1.text)
            self.assertIn('CCCCCCC', issue1.text)
            self.assertIn('abc.py', issue1.text)
Example #9
0
    def test_report_contents(self, get_issue_list, get_code):
        self.manager.metrics.data["_totals"] = {"loc": 1000, "nosec": 50}

        issue_a = _get_issue_instance(severity=bandit.LOW)
        issue_a.fname = "abc.py"
        issue_a.test = "AAAAAAA"
        issue_a.text = "BBBBBBB"
        issue_a.confidence = "CCCCCCC"
        # don't need to test severity, it determines the color which we're
        # testing separately

        issue_b = _get_issue_instance(severity=bandit.MEDIUM)
        issue_c = _get_issue_instance(severity=bandit.HIGH)

        issue_x = _get_issue_instance()
        get_code.return_value = "some code"

        issue_y = _get_issue_instance()

        get_issue_list.return_value = collections.OrderedDict(
            [
                (issue_a, [issue_x, issue_y]),
                (issue_b, [issue_x]),
                (issue_c, [issue_y]),
            ]
        )

        with open(self.tmp_fname, "w") as tmp_file:
            b_html.report(self.manager, tmp_file, bandit.LOW, bandit.LOW)

        with open(self.tmp_fname) as f:
            soup = bs4.BeautifulSoup(f.read(), "html.parser")

            self.assertEqual("1000", soup.find_all("span", id="loc")[0].text)
            self.assertEqual("50", soup.find_all("span", id="nosec")[0].text)

            issue1 = soup.find_all("div", id="issue-0")[0]
            issue2 = soup.find_all("div", id="issue-1")[0]
            issue3 = soup.find_all("div", id="issue-2")[0]

            # make sure the class has been applied properly
            self.assertEqual(
                1, len(issue1.find_all("div", {"class": "issue-sev-low"}))
            )

            self.assertEqual(
                1, len(issue2.find_all("div", {"class": "issue-sev-medium"}))
            )

            self.assertEqual(
                1, len(issue3.find_all("div", {"class": "issue-sev-high"}))
            )

            # issue1 has a candidates section with 2 candidates in it
            self.assertEqual(
                1, len(issue1.find_all("div", {"class": "candidates"}))
            )
            self.assertEqual(
                2, len(issue1.find_all("div", {"class": "candidate"}))
            )

            # issue2 doesn't have candidates
            self.assertEqual(
                0, len(issue2.find_all("div", {"class": "candidates"}))
            )
            self.assertEqual(
                0, len(issue2.find_all("div", {"class": "candidate"}))
            )

            # issue1 doesn't have code issue 2 and 3 do
            self.assertEqual(0, len(issue1.find_all("div", {"class": "code"})))
            self.assertEqual(1, len(issue2.find_all("div", {"class": "code"})))
            self.assertEqual(1, len(issue3.find_all("div", {"class": "code"})))

            # issue2 code and issue1 first candidate have code
            element1 = issue1.find_all("div", {"class": "candidate"})
            self.assertIn("some code", element1[0].text)
            element2 = issue2.find_all("div", {"class": "code"})
            self.assertIn("some code", element2[0].text)

            # make sure correct things are being output in issues
            self.assertIn("AAAAAAA:", issue1.text)
            self.assertIn("BBBBBBB", issue1.text)
            self.assertIn("CCCCCCC", issue1.text)
            self.assertIn("abc.py", issue1.text)
            self.assertIn("Line number: 1", issue1.text)