def test_file_match(tmp_path_factory: tmp_path_factory) -> None:
f = PyreTool(context_for(tmp_path_factory,
PyreTool.TOOL_ID)).file_name_filter
assert f.match("py") is None
assert f.match("foo.py") is not None
assert f.match("foo.pyi") is None
def test_run_flask_violations(tmp_path_factory: tmp_path_factory) -> None:
base_path = BASE_PATH / "tests/integration/requests"
tool = RequestsTool(
context_for(tmp_path_factory, RequestsTool.TOOL_ID, base_path))
tool.setup()
violations = tool.results()
expectation = [
Violation(
tool_id="r2c.requests",
check_id="no-auth-over-http",
path="bad.py",
line=2,
column=5,
message=
"auth is possibly used over http://, which could expose credentials. possible_urls: ['http://MYURL.com']",
severity=2,
syntactic_context=
"r = requests.get('http://MYURL.com', auth=('user', 'pass'))",
filtered=None,
link=
"https://checks.bento.dev/en/latest/flake8-requests/r2c-requests-no-auth-over-http",
)
]
assert violations == expectation
def test_run_flask_violations(tmp_path_factory: tmp_path_factory) -> None:
base_path = BASE_PATH / "tests/integration/flask"
tool = FlaskTool(
context_for(tmp_path_factory, FlaskTool.TOOL_ID, base_path))
tool.setup()
violations = tool.results()
expectation = [
Violation(
tool_id="r2c.flask",
check_id="send-file-open",
path="bad.py",
line=4,
column=1,
message=
"Passing a file-like object to flask.send_file without the mimetype or attachment_filename keyword arg will raise a ValueError. If you are sending a static file, pass in a string path to the file instead. Otherwise, specify a mimetype or attachment_filename in flask.send_file.",
severity=2,
syntactic_context='flask.send_file(open("file.txt"))',
filtered=None,
link=
"https://checks.bento.dev/en/latest/flake8-flask/send-file-open",
)
]
assert violations == expectation
def test_run_no_base_violations(tmp_path: Path) -> None:
tool = RequestsTool(
context_for(tmp_path, RequestsTool.TOOL_ID, SIMPLE_INTEGRATION_PATH))
tool.setup()
violations = tool.results(SIMPLE_TARGETS)
assert not violations
def test_run_flask_violations(tmp_path_factory: tmp_path_factory) -> None:
base_path = BASE_PATH / "tests/integration/boto3"
tool = Boto3Tool(
context_for(tmp_path_factory, Boto3Tool.TOOL_ID, base_path))
tool.setup()
violations = tool.results()
expectation = [
Violation(
tool_id="r2c.boto3",
check_id="hardcoded-access-token",
path="bad.py",
line=4,
column=11,
message=
"Hardcoded access token detected. Consider using a config file or environment variables.",
severity=2,
syntactic_context=
"session = Session(aws_access_key_id='AKIA1235678901234567',",
filtered=None,
link=
"https://checks.bento.dev/en/latest/flake8-boto3/hardcoded-access-token",
)
]
assert violations == expectation
def test_run(tmp_path: Path) -> None:
tool = Flake8Tool(
context_for(tmp_path, Flake8Tool.TOOL_ID, SIMPLE_INTEGRATION_PATH))
tool.setup()
violations = tool.results(SIMPLE_TARGETS)
expectation = [
Violation(
tool_id="flake8",
check_id="parse-error",
path="foo.py",
line=5,
column=13,
message="SyntaxError: invalid syntax",
severity=2,
syntactic_context="def broken(x)",
filtered=None,
link="",
),
Violation(
tool_id="flake8",
check_id="indentation-error",
path="foo.py",
line=6,
column=5,
message="unexpected indentation",
severity=2,
syntactic_context="return x",
filtered=None,
link=
"https://pycodestyle.readthedocs.io/en/latest/intro.html#error-codes",
),
]
assert violations == expectation
def test_run(tmp_path_factory: tmp_path_factory) -> None:
base_path = BASE_PATH / "tests/integration/simple"
tool = EslintTool(
context_for(tmp_path_factory, EslintTool.ESLINT_TOOL_ID, base_path))
tool.setup()
try:
violations = tool.results()
except subprocess.CalledProcessError as e:
print(e.stderr)
raise e
expectation = [
Violation(
tool_id="r2c.eslint",
check_id="no-console",
path="init.js",
line=0,
column=0,
message="Unexpected console statement.",
severity=1,
syntactic_context="console.log(3)",
),
Violation(
tool_id="r2c.eslint",
check_id="semi",
path="init.js",
line=0,
column=0,
message="Missing semicolon.",
severity=2,
syntactic_context="console.log(3)",
),
]
assert violations == expectation
def test_run_click_violations(tmp_path_factory: tmp_path_factory) -> None:
base_path = BASE_PATH / "tests/integration/click"
tool = ClickTool(
context_for(tmp_path_factory, ClickTool.TOOL_ID, base_path))
tool.setup()
violations = tool.results()
assert violations == EXPECTATIONS
def test_run(tmp_path: Path) -> None:
tool = EslintTool(
context_for(tmp_path, EslintTool.ESLINT_TOOL_ID,
SIMPLE_INTEGRATION_PATH))
tool.setup()
try:
violations = tool.results(SIMPLE_TARGETS)
except subprocess.CalledProcessError as e:
print(e.stderr)
raise e
expectation = [
Violation(
tool_id="eslint",
check_id="no-console",
path="init.js",
line=0,
column=0,
message="Unexpected console statement.",
severity=1,
syntactic_context="console.log(3)",
),
Violation(
tool_id="eslint",
check_id="semi",
path="init.js",
line=0,
column=0,
message="Missing semicolon.",
severity=2,
syntactic_context="console.log(3)",
),
]
assert violations == expectation
def test_run_no_base_violations(tmp_path_factory: tmp_path_factory) -> None:
base_path = BASE_PATH / "tests/integration/simple"
tool = FlaskTool(
context_for(tmp_path_factory, FlaskTool.TOOL_ID, base_path))
tool.setup()
violations = tool.results()
assert not violations
def test_file_match(tmp_path_factory: tmp_path_factory) -> None:
f = EslintTool(context_for(tmp_path_factory,
EslintTool.ESLINT_TOOL_ID)).file_name_filter
assert f.match("js") is None
assert f.match("foo.js") is not None
assert f.match("foo.jsx") is not None
assert f.match("foo.ts") is not None
assert f.match("foo.tsx") is not None
assert f.match("foo.jsa") is None
def test_jsx_run(tmp_path_factory: tmp_path_factory) -> None:
base_path = BASE_PATH / "tests/integration/react"
tool = EslintTool(
context_for(tmp_path_factory, EslintTool.ESLINT_TOOL_ID, base_path))
tool.setup()
try:
violations = tool.results([])
except subprocess.CalledProcessError as e:
print(e.stderr)
raise e
assert violations == []
def test_run_flask_violations(tmp_path: Path) -> None:
base_path = BASE_PATH / "tests/integration/requests"
tool = RequestsTool(context_for(tmp_path, RequestsTool.TOOL_ID, base_path))
tool.setup()
violations = tool.results([base_path / "bad.py"])
expectation = [
Violation(
tool_id="r2c.requests",
check_id="use-timeout",
path="bad.py",
line=3,
column=5,
message=
"requests will hang forever without a timeout. Consider adding a timeout (recommended 10 sec).",
severity=2,
syntactic_context=
"r = requests.get('http://MYURL.com', auth=('user', 'pass'))",
filtered=None,
link=
"https://checks.bento.dev/en/latest/flake8-requests/use-timeout",
),
Violation(
tool_id="r2c.requests",
check_id="no-auth-over-http",
path="bad.py",
line=3,
column=5,
message=
"auth is possibly used over http://, which could expose credentials. possible_urls: ['http://MYURL.com']",
severity=2,
syntactic_context=
"r = requests.get('http://MYURL.com', auth=('user', 'pass'))",
filtered=None,
link=
"https://checks.bento.dev/en/latest/flake8-requests/no-auth-over-http",
),
]
violations_important_info = set(
map(
lambda viol: (viol.tool_id, viol.check_id, viol.line, viol.column),
violations,
))
expectation_important_info = set(
map(
lambda viol: (viol.tool_id, viol.check_id, viol.line, viol.column),
expectation,
))
assert violations_important_info == expectation_important_info
def test_run(tmp_path_factory: tmp_path_factory) -> None:
base_path = BASE_PATH / "tests/integration/py-only"
tool = PyreTool(context_for(tmp_path_factory, PyreTool.TOOL_ID, base_path))
tool.setup()
violations = tool.results()
expectation = [
Violation(
tool_id="r2c.pyre",
check_id="6",
path="bar.py",
line=10,
column=13,
message=
"Incompatible parameter type [6]: Expected `int` for 1st anonymous parameter to call `int.__radd__` but got `str`.",
severity=2,
syntactic_context=
" x: int = cmd + 5 + os.getenv('doesnotexist')\n",
link="https://pyre-check.org/docs/error-types.html",
),
Violation(
tool_id="r2c.pyre",
check_id="6",
path="bar.py",
line=10,
column=23,
message=
"Incompatible parameter type [6]: Expected `int` for 1st anonymous parameter to call `int.__add__` but got `typing.Optional[str]`.",
severity=2,
syntactic_context=
" x: int = cmd + 5 + os.getenv('doesnotexist')\n",
link="https://pyre-check.org/docs/error-types.html",
),
Violation(
tool_id="r2c.pyre",
check_id="7",
path="bar.py",
line=11,
column=4,
message=
"Incompatible return type [7]: Expected `str` but got `None`.",
severity=2,
syntactic_context=" return None\n",
link="https://pyre-check.org/docs/error-types.html",
),
]
assert set(violations) == set(expectation)
def test_run(tmp_path: Path) -> None:
tool = BanditTool(
context_for(tmp_path, BanditTool.TOOL_ID, SIMPLE_INTEGRATION_PATH))
tool.setup()
violations = tool.results(SIMPLE_TARGETS)
expectation = [
Violation(
check_id="error",
tool_id=BanditTool.TOOL_ID,
path="foo.py",
line=0,
column=0,
message="syntax error while parsing AST from file",
severity=4,
syntactic_context="",
link=None,
),
Violation(
check_id="import-subprocess",
tool_id=BanditTool.TOOL_ID,
path="bar.py",
line=1,
column=0,
message=
"Consider possible security implications associated with subprocess module.",
severity=1,
syntactic_context=" import subprocess",
link=
"https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess",
),
Violation(
check_id="subprocess-popen-with-shell-equals-true",
tool_id=BanditTool.TOOL_ID,
path="bar.py",
line=4,
column=0,
message=
"subprocess call with shell=True identified, security issue.",
severity=3,
syntactic_context=
' subprocess.run(f"bash -c {cmd}", shell=True)',
link=
"https://bandit.readthedocs.io/en/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html",
),
]
assert violations == expectation
def test_cache_invalidation(tmp_path: Path) -> None:
tool = SgrepTool(context_for(tmp_path, SgrepTool.tool_id(), SGREP_PATH))
template_path = SGREP_PATH / ".bento" / "sgrep.yml"
config_path = cast(Path, tool.get_config_path())
shutil.copy(template_path, config_path)
with _remote_docker():
tool.setup()
violations = set(tool.results([SGREP_PATH / "flask_configs.py"]))
assert len(violations) == 8
config_path.unlink()
violations = set(tool.results([SGREP_PATH / "flask_configs.py"]))
assert len(violations) == 0
def test_run(tmp_path: Path) -> None:
tool = JinjalintTool(
context_for(tmp_path, JinjalintTool.TOOL_ID, SIMPLE_INTEGRATION_PATH)
)
tool.setup()
violations = tool.results(SIMPLE_TARGETS)
expectation = [
Violation(
check_id="anchor-missing-noreferrer",
tool_id=JinjalintTool.TOOL_ID,
path="jinja-template.html",
line=11,
column=8,
message="Pages opened with 'target=\"_blank\"' allow the new page to access the original's referrer. This can have privacy implications. Include 'rel=\"noreferrer\"' to prevent this.",
severity=2,
syntactic_context=' <a href="https://example.com" target="_blank">Test anchor</a>',
link="https://bento.dev/checks/jinja/anchor-missing-noreferrer/",
),
Violation(
check_id="anchor-missing-noopener",
tool_id=JinjalintTool.TOOL_ID,
path="jinja-template.html",
line=8,
column=11,
message="Pages opened with 'target=\"_blank\"' allow the new page to access the original's 'window.opener'. This can have security and performance implications. Include 'rel=\"noopener\"' to prevent this.",
severity=2,
syntactic_context=' <a href="https://example.com" target="_blank">Test anchor</a>',
link="https://bento.dev/checks/jinja/anchor-missing-noopener/",
),
Violation(
check_id="form-missing-csrf-protection",
tool_id=JinjalintTool.TOOL_ID,
path="jinja-template.html",
line=7,
column=8,
message="Flask apps using 'flask-wtf' require including a CSRF token in the HTML form. This check detects missing CSRF protection in HTML forms in Jinja templates.",
severity=2,
syntactic_context=' <form method="post">',
link="https://bento.dev/checks/jinja/form-missing-csrf-protection/",
),
]
assert set(violations) == set(expectation) # Avoid ordering constraints with set
def test_run(tmp_path: Path) -> None:
tool = DlintTool(context_for(tmp_path, DlintTool.TOOL_ID, SIMPLE_INTEGRATION_PATH))
tool.setup()
violations = tool.results(SIMPLE_TARGETS)
expectation = [
Violation(
check_id="regular-expression-catastrophic-backtracking",
tool_id=DlintTool.TOOL_ID,
path="baz.py",
line=4,
column=0,
message='catastrophic "re" usage - denial-of-service possible',
severity=2,
syntactic_context="re.search(r'(a+)+b', 'TEST')",
link="https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO138.md",
)
]
assert violations == expectation
def test_run(tmp_path: Path) -> None:
base_path = BASE_PATH / "tests" / "integration" / "go"
tool = GosecTool(context_for(tmp_path, GosecTool.tool_id(), base_path))
tool.setup()
violations = tool.results([base_path / "bad.go"])
assert violations == [
Violation(
tool_id="gosec",
check_id="G101",
path="bad.go",
line=7,
column=2,
message="Potential hardcoded credentials",
severity=2,
syntactic_context=
'password := "******"\n',
filtered=None,
link="https://cwe.mitre.org/data/definitions/798.html",
)
]
def test_run(tmp_path_factory: tmp_path_factory) -> None:
base_path = BASE_PATH / "tests/integration/simple"
tool = Flake8Tool(
context_for(tmp_path_factory, Flake8Tool.TOOL_ID, base_path))
tool.setup()
violations = tool.results()
expectation = [
Violation(
tool_id="r2c.flake8",
check_id="E124",
path="foo.py",
line=2,
column=0,
message="closing bracket does not match visual indentation",
severity=2,
syntactic_context=" )",
),
Violation(
tool_id="r2c.flake8",
check_id="E999",
path="foo.py",
line=5,
column=0,
message="SyntaxError: invalid syntax",
severity=2,
syntactic_context="def broken(x)",
),
Violation(
tool_id="r2c.flake8",
check_id="E113",
path="foo.py",
line=6,
column=0,
message="unexpected indentation",
severity=2,
syntactic_context=" return x",
),
]
assert violations == expectation
def test_run_flask_violations(tmp_path: Path) -> None:
tool = Boto3Tool(context_for(tmp_path, Boto3Tool.TOOL_ID, BOTO3_INTEGRATION_PATH))
tool.setup()
violations = tool.results(BOTO3_TARGETS)
expectation = [
Violation(
tool_id="r2c.boto3",
check_id="hardcoded-access-token",
path="bad.py",
line=4,
column=11,
message="Hardcoded access token detected. Consider using a config file or environment variables.",
severity=2,
syntactic_context="session = Session(aws_access_key_id='AKIA1235678901234567',",
filtered=None,
link="https://bento.dev/checks/en/latest/flake8-boto3/hardcoded-access-token",
)
]
assert violations == expectation
def test_run(tmp_path_factory: tmp_path_factory) -> None:
base_path = BASE_PATH / "tests/integration/python_taint"
tool = PythonTaintTool(
context_for(tmp_path_factory, PythonTaintTool.tool_id(), base_path))
tool.setup()
violations = tool.results()
expectation = [
Violation(
tool_id="PythonTaint",
check_id="5001: Possible shell injection",
path="source.py",
line=13,
column=22,
message=
"Possible shell injection [5001]: Data from [UserControlled] source(s) may reach [RemoteCodeExecution] sink(s)",
severity=2,
syntactic_context=" image = get_image(image_link)\n",
)
]
assert violations == expectation
def test_run(tmp_path: Path) -> None:
base_path = BASE_PATH / "tests/integration/checked_return"
tool = CheckedReturnTool(
context_for(tmp_path, CheckedReturnTool.tool_id(), base_path)
)
tool.setup()
violations = tool.results([base_path / "checkedreturn.js"])
expectation = [
Violation(
tool_id="r2c.checked_return",
check_id="checked_return",
path="checkedreturn.js",
line=25,
column=3,
message="./checkedreturn.js:25:2: error unchecked return for must_be_used (used = 11, ignored = 1)",
severity=2,
syntactic_context=" must_be_used(); //maybe a bug, but not counted for now, maybe used for its throwing effect",
)
]
assert violations == expectation
def test_typescript_run(tmp_path_factory: tmp_path_factory) -> None:
base_path = BASE_PATH / "tests/integration/js-and-ts"
tool = EslintTool(
context_for(tmp_path_factory, EslintTool.ESLINT_TOOL_ID, base_path))
tool.setup()
try:
violations = tool.results(["foo.ts"])
except subprocess.CalledProcessError as e:
print(e.stderr)
raise e
expectation = [
Violation(
tool_id="r2c.eslint",
check_id="@typescript-eslint/no-unused-vars",
path="foo.ts",
line=1,
column=7,
message="'user' is assigned a value but never used.",
severity=1,
syntactic_context="const user: int = 'Mom'",
filtered=None,
link=
"https://eslint.org/docs/rules/@typescript-eslint/no-unused-vars",
),
Violation(
tool_id="r2c.eslint",
check_id="semi",
path="foo.ts",
line=1,
column=24,
message="Missing semicolon.",
severity=2,
syntactic_context="const user: int = 'Mom'",
filtered=None,
link="https://eslint.org/docs/rules/semi",
),
]
assert violations == expectation
def test_run(tmp_path: Path) -> None:
tool = PythonTaintTool(
context_for(tmp_path, PythonTaintTool.tool_id(),
TAINT_INTEGRATION_PATH))
tool.setup()
violations = tool.results(TAINT_TARGETS)
expectation = [
Violation(
tool_id="PythonTaint",
check_id="5001: Possible shell injection",
path="source.py",
line=13,
column=22,
message=
"Possible shell injection [5001]: Data from [UserControlled] source(s) may reach [RemoteCodeExecution] sink(s)",
severity=2,
syntactic_context=" image = get_image(image_link)\n",
)
]
assert violations == expectation
def test_run(tmp_path: Path) -> None:
tool = ShellcheckTool(
context_for(tmp_path, ShellcheckTool.tool_id(), SHELL_INTEGRATION_PATH)
)
tool.setup()
violations = set(tool.results(SHELL_TARGET))
assert violations == {
Violation(
tool_id="shellcheck",
check_id="SC2068",
path="foo.sh",
line=3,
column=6,
message="Double quote array expansions to avoid re-splitting elements.",
severity=2,
syntactic_context="echo $@\n",
filtered=None,
link="https://github.com/koalaman/shellcheck/wiki/SC2068",
),
Violation(
tool_id="shellcheck",
check_id="SC2068",
path="foo",
line=3,
column=6,
message="Double quote array expansions to avoid re-splitting elements.",
severity=2,
syntactic_context="echo $@\n",
filtered=None,
link="https://github.com/koalaman/shellcheck/wiki/SC2068",
),
Violation(
tool_id="shellcheck",
check_id="SC2068",
path="bar",
line=3,
column=6,
message="Double quote array expansions to avoid re-splitting elements.",
severity=2,
syntactic_context="echo $@\n",
filtered=None,
link="https://github.com/koalaman/shellcheck/wiki/SC2068",
),
Violation(
tool_id="shellcheck",
check_id="SC2068",
path="baz",
line=3,
column=6,
message="Double quote array expansions to avoid re-splitting elements.",
severity=2,
syntactic_context="echo $@\n",
filtered=None,
link="https://github.com/koalaman/shellcheck/wiki/SC2068",
),
Violation(
tool_id="shellcheck",
check_id="SC1083",
path="test.sh",
line=5,
column=33,
message="This { is literal. Check expression (missing ;/\\n?) or quote it.",
severity=1,
syntactic_context='status_code=$(curl --write-out %{http_code} --silent --output /dev/null -X POST -H "Content-Type:application/json" -d \'{\n',
filtered=None,
link="https://github.com/koalaman/shellcheck/wiki/SC1083",
),
Violation(
tool_id="shellcheck",
check_id="SC1083",
path="test.sh",
line=5,
column=43,
message="This } is literal. Check expression (missing ;/\\n?) or quote it.",
severity=1,
syntactic_context='status_code=$(curl --write-out %{http_code} --silent --output /dev/null -X POST -H "Content-Type:application/json" -d \'{\n',
filtered=None,
link="https://github.com/koalaman/shellcheck/wiki/SC1083",
),
}
def test_file_match(tmp_path: Path) -> None:
f = Flake8Tool(context_for(tmp_path, Flake8Tool.TOOL_ID)).file_name_filter
assert f.match("py") is None
assert f.match("foo.py") is not None
assert f.match("foo.pyi") is None
def test_run(tmp_path_factory: tmp_path_factory) -> None:
base_path = BASE_PATH / "tests/integration/sgrep"
tool = SGrepTool(
context_for(tmp_path_factory, SGrepTool.tool_id(), base_path))
tool.setup()
violations = tool.results()
print(violations)
expectation = [
Violation(
tool_id="r2c.sgrep",
check_id="avoid_hardcoded_config_DEBUG",
path="flask_configs.py",
line=33,
column=1,
message=
" Hardcoded variable `DEBUG` detected. Set this by using FLASK_DEBUG environment variable",
severity=2,
syntactic_context='app.config["DEBUG"] = False',
filtered=None,
link=None,
),
Violation(
tool_id="r2c.sgrep",
check_id="avoid_hardcoded_config_DEBUG",
path="flask_configs.py",
line=31,
column=1,
message=
" Hardcoded variable `DEBUG` detected. Set this by using FLASK_DEBUG environment variable",
severity=2,
syntactic_context='app.config["DEBUG"] = True',
filtered=None,
link=None,
),
Violation(
tool_id="r2c.sgrep",
check_id="avoid_hardcoded_config_ENV",
path="flask_configs.py",
line=27,
column=1,
message=
" Hardcoded variable `ENV` detected. Set this by using FLASK_ENV environment variable",
severity=2,
syntactic_context='app.config["ENV"] = "production"',
filtered=None,
link=None,
),
Violation(
tool_id="r2c.sgrep",
check_id="avoid_hardcoded_config_ENV",
path="flask_configs.py",
line=25,
column=1,
message=
" Hardcoded variable `ENV` detected. Set this by using FLASK_ENV environment variable",
severity=2,
syntactic_context='app.config["ENV"] = "development"',
filtered=None,
link=None,
),
Violation(
tool_id="r2c.sgrep",
check_id="avoid_hardcoded_config_SECRET_KEY",
path="flask_configs.py",
line=21,
column=1,
message=
" Hardcoded variable `SECRET_KEY` detected. Use environment variables or config files instead",
severity=2,
syntactic_context=
'app.config["SECRET_KEY"] = b\'_5#y2L"F4Q8z\\n\\xec]/\'',
filtered=None,
link=None,
),
Violation(
tool_id="r2c.sgrep",
check_id="avoid_hardcoded_config_SECRET_KEY",
path="flask_configs.py",
line=19,
column=1,
message=
" Hardcoded variable `SECRET_KEY` detected. Use environment variables or config files instead",
severity=2,
syntactic_context='app.config.update(SECRET_KEY="aaaa")',
filtered=None,
link=None,
),
Violation(
tool_id="r2c.sgrep",
check_id="avoid_hardcoded_config_TESTING",
path="flask_configs.py",
line=15,
column=1,
message=
" Hardcoded variable `TESTING` detected. Use environment variables or config files instead",
severity=2,
syntactic_context="app.config.update(TESTING=True)",
filtered=None,
link=None,
),
Violation(
tool_id="r2c.sgrep",
check_id="avoid_hardcoded_config_TESTING",
path="flask_configs.py",
line=13,
column=1,
message=
" Hardcoded variable `TESTING` detected. Use environment variables or config files instead",
severity=2,
syntactic_context='app.config["TESTING"] = False',
filtered=None,
link=None,
),
Violation(
tool_id="r2c.sgrep",
check_id="avoid_hardcoded_config_TESTING",
path="flask_configs.py",
line=11,
column=1,
message=
" Hardcoded variable `TESTING` detected. Use environment variables or config files instead",
severity=2,
syntactic_context='app.config["TESTING"] = True',
filtered=None,
link=None,
),
]
assert violations == expectation
def test_run(tmp_path: Path) -> None:
tool = SgrepTool(context_for(tmp_path, SgrepTool.tool_id(), SGREP_PATH))
shutil.copy(SGREP_PATH / ".bento" / "sgrep.yml",
tool.context.resource_path / "sgrep.yml")
with _remote_docker():
tool.setup()
violations = set(tool.results([SGREP_PATH / "flask_configs.py"]))
print(violations)
expectation = {
Violation(
tool_id="sgrep",
check_id="bento.avoid_hardcoded_config_DEBUG",
path="flask_configs.py",
line=33,
column=1,
message=
"Hardcoded variable `DEBUG` detected. Set this by using FLASK_DEBUG environment variable",
severity=2,
syntactic_context='app.config["DEBUG"] = False',
filtered=None,
link=None,
),
Violation(
tool_id="sgrep",
check_id="bento.avoid_hardcoded_config_DEBUG",
path="flask_configs.py",
line=31,
column=1,
message=
"Hardcoded variable `DEBUG` detected. Set this by using FLASK_DEBUG environment variable",
severity=2,
syntactic_context='app.config["DEBUG"] = True',
filtered=None,
link=None,
),
Violation(
tool_id="sgrep",
check_id="bento.avoid_hardcoded_config_ENV",
path="flask_configs.py",
line=27,
column=1,
message=
"Hardcoded variable `ENV` detected. Set this by using FLASK_ENV environment variable",
severity=2,
syntactic_context='app.config["ENV"] = "production"',
filtered=None,
link=None,
),
Violation(
tool_id="sgrep",
check_id="bento.avoid_hardcoded_config_ENV",
path="flask_configs.py",
line=25,
column=1,
message=
"Hardcoded variable `ENV` detected. Set this by using FLASK_ENV environment variable",
severity=2,
syntactic_context='app.config["ENV"] = "development"',
filtered=None,
link=None,
),
Violation(
tool_id="sgrep",
check_id="bento.avoid_hardcoded_config_SECRET_KEY",
path="flask_configs.py",
line=19,
column=1,
message=
"Hardcoded variable `SECRET_KEY` detected. Use environment variables or config files instead",
severity=2,
syntactic_context='app.config.update(SECRET_KEY="aaaa")',
filtered=None,
link=None,
),
Violation(
tool_id="sgrep",
check_id="bento.avoid_hardcoded_config_TESTING",
path="flask_configs.py",
line=15,
column=1,
message=
"Hardcoded variable `TESTING` detected. Use environment variables or config files instead",
severity=2,
syntactic_context="app.config.update(TESTING=True)",
filtered=None,
link=None,
),
Violation(
tool_id="sgrep",
check_id="bento.avoid_hardcoded_config_TESTING",
path="flask_configs.py",
line=13,
column=1,
message=
"Hardcoded variable `TESTING` detected. Use environment variables or config files instead",
severity=2,
syntactic_context='app.config["TESTING"] = False',
filtered=None,
link=None,
),
Violation(
tool_id="sgrep",
check_id="bento.avoid_hardcoded_config_TESTING",
path="flask_configs.py",
line=11,
column=1,
message=
"Hardcoded variable `TESTING` detected. Use environment variables or config files instead",
severity=2,
syntactic_context='app.config["TESTING"] = True',
filtered=None,
link=None,
),
}
assert violations == expectation
def test_run_click_violations(tmp_path: Path) -> None:
tool = ClickTool(
context_for(tmp_path, ClickTool.TOOL_ID, CLICK_INTEGRATION_PATH))
tool.setup()
violations = tool.results(CLICK_TARGETS)
assert violations == EXPECTATIONS
