def test_report(self):
b_html.report(self.manager, self.tmp_fname, self.issue.severity, self.issue.confidence)
with open(self.tmp_fname) as f:
soup = BeautifulSoup(f.read(), "html.parser")
sev_span = soup.find_all("span", class_="severity")[0]
conf_span = soup.find_all("span", class_="confidence")[0]
text_h2 = soup.find_all("h2", class_="test_text")[0]
self.assertEqual(self.issue.severity, sev_span.string)
self.assertEqual(self.issue.confidence, conf_span.string)
self.assertEqual(self.issue.text, text_h2.string)
def test_report_with_skipped(self):
self.manager.skipped = [('abc.py', 'File is bad')]
b_html.report(self.manager, self.tmp_fname, bandit.LOW, bandit.LOW)
with open(self.tmp_fname) as f:
soup = BeautifulSoup(f.read(), 'html.parser')
skipped_span = soup.find_all('span', id='skipped')[0]
self.assertEqual(1, len(soup.find_all('span', id='skipped')))
self.assertIn('abc.py', skipped_span.text)
self.assertIn('File is bad', skipped_span.text)
def test_report_with_skipped(self):
self.manager.skipped = [('abc.py', 'File is bad')]
b_html.report(
self.manager, self.tmp_fname, bandit.LOW, bandit.LOW)
with open(self.tmp_fname) as f:
soup = BeautifulSoup(f.read(), 'html.parser')
skipped_span = soup.find_all('span', id='skipped')[0]
self.assertEqual(1, len(soup.find_all('span', id='skipped')))
self.assertIn('abc.py', skipped_span.text)
self.assertIn('File is bad', skipped_span.text)
def test_report_with_skipped(self):
self.manager.skipped = [("abc.py", "File is bad")]
with open(self.tmp_fname, "w") as tmp_file:
b_html.report(self.manager, tmp_file, bandit.LOW, bandit.LOW)
with open(self.tmp_fname) as f:
soup = bs4.BeautifulSoup(f.read(), "html.parser")
skipped = soup.find_all("div", id="skipped")[0]
self.assertEqual(1, len(soup.find_all("div", id="skipped")))
self.assertIn("abc.py", skipped.text)
self.assertIn("File is bad", skipped.text)
def test_escaping(self, get_issue_list, get_code):
self.manager.metrics.data['_totals'] = {'loc': 1000, 'nosec': 50}
marker = '<tag in code>'
issue_a = _get_issue_instance()
issue_x = _get_issue_instance()
get_code.return_value = marker
get_issue_list.return_value = {issue_a: [issue_x]}
with open(self.tmp_fname, 'w') as tmp_file:
b_html.report(self.manager, tmp_file, bandit.LOW, bandit.LOW)
with open(self.tmp_fname) as f:
contents = f.read()
self.assertNotIn(marker, contents)
def test_report(self):
b_html.report(
self.manager, self.tmp_fname, self.issue.severity,
self.issue.confidence)
with open(self.tmp_fname) as f:
soup = BeautifulSoup(f.read(), 'html.parser')
sev_span = soup.find_all('span', class_='severity')[0]
conf_span = soup.find_all('span', class_='confidence')[0]
loc_span = soup.find_all('span', class_='loc')[0]
nosec_span = soup.find_all('span', class_='nosec')[0]
self.assertEqual(self.issue.severity, sev_span.string)
self.assertEqual(self.issue.confidence, conf_span.string)
self.assertEqual('4', loc_span.string)
self.assertEqual('2', nosec_span.string)
def test_escaping(self, get_issue_list, get_code):
self.manager.metrics.data['_totals'] = {'loc': 1000, 'nosec': 50}
marker = '<tag in code>'
issue_a = _get_issue_instance()
issue_x = _get_issue_instance()
get_code.return_value = marker
get_issue_list.return_value = {issue_a: [issue_x]}
tmp_file = open(self.tmp_fname, 'w')
b_html.report(
self.manager, tmp_file, bandit.LOW, bandit.LOW)
with open(self.tmp_fname) as f:
contents = f.read()
self.assertNotIn(marker, contents)
def test_report_contents(self, get_issue_list, get_code):
self.manager.metrics.data['_totals'] = {'loc': 1000, 'nosec': 50}
issue_a = _get_issue_instance(severity=bandit.LOW)
issue_a.fname = 'abc.py'
issue_a.test = 'AAAAAAA'
issue_a.text = 'BBBBBBB'
issue_a.confidence = 'CCCCCCC'
# don't need to test severity, it determines the color which we're
# testing separately
issue_b = _get_issue_instance(severity=bandit.MEDIUM)
issue_c = _get_issue_instance(severity=bandit.HIGH)
issue_x = _get_issue_instance()
get_code.return_value = 'some code'
issue_y = _get_issue_instance()
get_issue_list.return_value = OrderedDict([(issue_a, [issue_x, issue_y]),
(issue_b, [issue_x]),
(issue_c, [issue_y])])
b_html.report(
self.manager, self.tmp_fname, bandit.LOW, bandit.LOW)
with open(self.tmp_fname) as f:
soup = BeautifulSoup(f.read(), 'html.parser')
self.assertEqual('1000', soup.find_all('span', id='loc')[0].text)
self.assertEqual('50', soup.find_all('span', id='nosec')[0].text)
issue1 = soup.find_all('span', id='issue-0')[0]
issue2 = soup.find_all('span', id='issue-1')[0]
issue3 = soup.find_all('span', id='issue-2')[0]
# make sure the class has been applied properly
self.assertEqual(1, len(issue1.find_all(
'div', {'class': 'issue-sev-low'})))
self.assertEqual(1, len(issue2.find_all(
'div', {'class': 'issue-sev-medium'})))
self.assertEqual(1, len(issue3.find_all(
'div', {'class': 'issue-sev-high'})))
# issue1 has a candidates section with 2 candidates in it
self.assertEqual(1, len(issue1.find_all('span', id='candidates')))
self.assertEqual(2, len(issue1.find_all('span', id='candidate')))
# issue2 doesn't have candidates
self.assertEqual(0, len(issue2.find_all('span', id='candidates')))
self.assertEqual(0, len(issue2.find_all('span', id='candidate')))
# issue1 doesn't have code issue 2 and 3 do
self.assertEqual(0, len(issue1.find_all('span', id='code')))
self.assertEqual(1, len(issue2.find_all('span', id='code')))
self.assertEqual(1, len(issue3.find_all('span', id='code')))
# issue2 code and issue1 first candidate have code
self.assertIn('some code', issue1.find_all('span',
id='candidate')[0].text)
self.assertIn('some code', issue2.find_all('span',
id='code')[0].text)
# make sure correct things are being output in issues
self.assertIn('AAAAAAA:', issue1.text)
self.assertIn('BBBBBBB', issue1.text)
self.assertIn('CCCCCCC', issue1.text)
self.assertIn('abc.py', issue1.text)
def test_report_contents(self, get_issue_list, get_code):
self.manager.metrics.data["_totals"] = {"loc": 1000, "nosec": 50}
issue_a = _get_issue_instance(severity=bandit.LOW)
issue_a.fname = "abc.py"
issue_a.test = "AAAAAAA"
issue_a.text = "BBBBBBB"
issue_a.confidence = "CCCCCCC"
# don't need to test severity, it determines the color which we're
# testing separately
issue_b = _get_issue_instance(severity=bandit.MEDIUM)
issue_c = _get_issue_instance(severity=bandit.HIGH)
issue_x = _get_issue_instance()
get_code.return_value = "some code"
issue_y = _get_issue_instance()
get_issue_list.return_value = collections.OrderedDict(
[
(issue_a, [issue_x, issue_y]),
(issue_b, [issue_x]),
(issue_c, [issue_y]),
]
)
with open(self.tmp_fname, "w") as tmp_file:
b_html.report(self.manager, tmp_file, bandit.LOW, bandit.LOW)
with open(self.tmp_fname) as f:
soup = bs4.BeautifulSoup(f.read(), "html.parser")
self.assertEqual("1000", soup.find_all("span", id="loc")[0].text)
self.assertEqual("50", soup.find_all("span", id="nosec")[0].text)
issue1 = soup.find_all("div", id="issue-0")[0]
issue2 = soup.find_all("div", id="issue-1")[0]
issue3 = soup.find_all("div", id="issue-2")[0]
# make sure the class has been applied properly
self.assertEqual(
1, len(issue1.find_all("div", {"class": "issue-sev-low"}))
)
self.assertEqual(
1, len(issue2.find_all("div", {"class": "issue-sev-medium"}))
)
self.assertEqual(
1, len(issue3.find_all("div", {"class": "issue-sev-high"}))
)
# issue1 has a candidates section with 2 candidates in it
self.assertEqual(
1, len(issue1.find_all("div", {"class": "candidates"}))
)
self.assertEqual(
2, len(issue1.find_all("div", {"class": "candidate"}))
)
# issue2 doesn't have candidates
self.assertEqual(
0, len(issue2.find_all("div", {"class": "candidates"}))
)
self.assertEqual(
0, len(issue2.find_all("div", {"class": "candidate"}))
)
# issue1 doesn't have code issue 2 and 3 do
self.assertEqual(0, len(issue1.find_all("div", {"class": "code"})))
self.assertEqual(1, len(issue2.find_all("div", {"class": "code"})))
self.assertEqual(1, len(issue3.find_all("div", {"class": "code"})))
# issue2 code and issue1 first candidate have code
element1 = issue1.find_all("div", {"class": "candidate"})
self.assertIn("some code", element1[0].text)
element2 = issue2.find_all("div", {"class": "code"})
self.assertIn("some code", element2[0].text)
# make sure correct things are being output in issues
self.assertIn("AAAAAAA:", issue1.text)
self.assertIn("BBBBBBB", issue1.text)
self.assertIn("CCCCCCC", issue1.text)
self.assertIn("abc.py", issue1.text)
self.assertIn("Line number: 1", issue1.text)