Exemplo n.º 1
    def test_report_baseline(self, get_issue_list):
        cfg_file = os.path.join(os.getcwd(), 'bandit/config/bandit.yaml')
        conf = config.BanditConfig(cfg_file)
        self.manager = manager.BanditManager(conf, 'file')

        (tmp_fd, self.tmp_fname) = tempfile.mkstemp()
        self.manager.out_file = self.tmp_fname

        issue_a = _get_issue_instance()
        issue_b = _get_issue_instance()

        issue_x = _get_issue_instance()
        issue_x.fname = 'x'
        issue_y = _get_issue_instance()
        issue_y.fname = 'y'
        issue_z = _get_issue_instance()
        issue_z.fname = 'z'

        get_issue_list.return_value = OrderedDict([(issue_a, [issue_x]),
                                                   (issue_b, [issue_y, issue_z])])

        # Validate that we're outputting the correct issues
        indent_val = ' ' * 10
        output_str_fn = 'bandit.formatters.text._output_issue_str'
        with mock.patch(output_str_fn) as output_str:
            b_text.report(self.manager, self.tmp_fname, bandit.LOW, bandit.LOW, lines=5)

            calls = [mock.call(issue_a, '', lines=5),
                     mock.call(issue_b, '', show_code=False, show_lineno=False),
                     mock.call(issue_y, indent_val, lines=5),
                     mock.call(issue_z, indent_val, lines=5)]

            output_str.assert_has_calls(calls, any_order=True)
Exemplo n.º 2
    def test_report(self):
        self.manager.verbose = True
        file_list = ['binding.py']
        scores = [{'SEVERITY': [0] * len(constants.RANKING),
                   'CONFIDENCE': [0] * len(constants.RANKING)}]
        exc_files = ['test_binding.py']

        b_text.report(self.manager, self.tmp_fname, self.issue.severity,

        with open(self.tmp_fname) as f:
            data = f.read()
            expected = '>> Issue: [%s] %s' % (self.issue.test, self.issue.text)
            self.assertIn(expected, data)
            expected = '   Severity: %s   Confidence: %s' % (
            self.assertIn(expected, data)
            expected = '   Location: %s:%d' % (self.tmp_fname,
            self.assertIn(expected, data)
            expected = 'Total lines of code: {0}'.format(
            self.assertIn(expected, data)
            expected = 'Total lines skipped (#nosec): {0}'.format(
            self.assertIn(expected, data)
Exemplo n.º 3
    def test_no_issues(self, get_issue_list):
        conf = config.BanditConfig()
        self.manager = manager.BanditManager(conf, 'file')

        (tmp_fd, self.tmp_fname) = tempfile.mkstemp()
        self.manager.out_file = self.tmp_fname

        get_issue_list.return_value = OrderedDict()
        b_text.report(self.manager, self.tmp_fname, bandit.LOW, bandit.LOW,

        with open(self.tmp_fname) as f:
            data = f.read()
            self.assertIn('No issues identified.', data)
Exemplo n.º 4
    def test_no_issues(self, get_issue_list):
        conf = config.BanditConfig()
        self.manager = manager.BanditManager(conf, 'file')

        (tmp_fd, self.tmp_fname) = tempfile.mkstemp()
        self.manager.out_file = self.tmp_fname

        get_issue_list.return_value = collections.OrderedDict()
        tmp_file = open(self.tmp_fname, 'w')
        b_text.report(self.manager, tmp_file, bandit.LOW, bandit.LOW, lines=5)

        with open(self.tmp_fname) as f:
            data = f.read()
            self.assertIn('No issues identified.', data)
Exemplo n.º 5
    def test_no_issues(self, get_issue_list):
        cfg_file = os.path.join(os.getcwd(), 'bandit/config/bandit.yaml')
        conf = config.BanditConfig(cfg_file)
        self.manager = manager.BanditManager(conf, 'file')

        (tmp_fd, self.tmp_fname) = tempfile.mkstemp()
        self.manager.out_file = self.tmp_fname

        get_issue_list.return_value = OrderedDict()
        b_text.report(self.manager, self.tmp_fname, bandit.LOW, bandit.LOW,

        with open(self.tmp_fname) as f:
            data = f.read()
            self.assertIn('No issues identified.', data)
Exemplo n.º 6
    def test_report_baseline(self, get_issue_list):
        conf = config.BanditConfig()
        self.manager = manager.BanditManager(conf, 'file')

        (tmp_fd, self.tmp_fname) = tempfile.mkstemp()
        self.manager.out_file = self.tmp_fname

        issue_a = _get_issue_instance()
        issue_b = _get_issue_instance()

        issue_x = _get_issue_instance()
        issue_x.fname = 'x'
        issue_y = _get_issue_instance()
        issue_y.fname = 'y'
        issue_z = _get_issue_instance()
        issue_z.fname = 'z'

        get_issue_list.return_value = collections.OrderedDict([
            (issue_a, [issue_x]), (issue_b, [issue_y, issue_z])

        # Validate that we're outputting the correct issues
        indent_val = ' ' * 10
        output_str_fn = 'bandit.formatters.text._output_issue_str'
        with mock.patch(output_str_fn) as output_str:
            output_str.return_value = 'ISSUE_OUTPUT_TEXT'

            with open(self.tmp_fname, 'w') as tmp_file:

            calls = [
                mock.call(issue_a, '', lines=5),
                mock.call(issue_b, '', show_code=False, show_lineno=False),
                mock.call(issue_y, indent_val, lines=5),
                mock.call(issue_z, indent_val, lines=5)

            output_str.assert_has_calls(calls, any_order=True)
Exemplo n.º 7
    def test_report(self):
        self.manager.verbose = True
        file_list = ['binding.py']
        scores = [{'SEVERITY': [0] * len(constants.RANKING),
                   'CONFIDENCE': [0] * len(constants.RANKING)}]
        exc_files = ['test_binding.py']

        b_text.report(self.manager, self.tmp_fname, self.issue.severity,

        with open(self.tmp_fname) as f:
            data = f.read()
            expected = '>> Issue: %s' % self.issue.text
            self.assertIn(expected, data)
            expected = '   Severity: %s   Confidence: %s' % (
            self.assertIn(expected, data)
            expected = '   Location: %s:%d' % (self.tmp_fname,
            self.assertIn(expected, data)
Exemplo n.º 8
    def test_report_baseline(self, get_issue_list):
        conf = config.BanditConfig()
        self.manager = manager.BanditManager(conf, "file")

        (tmp_fd, self.tmp_fname) = tempfile.mkstemp()
        self.manager.out_file = self.tmp_fname

        issue_a = _get_issue_instance()
        issue_b = _get_issue_instance()

        issue_x = _get_issue_instance()
        issue_x.fname = "x"
        issue_y = _get_issue_instance()
        issue_y.fname = "y"
        issue_z = _get_issue_instance()
        issue_z.fname = "z"

        get_issue_list.return_value = OrderedDict([(issue_a, [issue_x]), (issue_b, [issue_y, issue_z])])

        # Validate that we're outputting the correct issues
        indent_val = " " * 10
        output_str_fn = "bandit.formatters.text._output_issue_str"
        with mock.patch(output_str_fn) as output_str:
            output_str.return_value = "ISSUE_OUTPUT_TEXT"

            tmp_file = open(self.tmp_fname, "w")
            b_text.report(self.manager, tmp_file, bandit.LOW, bandit.LOW, lines=5)

            calls = [
                mock.call(issue_a, "", lines=5),
                mock.call(issue_b, "", show_code=False, show_lineno=False),
                mock.call(issue_y, indent_val, lines=5),
                mock.call(issue_z, indent_val, lines=5),

            output_str.assert_has_calls(calls, any_order=True)
Exemplo n.º 9
    def test_report_nobaseline(self, get_issue_list):
        conf = config.BanditConfig()
        self.manager = manager.BanditManager(conf, 'file')

        (tmp_fd, self.tmp_fname) = tempfile.mkstemp()
        self.manager.out_file = self.tmp_fname

        self.manager.verbose = True
        self.manager.files_list = ['binding.py']

        self.manager.scores = [{'SEVERITY': [0, 0, 0, 1],
                                'CONFIDENCE': [0, 0, 0, 1]}]

        self.manager.skipped = [('abc.py', 'File is bad')]
        self.manager.excluded_files = ['def.py']

        issue_a = _get_issue_instance()
        issue_b = _get_issue_instance()

        get_issue_list.return_value = [issue_a, issue_b]

        self.manager.metrics.data['_totals'] = {'loc': 1000, 'nosec': 50}
        for category in ['SEVERITY', 'CONFIDENCE']:
            for level in ['UNDEFINED', 'LOW', 'MEDIUM', 'HIGH']:
                self.manager.metrics.data['_totals']['%s.%s' %
                                                     (category, level)] = 1

        # Validate that we're outputting the correct issues
        output_str_fn = 'bandit.formatters.text._output_issue_str'
        with mock.patch(output_str_fn) as output_str:
            output_str.return_value = 'ISSUE_OUTPUT_TEXT'

            b_text.report(self.manager, self.tmp_fname, bandit.LOW, bandit.LOW,

            calls = [mock.call(issue_a, '', lines=5),
                     mock.call(issue_b, '', lines=5)]

            output_str.assert_has_calls(calls, any_order=True)

        # Validate that we're outputting all of the expected fields and the
        # correct values
        b_text.report(self.manager, self.tmp_fname, bandit.LOW, bandit.LOW,
        with open(self.tmp_fname) as f:
            data = f.read()

            expected_items = ['Run started',
                              'Files in scope (1)',
                              'binding.py (score: ',
                              "CONFIDENCE: 1",
                              "SEVERITY: 1",
                              'Files excluded (1):',
                              'Undefined: 1',
                              'Low: 1',
                              'Medium: 1',
                              'High: 1',
                              'Total lines skipped ',
                              '(#nosec): 50',
                              'Total issues (by severity)',
                              'Total issues (by confidence)',
                              'Files skipped (1)',
                              'abc.py (File is bad)'
            for item in expected_items:
                self.assertIn(item, data)
Exemplo n.º 10
    def test_report_nobaseline(self, get_issue_list):
        cfg_file = os.path.join(os.getcwd(), 'bandit/config/bandit.yaml')
        conf = config.BanditConfig(cfg_file)
        self.manager = manager.BanditManager(conf, 'file')

        (tmp_fd, self.tmp_fname) = tempfile.mkstemp()
        self.manager.out_file = self.tmp_fname

        self.manager.verbose = True
        self.manager.files_list = ['binding.py']

        self.manager.scores = [{'SEVERITY': [0, 0, 0, 1],
                                'CONFIDENCE': [0, 0, 0, 1]}]

        self.manager.skipped = [('abc.py', 'File is bad')]
        self.manager.excluded_files = ['def.py']

        issue_a = _get_issue_instance()
        issue_b = _get_issue_instance()

        get_issue_list.return_value = [issue_a, issue_b]

        self.manager.metrics.data['_totals'] = {'loc': 1000, 'nosec': 50}
        for category in ['SEVERITY', 'CONFIDENCE']:
            for level in ['UNDEFINED', 'LOW', 'MEDIUM', 'HIGH']:
                self.manager.metrics.data['_totals']['%s.%s' %
                                                     (category, level)] = 1

        # Validate that we're outputting the correct issues
        output_str_fn = 'bandit.formatters.text._output_issue_str'
        with mock.patch(output_str_fn) as output_str:
            output_str.return_value = 'ISSUE_OUTPUT_TEXT'

            b_text.report(self.manager, self.tmp_fname, bandit.LOW, bandit.LOW,

            calls = [mock.call(issue_a, '', lines=5),
                     mock.call(issue_b, '', lines=5)]

            output_str.assert_has_calls(calls, any_order=True)

        # Validate that we're outputting all of the expected fields and the
        # correct values
        b_text.report(self.manager, self.tmp_fname, bandit.LOW, bandit.LOW,
        with open(self.tmp_fname) as f:
            data = f.read()

            expected_items = ['Run started',
                              'Files in scope (1)',
                              'binding.py (score: ',
                              "CONFIDENCE: 1",
                              "SEVERITY: 1",
                              'Files excluded (1):',
                              'Undefined: 1',
                              'Low: 1',
                              'Medium: 1',
                              'High: 1',
                              'Total lines skipped ',
                              '(#nosec): 50',
                              'Total issues (by severity)',
                              'Total issues (by confidence)',
                              'Files skipped (1)',
                              'abc.py (File is bad)'
            for item in expected_items:
                self.assertIn(item, data)
Exemplo n.º 11
    def test_report_nobaseline(self, get_issue_list):
        conf = config.BanditConfig()
        self.manager = manager.BanditManager(conf, "file")

        (tmp_fd, self.tmp_fname) = tempfile.mkstemp()
        self.manager.out_file = self.tmp_fname

        self.manager.verbose = True
        self.manager.files_list = ["binding.py"]

        self.manager.scores = [{
            "SEVERITY": [0, 0, 0, 1],
            "CONFIDENCE": [0, 0, 0, 1]

        self.manager.skipped = [("abc.py", "File is bad")]
        self.manager.excluded_files = ["def.py"]

        issue_a = _get_issue_instance()
        issue_b = _get_issue_instance()

        get_issue_list.return_value = [issue_a, issue_b]

        self.manager.metrics.data["_totals"] = {"loc": 1000, "nosec": 50}
        for category in ["SEVERITY", "CONFIDENCE"]:
            for level in ["UNDEFINED", "LOW", "MEDIUM", "HIGH"]:
                self.manager.metrics.data["_totals"][f"{category}.{level}"] = 1

        # Validate that we're outputting the correct issues
        output_str_fn = "bandit.formatters.text._output_issue_str"
        with mock.patch(output_str_fn) as output_str:
            output_str.return_value = "ISSUE_OUTPUT_TEXT"

            with open(self.tmp_fname, "w") as tmp_file:

            calls = [
                mock.call(issue_a, "", lines=5),
                mock.call(issue_b, "", lines=5),

            output_str.assert_has_calls(calls, any_order=True)

        # Validate that we're outputting all of the expected fields and the
        # correct values
        with open(self.tmp_fname, "w") as tmp_file:
        with open(self.tmp_fname) as f:
            data = f.read()

            expected_items = [
                "Run started",
                "Files in scope (1)",
                "binding.py (score: ",
                "CONFIDENCE: 1",
                "SEVERITY: 1",
                "Files excluded (1):",
                "Undefined: 1",
                "Low: 1",
                "Medium: 1",
                "High: 1",
                "Total lines skipped ",
                "(#nosec): 50",
                "Total issues (by severity)",
                "Total issues (by confidence)",
                "Files skipped (1)",
                "abc.py (File is bad)",
            for item in expected_items:
                self.assertIn(item, data)
Exemplo n.º 12
    def test_report_nobaseline(self, get_issue_list):
        conf = config.BanditConfig()
        self.manager = manager.BanditManager(conf, "file")

        (tmp_fd, self.tmp_fname) = tempfile.mkstemp()
        self.manager.out_file = self.tmp_fname

        self.manager.verbose = True
        self.manager.files_list = ["binding.py"]

        self.manager.scores = [{"SEVERITY": [0, 0, 0, 1], "CONFIDENCE": [0, 0, 0, 1]}]

        self.manager.skipped = [("abc.py", "File is bad")]
        self.manager.excluded_files = ["def.py"]

        issue_a = _get_issue_instance()
        issue_b = _get_issue_instance()

        get_issue_list.return_value = [issue_a, issue_b]

        self.manager.metrics.data["_totals"] = {"loc": 1000, "nosec": 50}
        for category in ["SEVERITY", "CONFIDENCE"]:
            for level in ["UNDEFINED", "LOW", "MEDIUM", "HIGH"]:
                self.manager.metrics.data["_totals"]["%s.%s" % (category, level)] = 1

        # Validate that we're outputting the correct issues
        output_str_fn = "bandit.formatters.text._output_issue_str"
        with mock.patch(output_str_fn) as output_str:
            output_str.return_value = "ISSUE_OUTPUT_TEXT"

            tmp_file = open(self.tmp_fname, "w")
            b_text.report(self.manager, tmp_file, bandit.LOW, bandit.LOW, lines=5)

            calls = [mock.call(issue_a, "", lines=5), mock.call(issue_b, "", lines=5)]

            output_str.assert_has_calls(calls, any_order=True)

        # Validate that we're outputting all of the expected fields and the
        # correct values
        tmp_file = open(self.tmp_fname, "w")
        b_text.report(self.manager, tmp_file, bandit.LOW, bandit.LOW, lines=5)
        with open(self.tmp_fname) as f:
            data = f.read()

            expected_items = [
                "Run started",
                "Files in scope (1)",
                "binding.py (score: ",
                "CONFIDENCE: 1",
                "SEVERITY: 1",
                "Files excluded (1):",
                "Undefined: 1",
                "Low: 1",
                "Medium: 1",
                "High: 1",
                "Total lines skipped ",
                "(#nosec): 50",
                "Total issues (by severity)",
                "Total issues (by confidence)",
                "Files skipped (1)",
                "abc.py (File is bad)",
            for item in expected_items:
                self.assertIn(item, data)