class VulnAnalyzer: """Class to identify security vulnerabilities in a Python project""" def __init__(self, details=False): self.details = details self.bandit = Bandit() def analyze(self, folder_path): """Analyze the content of a folder using Bandit :param folder_path: folder path :returns a dict containing the results of the analysis, like the one below { 'code_quality': .., 'modules': [..] } """ kwargs = { 'folder_path': folder_path, 'details': self.details } analysis = self.bandit.analyze(**kwargs) return analysis
def test_analyze_error(self, check_output_mock): """Test whether an exception is thrown in case of errors""" check_output_mock.side_effect = subprocess.CalledProcessError(-1, "command", output=b'output') bandit = Bandit() kwargs = { 'folder_path': os.path.join(self.repo_path, ANALYZER_TEST_FILE), 'details': False } with self.assertRaises(GraalError): _ = bandit.analyze(**kwargs)
def test_analyze_details(self): """Test whether bandit returns the expected fields data""" bandit = Bandit() kwargs = { 'folder_path': os.path.join(self.repo_path), 'details': True } result = bandit.analyze(**kwargs) self.assertIn('loc_analyzed', result) self.assertTrue(type(result['loc_analyzed']), int) self.assertIn('num_vulns', result) self.assertTrue(type(result['num_vulns']), int) self.assertIn('by_severity', result) self.assertTrue(type(result['by_severity']), dict) self.assertIn('undefined', result['by_severity']) self.assertTrue(type(result['by_severity']['undefined']), int) self.assertIn('low', result['by_severity']) self.assertTrue(type(result['by_severity']['low']), int) self.assertIn('medium', result['by_severity']) self.assertTrue(type(result['by_severity']['medium']), int) self.assertIn('high', result['by_severity']) self.assertTrue(type(result['by_severity']['high']), int) self.assertIn('by_confidence', result) self.assertTrue(type(result['by_confidence']), dict) self.assertIn('undefined', result['by_confidence']) self.assertTrue(type(result['by_confidence']['undefined']), int) self.assertIn('low', result['by_confidence']) self.assertTrue(type(result['by_confidence']['low']), int) self.assertIn('medium', result['by_confidence']) self.assertTrue(type(result['by_confidence']['medium']), int) self.assertIn('high', result['by_confidence']) self.assertTrue(type(result['by_confidence']['high']), int) self.assertIn('vulns', result) vd = result['vulns'][0] self.assertIn('file', vd) self.assertTrue(type(vd['file']), str) self.assertIn('line', vd) self.assertTrue(type(vd['line']), int) self.assertIn('severity', vd) self.assertTrue(type(vd['severity']), str) self.assertIn('confidence', vd) self.assertTrue(type(vd['confidence']), str) self.assertIn('descr', vd) self.assertTrue(type(vd['descr']), str)
def test_analyze_no_details(self): """Test whether bandit returns the expected fields data""" bandit = Bandit() kwargs = { 'folder_path': os.path.join(self.repo_path, ANALYZER_TEST_FILE), 'details': False } result = bandit.analyze(**kwargs) self.assertIn('loc_analyzed', result) self.assertTrue(type(result['loc_analyzed']), int) self.assertIn('num_vulns', result) self.assertTrue(type(result['num_vulns']), int) self.assertIn('by_severity', result) self.assertTrue(type(result['by_severity']), dict) self.assertIn('undefined', result['by_severity']) self.assertTrue(type(result['by_severity']['undefined']), int) self.assertIn('low', result['by_severity']) self.assertTrue(type(result['by_severity']['low']), int) self.assertIn('medium', result['by_severity']) self.assertTrue(type(result['by_severity']['medium']), int) self.assertIn('high', result['by_severity']) self.assertTrue(type(result['by_severity']['high']), int) self.assertIn('by_confidence', result) self.assertTrue(type(result['by_confidence']), dict) self.assertIn('undefined', result['by_confidence']) self.assertTrue(type(result['by_confidence']['undefined']), int) self.assertIn('low', result['by_confidence']) self.assertTrue(type(result['by_confidence']['low']), int) self.assertIn('medium', result['by_confidence']) self.assertTrue(type(result['by_confidence']['medium']), int) self.assertIn('high', result['by_confidence']) self.assertTrue(type(result['by_confidence']['high']), int) self.assertNotIn('vulns', result)