From 329e969f9d925dd4cead9c965a9cdec5cd0d343c Mon Sep 17 00:00:00 2001 From: ehooo Date: Mon, 14 Dec 2020 19:17:51 +0100 Subject: [PATCH 1/8] Fix issue #595 --- bandit/cli/main.py | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/bandit/cli/main.py b/bandit/cli/main.py index 0f71f888b..697aa3055 100644 --- a/bandit/cli/main.py +++ b/bandit/cli/main.py @@ -146,13 +146,13 @@ def main(): ) parser.add_argument( '-a', '--aggregate', dest='agg_type', - action='store', default='file', type=str, + action='store', default=None, type=str, choices=['file', 'vuln'], help='aggregate output by vulnerability (default) or by filename' ) parser.add_argument( '-n', '--number', dest='context_lines', - action='store', default=3, type=int, + action='store', default=None, type=int, help='maximum number of code lines to output for each issue' ) parser.add_argument( @@ -178,18 +178,18 @@ def main(): ) parser.add_argument( '-l', '--level', dest='severity', action='count', - default=1, help='report only issues of a given severity level or ' + default=None, help='report only issues of a given severity level or ' 'higher (-l for LOW, -ll for MEDIUM, -lll for HIGH)' ) parser.add_argument( '-i', '--confidence', dest='confidence', action='count', - default=1, help='report only issues of a given confidence level or ' + default=None, help='report only issues of a given confidence level or ' 'higher (-i for LOW, -ii for MEDIUM, -iii for HIGH)' ) output_format = 'screen' if sys.stdout.isatty() else 'txt' parser.add_argument( '-f', '--format', dest='output_format', action='store', - default=output_format, help='specify output format', + default=None, help='specify output format', choices=sorted(extension_mgr.formatter_names) ) parser.add_argument( @@ -223,7 +223,7 @@ def main(): ) parser.add_argument( '-x', '--exclude', dest='excluded_paths', action='store', - default=','.join(constants.EXCLUDE), + default=None, help='comma-separated list of paths (glob patterns ' 'supported) to exclude from scan ' '(note that these are in addition to the excluded ' @@ -404,6 +404,19 @@ def main(): ini_options.get('baseline'), 'path of a baseline report') + if args.agg_type is None: + args.agg_type = 'file' + if args.context_lines is None: + args.context_lines = 3 + if args.confidence is None: + args.confidence = 1 + if args.severity is None: + args.severity = 1 + if args.output_format is None: + args.output_format = output_format + if args.excluded_paths is None: + args.excluded_paths = ','.join(constants.EXCLUDE) + if not args.targets: LOG.error("No targets found in CLI or ini files, exiting.") sys.exit(2) From 2f50dad4faf471328ef7c0acc735a8282550e937 Mon Sep 17 00:00:00 2001 From: ehooo Date: Mon, 14 Dec 2020 19:26:14 +0100 Subject: [PATCH 2/8] squash! Fix issue #595 --- bandit/cli/main.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bandit/cli/main.py b/bandit/cli/main.py index 697aa3055..aee440ed7 100644 --- a/bandit/cli/main.py +++ b/bandit/cli/main.py @@ -179,12 +179,12 @@ def main(): parser.add_argument( '-l', '--level', dest='severity', action='count', default=None, help='report only issues of a given severity level or ' - 'higher (-l for LOW, -ll for MEDIUM, -lll for HIGH)' + 'higher (-l for LOW, -ll for MEDIUM, -lll for HIGH)' ) parser.add_argument( '-i', '--confidence', dest='confidence', action='count', default=None, help='report only issues of a given confidence level or ' - 'higher (-i for LOW, -ii for MEDIUM, -iii for HIGH)' + 'higher (-i for LOW, -ii for MEDIUM, -iii for HIGH)' ) output_format = 'screen' if sys.stdout.isatty() else 'txt' parser.add_argument( From fdfc1a0fc04a2818ad4c6c0f18bd42967f20eafa Mon Sep 17 00:00:00 2001 From: ehooo Date: Mon, 14 Dec 2020 19:31:32 +0100 Subject: [PATCH 3/8] squash! Fix issue #595 --- bandit/cli/main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bandit/cli/main.py b/bandit/cli/main.py index aee440ed7..8862e34fd 100644 --- a/bandit/cli/main.py +++ b/bandit/cli/main.py @@ -179,7 +179,7 @@ def main(): parser.add_argument( '-l', '--level', dest='severity', action='count', default=None, help='report only issues of a given severity level or ' - 'higher (-l for LOW, -ll for MEDIUM, -lll for HIGH)' + 'higher (-l for LOW, -ll for MEDIUM, -lll for HIGH)' ) parser.add_argument( '-i', '--confidence', dest='confidence', action='count', From 92a63b862547715d529afbc065c76f8787a1e68a Mon Sep 17 00:00:00 2001 From: ehooo Date: Mon, 21 Dec 2020 18:18:47 +0100 Subject: [PATCH 4/8] Fix issue #595 --- bandit/cli/main.py | 48 ++++++++++++++++++++++------------------ bandit/core/constants.py | 5 +++++ 2 files changed, 32 insertions(+), 21 deletions(-) diff --git a/bandit/cli/main.py b/bandit/cli/main.py index 8862e34fd..307c576f5 100644 --- a/bandit/cli/main.py +++ b/bandit/cli/main.py @@ -146,14 +146,16 @@ def main(): ) parser.add_argument( '-a', '--aggregate', dest='agg_type', - action='store', default=None, type=str, + action='store', default=argparse.SUPPRESS, type=str, choices=['file', 'vuln'], help='aggregate output by vulnerability (default) or by filename' + '(default: {})'.format(constants.AGG_TYPE) ) parser.add_argument( '-n', '--number', dest='context_lines', - action='store', default=None, type=int, + action='store', default=argparse.SUPPRESS, type=int, help='maximum number of code lines to output for each issue' + '(default: {})'.format(constants.CONTEXT_LINES) ) parser.add_argument( '-c', '--configfile', dest='config_file', @@ -178,18 +180,20 @@ def main(): ) parser.add_argument( '-l', '--level', dest='severity', action='count', - default=None, help='report only issues of a given severity level or ' - 'higher (-l for LOW, -ll for MEDIUM, -lll for HIGH)' + default=argparse.SUPPRESS, help='report only issues of a given severity level or ' + 'higher (-l for LOW, -ll for MEDIUM, -lll for HIGH)' + '(default: {})'.format(constants.SEVERITY) ) parser.add_argument( '-i', '--confidence', dest='confidence', action='count', - default=None, help='report only issues of a given confidence level or ' - 'higher (-i for LOW, -ii for MEDIUM, -iii for HIGH)' + default=argparse.SUPPRESS, help='report only issues of a given confidence level or ' + 'higher (-i for LOW, -ii for MEDIUM, -iii for HIGH) ' + '(default: {})'.format(constants.CONFIDENCE) ) output_format = 'screen' if sys.stdout.isatty() else 'txt' parser.add_argument( '-f', '--format', dest='output_format', action='store', - default=None, help='specify output format', + default=argparse.SUPPRESS, help='specify output format', choices=sorted(extension_mgr.formatter_names) ) parser.add_argument( @@ -223,7 +227,7 @@ def main(): ) parser.add_argument( '-x', '--exclude', dest='excluded_paths', action='store', - default=None, + default=argparse.SUPPRESS, help='comma-separated list of paths (glob patterns ' 'supported) to exclude from scan ' '(note that these are in addition to the excluded ' @@ -294,6 +298,21 @@ def main(): # setup work - parse arguments, and initialize BanditManager args = parser.parse_args() + + if not hasattr(args, 'agg_type'): + setattr(args, 'agg_type', constants.AGG_TYPE) + if not hasattr(args, 'context_lines'): + setattr(args, 'context_lines', constants.CONTEXT_LINES) + if not hasattr(args, 'confidence'): + setattr(args, 'confidence', constants.CONFIDENCE) + if not hasattr(args, 'severity'): + setattr(args, 'severity', constants.SEVERITY) + if not hasattr(args, 'output_format'): + output_format = 'screen' if sys.stdout.isatty() else 'txt' + setattr(args, 'output_format', output_format) + if not hasattr(args, 'excluded_paths'): + setattr(args, 'excluded_paths', ','.join(constants.EXCLUDE)) + # Check if `--msg-template` is not present without custom formatter if args.output_format != 'custom' and args.msg_template is not None: parser.error("--msg-template can only be used with --format=custom") @@ -404,19 +423,6 @@ def main(): ini_options.get('baseline'), 'path of a baseline report') - if args.agg_type is None: - args.agg_type = 'file' - if args.context_lines is None: - args.context_lines = 3 - if args.confidence is None: - args.confidence = 1 - if args.severity is None: - args.severity = 1 - if args.output_format is None: - args.output_format = output_format - if args.excluded_paths is None: - args.excluded_paths = ','.join(constants.EXCLUDE) - if not args.targets: LOG.error("No targets found in CLI or ini files, exiting.") sys.exit(2) diff --git a/bandit/core/constants.py b/bandit/core/constants.py index d6864557c..28a44f9e6 100644 --- a/bandit/core/constants.py +++ b/bandit/core/constants.py @@ -43,3 +43,8 @@ ".eggs", "*.egg", ) + +AGG_TYPE = 'file' +CONTEXT_LINES = 3 +CONFIDENCE = 1 +SEVERITY = 1 From 0df9adf01827106085f8816f55247d0c04e6d76f Mon Sep 17 00:00:00 2001 From: ehooo Date: Tue, 22 Dec 2020 08:22:37 +0100 Subject: [PATCH 5/8] Update help --- README.rst | 11 ++++++----- bandit/cli/main.py | 20 +++++++++++--------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/README.rst b/README.rst index 616808d6a..408c64cc3 100644 --- a/README.rst +++ b/README.rst @@ -116,10 +116,11 @@ Usage:: -h, --help show this help message and exit -r, --recursive find and process files in subdirectories -a {file,vuln}, --aggregate {file,vuln} - aggregate output by vulnerability (default) or by - filename + aggregate output by vulnerability or by filename + (default: file) -n CONTEXT_LINES, --number CONTEXT_LINES maximum number of code lines to output for each issue + (default: 3) -c CONFIG_FILE, --configfile CONFIG_FILE optional config file to use for selecting plugins and overriding defaults @@ -130,9 +131,9 @@ Usage:: -s SKIPS, --skip SKIPS comma-separated list of test IDs to skip -l, --level report only issues of a given severity level or higher - (-l for LOW, -ll for MEDIUM, -lll for HIGH) - -i, --confidence report only issues of a given confidence level or - higher (-i for LOW, -ii for MEDIUM, -iii for HIGH) + (-l for LOW, -ll for MEDIUM, -lll for HIGH) (default: 1) + -i, --confidence report only issues of a given confidence level or higher + (-i for LOW, -ii for MEDIUM, -iii for HIGH) (default: 1) -f {csv,custom,html,json,screen,txt,xml,yaml}, --format {csv,custom,html,json,screen,txt,xml,yaml} specify output format --msg-template MSG_TEMPLATE diff --git a/bandit/cli/main.py b/bandit/cli/main.py index 307c576f5..fd4211fdc 100644 --- a/bandit/cli/main.py +++ b/bandit/cli/main.py @@ -148,13 +148,13 @@ def main(): '-a', '--aggregate', dest='agg_type', action='store', default=argparse.SUPPRESS, type=str, choices=['file', 'vuln'], - help='aggregate output by vulnerability (default) or by filename' + help='aggregate output by vulnerability or by filename ' '(default: {})'.format(constants.AGG_TYPE) ) parser.add_argument( '-n', '--number', dest='context_lines', action='store', default=argparse.SUPPRESS, type=int, - help='maximum number of code lines to output for each issue' + help='maximum number of code lines to output for each issue ' '(default: {})'.format(constants.CONTEXT_LINES) ) parser.add_argument( @@ -180,15 +180,17 @@ def main(): ) parser.add_argument( '-l', '--level', dest='severity', action='count', - default=argparse.SUPPRESS, help='report only issues of a given severity level or ' - 'higher (-l for LOW, -ll for MEDIUM, -lll for HIGH)' - '(default: {})'.format(constants.SEVERITY) + default=argparse.SUPPRESS, + help='report only issues of a given severity level or ' + 'higher (-l for LOW, -ll for MEDIUM, -lll for HIGH) ' + '(default: {})'.format(constants.SEVERITY) ) parser.add_argument( '-i', '--confidence', dest='confidence', action='count', - default=argparse.SUPPRESS, help='report only issues of a given confidence level or ' - 'higher (-i for LOW, -ii for MEDIUM, -iii for HIGH) ' - '(default: {})'.format(constants.CONFIDENCE) + default=argparse.SUPPRESS, + help='report only issues of a given confidence level or ' + 'higher (-i for LOW, -ii for MEDIUM, -iii for HIGH) ' + '(default: {})'.format(constants.CONFIDENCE) ) output_format = 'screen' if sys.stdout.isatty() else 'txt' parser.add_argument( @@ -300,7 +302,7 @@ def main(): args = parser.parse_args() if not hasattr(args, 'agg_type'): - setattr(args, 'agg_type', constants.AGG_TYPE) + setattr(args, 'agg_type', constants.AGG_TYPE) if not hasattr(args, 'context_lines'): setattr(args, 'context_lines', constants.CONTEXT_LINES) if not hasattr(args, 'confidence'): From a772ea66b314c7078afccc0e94b75d4f1e37308c Mon Sep 17 00:00:00 2001 From: ehooo Date: Tue, 22 Dec 2020 16:57:14 +0100 Subject: [PATCH 6/8] Set on args with argparse.SUPPRESS --- bandit/cli/main.py | 53 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 39 insertions(+), 14 deletions(-) diff --git a/bandit/cli/main.py b/bandit/cli/main.py index fd4211fdc..8f0511dbc 100644 --- a/bandit/cli/main.py +++ b/bandit/cli/main.py @@ -301,20 +301,6 @@ def main(): # setup work - parse arguments, and initialize BanditManager args = parser.parse_args() - if not hasattr(args, 'agg_type'): - setattr(args, 'agg_type', constants.AGG_TYPE) - if not hasattr(args, 'context_lines'): - setattr(args, 'context_lines', constants.CONTEXT_LINES) - if not hasattr(args, 'confidence'): - setattr(args, 'confidence', constants.CONFIDENCE) - if not hasattr(args, 'severity'): - setattr(args, 'severity', constants.SEVERITY) - if not hasattr(args, 'output_format'): - output_format = 'screen' if sys.stdout.isatty() else 'txt' - setattr(args, 'output_format', output_format) - if not hasattr(args, 'excluded_paths'): - setattr(args, 'excluded_paths', ','.join(constants.EXCLUDE)) - # Check if `--msg-template` is not present without custom formatter if args.output_format != 'custom' and args.msg_template is not None: parser.error("--msg-template can only be used with --format=custom") @@ -329,10 +315,14 @@ def main(): ini_options = _get_options_from_ini(args.ini_path, args.targets) if ini_options: # prefer command line, then ini file + if not hasattr(args, 'excluded_paths'): + setattr(args, 'excluded_paths', None) args.excluded_paths = _log_option_source( args.excluded_paths, ini_options.get('exclude'), 'excluded paths') + if args.excluded_paths is None: + args.excluded_paths = ','.join(constants.EXCLUDE) args.skips = _log_option_source( args.skips, @@ -360,35 +350,56 @@ def main(): ini_options.get('recursive'), 'recursive scan') + if not hasattr(args, 'agg_type'): + setattr(args, 'agg_type', None) args.agg_type = _log_option_source( args.agg_type, ini_options.get('aggregate'), 'aggregate output type') + if args.agg_type is None: + setattr(args, 'agg_type', constants.AGG_TYPE) + if not hasattr(args, 'context_lines'): + setattr(args, 'context_lines', None) args.context_lines = _log_option_source( args.context_lines, ini_options.get('number'), 'max code lines output for issue') + if args.context_lines is None: + args.context_lines = constants.CONTEXT_LINES args.profile = _log_option_source( args.profile, ini_options.get('profile'), 'profile') + if not hasattr(args, 'severity'): + setattr(args, 'severity', None) args.severity = _log_option_source( args.severity, ini_options.get('level'), 'severity level') + if args.severity is None: + args.severity = constants.SEVERITY + if not hasattr(args, 'confidence'): + setattr(args, 'confidence', None) args.confidence = _log_option_source( args.confidence, ini_options.get('confidence'), 'confidence level') + if args.confidence is None: + args.confidence = constants.CONFIDENCE + if not hasattr(args, 'output_format'): + setattr(args, 'output_format', None) args.output_format = _log_option_source( args.output_format, ini_options.get('format'), 'output format') + if args.output_format is None: + output_format = 'screen' if sys.stdout.isatty() else 'txt' + args.output_format = output_format args.msg_template = _log_option_source( args.msg_template, @@ -424,6 +435,20 @@ def main(): args.baseline, ini_options.get('baseline'), 'path of a baseline report') + else: + if not hasattr(args, 'agg_type'): + setattr(args, 'agg_type', constants.AGG_TYPE) + if not hasattr(args, 'context_lines'): + setattr(args, 'context_lines', constants.CONTEXT_LINES) + if not hasattr(args, 'confidence'): + setattr(args, 'confidence', constants.CONFIDENCE) + if not hasattr(args, 'severity'): + setattr(args, 'severity', constants.SEVERITY) + if not hasattr(args, 'output_format'): + output_format = 'screen' if sys.stdout.isatty() else 'txt' + setattr(args, 'output_format', output_format) + if not hasattr(args, 'excluded_paths'): + setattr(args, 'excluded_paths', ','.join(constants.EXCLUDE)) if not args.targets: LOG.error("No targets found in CLI or ini files, exiting.") From 64ec692bd95a27931cdd9e0a5fec58ef3a873adc Mon Sep 17 00:00:00 2001 From: ehooo Date: Tue, 22 Dec 2020 17:03:09 +0100 Subject: [PATCH 7/8] Fix output_format access --- bandit/cli/main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bandit/cli/main.py b/bandit/cli/main.py index 8f0511dbc..0a94c1280 100644 --- a/bandit/cli/main.py +++ b/bandit/cli/main.py @@ -302,7 +302,7 @@ def main(): args = parser.parse_args() # Check if `--msg-template` is not present without custom formatter - if args.output_format != 'custom' and args.msg_template is not None: + if getattr(args, 'output_format', '') != 'custom' and args.msg_template is not None: parser.error("--msg-template can only be used with --format=custom") try: From b8b3cbbdcb9dca63b3528734272b73d5fe0a5513 Mon Sep 17 00:00:00 2001 From: ehooo Date: Tue, 22 Dec 2020 17:22:43 +0100 Subject: [PATCH 8/8] FLAKE8 --- bandit/cli/main.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/bandit/cli/main.py b/bandit/cli/main.py index 0a94c1280..b389a08fb 100644 --- a/bandit/cli/main.py +++ b/bandit/cli/main.py @@ -302,7 +302,10 @@ def main(): args = parser.parse_args() # Check if `--msg-template` is not present without custom formatter - if getattr(args, 'output_format', '') != 'custom' and args.msg_template is not None: + if ( + getattr(args, 'output_format', '') != 'custom' and + args.msg_template is not None + ): parser.error("--msg-template can only be used with --format=custom") try: