From 50aba51e6a708bf13598bfee51fab1adac7f52fb Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 11 Jan 2021 20:14:19 +0000 Subject: [PATCH 1/3] Update click requirement from <7.0 to <8.0 Updates the requirements on [click](https://github.com/pallets/click) to permit the latest version. - [Release notes](https://github.com/pallets/click/releases) - [Changelog](https://github.com/pallets/click/blob/master/CHANGES.rst) - [Commits](https://github.com/pallets/click/compare/0.1...7.1.2) Signed-off-by: dependabot-preview[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 0195ca8..9e65ad5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,7 +2,7 @@ Jinja2<3.0 PyGithub<2.0 cached-property<2.0 ci-py -click<7.0 +click<8.0 codecov coverage flake8 From c324c146590bb865f170032db8ab58e5c0d94593 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 11 Jan 2021 20:14:51 +0000 Subject: [PATCH 2/3] Update python-gitlab requirement from <2.0 to <3.0 Updates the requirements on [python-gitlab](https://github.com/python-gitlab/python-gitlab) to permit the latest version. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/master/ChangeLog.rst) - [Commits](https://github.com/python-gitlab/python-gitlab/compare/0.1...v2.5.0) Signed-off-by: dependabot-preview[bot] --- requirements.txt | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 0195ca8..a13ce40 100644 --- a/requirements.txt +++ b/requirements.txt @@ -8,5 +8,5 @@ coverage flake8 mock pytest -python-gitlab<2.0 +python-gitlab<3.0 tox diff --git a/setup.py b/setup.py index 03ddd4b..414f641 100644 --- a/setup.py +++ b/setup.py @@ -11,7 +11,7 @@ 'click<8.0', 'Jinja2<3.0', 'PyGithub<2.0', - 'python-gitlab<2.0', + 'python-gitlab<3.0', 'six', ] From 362678b5abe3243d8d65606cdd983722597d40bd Mon Sep 17 00:00:00 2001 From: Veda Nandusekar Date: Wed, 16 Dec 2020 11:47:28 -0800 Subject: [PATCH 3/3] Adding Bandit json parser --- README.md | 4 + lintly/parsers.py | 74 +++++++++++++++++ tests/linters_output/bandit-json.txt | 120 +++++++++++++++++++++++++++ tests/test_parsers.py | 33 ++++++++ 4 files changed, 231 insertions(+) create mode 100644 tests/linters_output/bandit-json.txt diff --git a/README.md b/README.md index 87388f6..edc22c9 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,10 @@ Now you will see a review with linting errors... ``` $ stylelint . | lintly --format=stylelint ``` +- [bandit](https://github.com/PyCQA/bandit) + ``` + $ bandit -r . --format=json | lintly --format=bandit-json + ``` - [cfn-lint](https://github.com/aws-cloudformation/cfn-python-lint) ``` diff --git a/lintly/parsers.py b/lintly/parsers.py index d34bf5e..2d4ed0c 100644 --- a/lintly/parsers.py +++ b/lintly/parsers.py @@ -234,6 +234,77 @@ def parse_violations(self, output): return violations +class BanditJSONParser(BaseLintParser): + """ + Bandit JSON format: + + [ + { + "errors": [], + "generated_at": "2021-01-07T23:39:39Z", + "metrics": { + "./lintly/formatters.py": { + "CONFIDENCE.HIGH": 1.0, + "CONFIDENCE.LOW": 0.0, + "CONFIDENCE.MEDIUM": 0.0, + "CONFIDENCE.UNDEFINED": 0.0, + "SEVERITY.HIGH": 1.0, + "SEVERITY.LOW": 0.0, + "SEVERITY.MEDIUM": 0.0, + "SEVERITY.UNDEFINED": 0.0, + "loc": 31, + "nosec": 0 + }, + "results": [ + { + "code": "13 \n14 env = Environment(\n15 loader=FileSystemLoader(TEMPLATES_PATH), + \n16 autoescape=False\n17 )\n", + "filename": "./lintly/formatters.py", + "issue_confidence": "HIGH", + "issue_severity": "HIGH", + "issue_text": "Using jinja2 templates with autoescape=False is dangerous and can lead to XSS." + "Use autoescape=True or use the select_autoescape function.", + "line_number": 14, + "line_range": [ + 14, + 15, + 16 + ], + "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b701_jinja2_autoescape_false.html", + "test_id": "B701" + "test_name": "jinja2_autoescape_false" + } + ] + } + ] + + """ + + def parse_violations(self, output): + + output = output.strip() + if not output: + return dict() + + json_data = json.loads(output) + + violations = collections.defaultdict(list) + for violation_json in json_data["results"]: + violation = Violation( + line=violation_json["line_number"], + column=0, + code="{} ({})".format( + violation_json["test_id"], violation_json["test_name"] + ), + message=violation_json["issue_text"], + ) + + path = self._normalize_path(violation_json["filename"]) + violations[path].append(violation) + + return violations + + class CfnNagParser(BaseLintParser): def parse_violations(self, output): @@ -294,6 +365,9 @@ def parse_violations(self, output): # cfn-lint default formatter 'cfn-lint': CfnLintParser(), + # Bandit Parser + "bandit-json": BanditJSONParser(), + # cfn-nag JSON output 'cfn-nag': CfnNagParser(), } diff --git a/tests/linters_output/bandit-json.txt b/tests/linters_output/bandit-json.txt new file mode 100644 index 0000000..efdf64f --- /dev/null +++ b/tests/linters_output/bandit-json.txt @@ -0,0 +1,120 @@ +{ + "errors": [], + "generated_at": "2021-01-07T23:39:39Z", + "metrics": { + "./lintly/formatters.py": { + "CONFIDENCE.HIGH": 1.0, + "CONFIDENCE.LOW": 0.0, + "CONFIDENCE.MEDIUM": 0.0, + "CONFIDENCE.UNDEFINED": 0.0, + "SEVERITY.HIGH": 1.0, + "SEVERITY.LOW": 0.0, + "SEVERITY.MEDIUM": 0.0, + "SEVERITY.UNDEFINED": 0.0, + "loc": 31, + "nosec": 0 + }, + "_totals": { + "CONFIDENCE.HIGH": 6.0, + "CONFIDENCE.LOW": 0.0, + "CONFIDENCE.MEDIUM": 0.0, + "CONFIDENCE.UNDEFINED": 0.0, + "SEVERITY.HIGH": 2.0, + "SEVERITY.LOW": 4.0, + "SEVERITY.MEDIUM": 0.0, + "SEVERITY.UNDEFINED": 0.0, + "loc": 2596, + "nosec": 0 + } + }, + "results": [ + { + "code": "13 \n14 env = Environment(\n15 loader=FileSystemLoader(TEMPLATES_PATH),\n16 autoescape=False\n17 )\n", + "filename": "./build/lib/lintly/formatters.py", + "issue_confidence": "HIGH", + "issue_severity": "HIGH", + "issue_text": "Using jinja2 templates with autoescape=False is dangerous and can lead to XSS. Use autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.", + "line_number": 14, + "line_range": [ + 14, + 15, + 16 + ], + "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b701_jinja2_autoescape_false.html", + "test_id": "B701", + "test_name": "jinja2_autoescape_false" + }, + { + "code": "13 \n14 env = Environment(\n15 loader=FileSystemLoader(TEMPLATES_PATH),\n16 autoescape=False\n17 )\n", + "filename": "./lintly/formatters.py", + "issue_confidence": "HIGH", + "issue_severity": "HIGH", + "issue_text": "Using jinja2 templates with autoescape=False is dangerous and can lead to XSS. Use autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.", + "line_number": 14, + "line_range": [ + 14, + 15, + 16 + ], + "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b701_jinja2_autoescape_false.html", + "test_id": "B701", + "test_name": "jinja2_autoescape_false" + }, + { + "code": "47 builds.LintlyBuild(config, \"Some linter output\")\n48 assert GitHubBackend.call_args[1][\"context\"] == format_and_context[2]\n", + "filename": "./tests/test_builds.py", + "issue_confidence": "HIGH", + "issue_severity": "LOW", + "issue_text": "Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.", + "line_number": 48, + "line_range": [ + 48 + ], + "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html", + "test_id": "B101", + "test_name": "assert_used" + }, + { + "code": "12 result = runner.invoke(cli.main, ['--help'])\n13 assert result.exit_code == 0\n14 assert not result.exception\n", + "filename": "./tests/test_cli.py", + "issue_confidence": "HIGH", + "issue_severity": "LOW", + "issue_text": "Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.", + "line_number": 13, + "line_range": [ + 13 + ], + "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html", + "test_id": "B101", + "test_name": "assert_used" + }, + { + "code": "13 assert result.exit_code == 0\n14 assert not result.exception\n15 assert 'Usage' in result.output\n", + "filename": "./tests/test_cli.py", + "issue_confidence": "HIGH", + "issue_severity": "LOW", + "issue_text": "Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.", + "line_number": 14, + "line_range": [ + 14 + ], + "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html", + "test_id": "B101", + "test_name": "assert_used" + }, + { + "code": "14 assert not result.exception\n15 assert 'Usage' in result.output\n16 \n", + "filename": "./tests/test_cli.py", + "issue_confidence": "HIGH", + "issue_severity": "LOW", + "issue_text": "Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.", + "line_number": 15, + "line_range": [ + 15 + ], + "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html", + "test_id": "B101", + "test_name": "assert_used" + } + ] +} \ No newline at end of file diff --git a/tests/test_parsers.py b/tests/test_parsers.py index 3e7a479..e91c725 100644 --- a/tests/test_parsers.py +++ b/tests/test_parsers.py @@ -93,6 +93,39 @@ class Flake8ParserTestCase(ParserTestCaseMixin, unittest.TestCase): } +class BanditJSONParserTestCase(ParserTestCaseMixin, unittest.TestCase): + parser = PARSERS['bandit-json'] + linter_output_file_name = 'bandit-json.txt' + expected_violations = { + 'build/lib/lintly/formatters.py': [ + {'line': 14, 'column': 0, 'code': 'B701 (jinja2_autoescape_false)', + 'message': ('Using jinja2 templates with autoescape=False is dangerous and can lead to XSS. ' + 'Use autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.')} + ], + 'lintly/formatters.py': [ + {'line': 14, 'column': 0, 'code': 'B701 (jinja2_autoescape_false)', + 'message': ('Using jinja2 templates with autoescape=False is dangerous and can lead to XSS. ' + 'Use autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.')} + ], + 'tests/test_builds.py': [ + {'line': 48, 'column': 0, 'code': 'B101 (assert_used)', + 'message': ('Use of assert detected. ' + 'The enclosed code will be removed when compiling to optimised byte code.')} + ], + 'tests/test_cli.py': [ + {'line': 13, 'column': 0, 'code': 'B101 (assert_used)', + 'message': ('Use of assert detected. ' + 'The enclosed code will be removed when compiling to optimised byte code.')}, + {'line': 14, 'column': 0, 'code': 'B101 (assert_used)', + 'message': ('Use of assert detected. ' + 'The enclosed code will be removed when compiling to optimised byte code.')}, + {'line': 15, 'column': 0, 'code': 'B101 (assert_used)', + 'message': ('Use of assert detected. ' + 'The enclosed code will be removed when compiling to optimised byte code.')} + ] + } + + class PylintJSONParserTestCase(ParserTestCaseMixin, unittest.TestCase): parser = PARSERS['pylint-json'] linter_output_file_name = 'pylint-json.txt'