Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_init_extensions(self):
# Test that an extension loader manager is returned
self.assertEqual(ext_loader.MANAGER, bandit._init_extensions())
def setUp(self):
super(BanditTestSetTests, self).setUp()
mngr = self._make_test_manager(mock.Mock)
self.patchExtMan = mock.patch('stevedore.extension.ExtensionManager')
self.mockExtMan = self.patchExtMan.start()
self.mockExtMan.return_value = mngr
self.old_ext_man = extension_loader.MANAGER
extension_loader.MANAGER = extension_loader.Manager()
self.config = mock.MagicMock()
self.config.get_setting.return_value = None
def setUp(self):
super(BanditTestSetTests, self).setUp()
mngr = self._make_test_manager(mock.Mock)
self.patchExtMan = mock.patch('stevedore.extension.ExtensionManager')
self.mockExtMan = self.patchExtMan.start()
self.mockExtMan.return_value = mngr
self.old_ext_man = extension_loader.MANAGER
extension_loader.MANAGER = extension_loader.Manager()
self.config = mock.MagicMock()
self.config.get_setting.return_value = None
def get_url(bid):
# NOTE(tkelsey): for some reason this import can't be found when stevedore
# loads up the formatter plugin that imports this file. It is available
# later though.
from bandit.core import extension_loader
info = extension_loader.MANAGER.plugins_by_id.get(bid)
if info is not None:
return '%splugins/%s_%s.html' % (BASE_URL, bid.lower(),
info.plugin.__name__)
info = extension_loader.MANAGER.blacklist_by_id.get(bid)
if info is not None:
template = 'blacklists/blacklist_{kind}.html#{id}-{name}'
info['name'] = info['name'].replace('_', '-')
if info['id'].startswith('B3'): # B3XX
# Some of the links are combined, so we have exception cases
if info['id'] in ['B304', 'B305']:
info = info.copy()
info['id'] = 'b304-b305'
info['name'] = 'ciphers-and-modes'
elif info['id'] in ['B313', 'B314', 'B315', 'B316', 'B317',
def output_results(self, lines, sev_level, conf_level, output_file,
output_format, template=None):
'''Outputs results from the result store
:param lines: How many surrounding lines to show per result
:param sev_level: Which severity levels to show (LOW, MEDIUM, HIGH)
:param conf_level: Which confidence levels to show (LOW, MEDIUM, HIGH)
:param output_file: File to store results
:param output_format: output format plugin name
:param template: Output template with non-terminal tags
(default: {abspath}:{line}:
{test_id}[bandit]: {severity}: {msg})
:return: -
'''
try:
formatters_mgr = extension_loader.MANAGER.formatters_mgr
if output_format not in formatters_mgr:
output_format = 'screen' if sys.stdout.isatty() else 'txt'
formatter = formatters_mgr[output_format]
report_func = formatter.plugin
if output_format == 'custom':
report_func(self, fileobj=output_file, sev_level=sev_level,
conf_level=conf_level, template=template)
else:
report_func(self, fileobj=output_file, sev_level=sev_level,
conf_level=conf_level, lines=lines)
except Exception as e:
raise RuntimeError("Unable to output report using '%s' formatter: "
"%s" % (output_format, str(e)))
def _write_report(self, files_list, scores, excluded_files):
formatters_mgr = extension_loader.MANAGER.formatters_mgr
try:
formatter = formatters_mgr[self.format]
except KeyError: # Unrecognized format, so use text instead
formatter = formatters_mgr['txt']
if self.format == 'csv':
self.max_lines = 1
elif formatter.name == 'txt' and self.out_file:
self.format = 'plain'
report_func = formatter.plugin
report_func(self, files_list, scores, excluded_files=excluded_files)
def get_config_settings():
config = {}
for plugin in extension_loader.MANAGER.plugins:
fn_name = plugin.name
function = plugin.plugin
# if a function takes config...
if hasattr(function, '_takes_config'):
fn_module = importlib.import_module(function.__module__)
# call the config generator if it exists
if hasattr(fn_module, 'gen_config'):
config[fn_name] = fn_module.gen_config(function._takes_config)
return yaml.safe_dump(config)
def get_url(bid):
# NOTE(tkelsey): for some reason this import can't be found when stevedore
# loads up the formatter plugin that imports this file. It is available
# later though.
from bandit.core import extension_loader
info = extension_loader.MANAGER.plugins_by_id.get(bid)
if info is not None:
return '%splugins/%s_%s.html' % (BASE_URL, bid.lower(),
info.plugin.__name__)
info = extension_loader.MANAGER.blacklist_by_id.get(bid)
if info is not None:
template = 'blacklists/blacklist_{kind}.html#{id}-{name}'
info['name'] = info['name'].replace('_', '-')
if info['id'].startswith('B3'): # B3XX
# Some of the links are combined, so we have exception cases
if info['id'] in ['B304', 'B305']:
info = info.copy()
info['id'] = 'b304-b305'
info['name'] = 'ciphers-and-modes'
elif info['id'] in ['B313', 'B314', 'B315', 'B316', 'B317',
'B318', 'B319', 'B320']:
info = info.copy()
info['id'] = 'b313-b320'
ext = template.format(
kind='calls', id=info['id'], name=info['name'])
def get_all_codes(cls):
codes = [
(code, plugin.name)
for code, plugin in extension_loader.MANAGER.plugins_by_id.items()
]
codes += [
(blacklist['id'], blacklist['message'])
for blacklist in extension_loader.MANAGER.blacklist_by_id.values()
]
return codes
def _init_extensions():
from bandit.core import extension_loader as ext_loader
return ext_loader.MANAGER