Broken JSON on standard output

[muszalski]

Describe the bug

Hi!

When JSON format is requested the standard output starts with:

Working... ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:08

which breaks JSON.

Reproduction steps

1. Run `bandit -r . -f json` or `bandit -r . -f json -o -`
2. Check first line of the output - there is `Working...`

Expected behavior

Valid JSON on output

Bandit version

1.7.5 (Default)

Python version

3.11 (Default)

Additional context

No response

[OClark23]

@muszalski try: bandit -r . -f json -q > output.json

[FHu-HMS]

This also caused me trouble yesterday. Why not redirect this message to stderr? The 'settings' information is also output via stderr after all.

[ericwb]

FYI, you won't see the "Working ..." part if you use the -o argument. For example:
bandit -r examples/ -f json -o test.json

You can also pass -q to use quiet mode which skips the use of the progress statement.

[ericwb]

Not sure if there is a preferred way to fix this. Redirecting the progress to stderr doesn't
necessarily make sense since I do think this is acceptable output for stdout. And there are
workarounds using -o or -q to avoid the issue. But I can leave the issue open for now,
maybe there is a more ideal solution.