From 18d9f16a3808f9a21ebc77415986cb0cfccb5c3a Mon Sep 17 00:00:00 2001 From: Alipqb Date: Sat, 10 Jul 2021 17:59:51 +0430 Subject: [PATCH] fix reading initial values from .bandit --- bandit/cli/main.py | 42 ++++++++++++++++++++++++++++++------- tests/unit/cli/test_main.py | 40 ++++++++++++++++++++++++++++++----- 2 files changed, 69 insertions(+), 13 deletions(-) diff --git a/bandit/cli/main.py b/bandit/cli/main.py index 66f6b4d0e..bbefc931d 100644 --- a/bandit/cli/main.py +++ b/bandit/cli/main.py @@ -80,16 +80,24 @@ def _init_extensions(): return ext_loader.MANAGER -def _log_option_source(arg_val, ini_val, option_name): +def _log_option_source(default_val, arg_val, ini_val, option_name): """It's useful to show the source of each option.""" - if arg_val: - LOG.info("Using command line arg for %s", option_name) - return arg_val - elif ini_val: - LOG.info("Using ini file for %s", option_name) - return ini_val + # When default value is not defined, arg_val and ini_val is deterministic + if default_val is None: + if arg_val: + LOG.info("Using command line arg for %s", option_name) + return arg_val + elif ini_val: + LOG.info("Using ini file for %s", option_name) + return ini_val + else: + return None + # No value passed to commad line and default value is used + elif default_val == arg_val: + return ini_val if ini_val else arg_val + # Certainly a value is passed to commad line else: - return None + return arg_val def _running_under_virtualenv(): @@ -354,16 +362,19 @@ def main(): if ini_options: # prefer command line, then ini file args.excluded_paths = _log_option_source( + parser.get_default('excluded_paths'), args.excluded_paths, ini_options.get('exclude'), 'excluded paths') args.skips = _log_option_source( + parser.get_default('skips'), args.skips, ini_options.get('skips'), 'skipped tests') args.tests = _log_option_source( + parser.get_default('tests'), args.tests, ini_options.get('tests'), 'selected tests') @@ -373,6 +384,7 @@ def main(): ini_targets = ini_targets.split(',') args.targets = _log_option_source( + parser.get_default('targets'), args.targets, ini_targets, 'selected targets') @@ -380,71 +392,85 @@ def main(): # TODO(tmcpeak): any other useful options to pass from .bandit? args.recursive = _log_option_source( + parser.get_default('recursive'), args.recursive, ini_options.get('recursive'), 'recursive scan') args.agg_type = _log_option_source( + parser.get_default('agg_type'), args.agg_type, ini_options.get('aggregate'), 'aggregate output type') args.context_lines = _log_option_source( + parser.get_default('context_lines'), args.context_lines, ini_options.get('number'), 'max code lines output for issue') args.profile = _log_option_source( + parser.get_default('profile'), args.profile, ini_options.get('profile'), 'profile') args.severity = _log_option_source( + parser.get_default('severity'), args.severity, ini_options.get('level'), 'severity level') args.confidence = _log_option_source( + parser.get_default('confidence'), args.confidence, ini_options.get('confidence'), 'confidence level') args.output_format = _log_option_source( + parser.get_default('output_format'), args.output_format, ini_options.get('format'), 'output format') args.msg_template = _log_option_source( + parser.get_default('msg_template'), args.msg_template, ini_options.get('msg-template'), 'output message template') args.output_file = _log_option_source( + parser.get_default('output_file'), args.output_file, ini_options.get('output'), 'output file') args.verbose = _log_option_source( + parser.get_default('verbose'), args.verbose, ini_options.get('verbose'), 'output extra information') args.debug = _log_option_source( + parser.get_default('debug'), args.debug, ini_options.get('debug'), 'debug mode') args.quiet = _log_option_source( + parser.get_default('quiet'), args.quiet, ini_options.get('quiet'), 'silent mode') args.ignore_nosec = _log_option_source( + parser.get_default('ignore_nosec'), args.ignore_nosec, ini_options.get('ignore-nosec'), 'do not skip lines with # nosec') args.baseline = _log_option_source( + parser.get_default('baseline'), args.baseline, ini_options.get('baseline'), 'path of a baseline report') diff --git a/tests/unit/cli/test_main.py b/tests/unit/cli/test_main.py index b191699b6..ecc0f1fa1 100644 --- a/tests/unit/cli/test_main.py +++ b/tests/unit/cli/test_main.py @@ -126,25 +126,55 @@ def test_init_extensions(self): def test_log_option_source_arg_val(self): # Test that the command argument value is returned when provided + # with None or a string default value arg_val = 'file' ini_val = 'vuln' option_name = 'aggregate' - self.assertEqual(arg_val, bandit._log_option_source(arg_val, ini_val, - option_name)) + for default_val in (None, 'default'): + self.assertEqual(arg_val, bandit._log_option_source( + default_val, + arg_val, + ini_val, + option_name + )) def test_log_option_source_ini_value(self): # Test that the ini value is returned when no command argument is # provided + default_val = None ini_val = 'vuln' option_name = 'aggregate' - self.assertEqual(ini_val, bandit._log_option_source(None, ini_val, - option_name)) + self.assertEqual(ini_val, bandit._log_option_source( + default_val, + None, + ini_val, + option_name + )) + + def test_log_option_source_ini_val_with_str_default_and_no_arg_val(self): + # Test that the ini value is returned when no command argument is + # provided + default_val = "file" + arg_val = 'file' + ini_val = 'vuln' + option_name = 'aggregate' + self.assertEqual(ini_val, bandit._log_option_source( + default_val, + arg_val, + ini_val, + option_name + )) def test_log_option_source_no_values(self): # Test that None is returned when no command argument or ini value are # provided option_name = 'aggregate' - self.assertIsNone(bandit._log_option_source(None, None, option_name)) + self.assertIsNone(bandit._log_option_source( + None, + None, + None, + option_name + )) @mock.patch('sys.argv', ['bandit', '-c', 'bandit.yaml', 'test']) def test_main_config_unopenable(self):