diff --git a/TODO b/TODO index a3521dc..2b96f6e 100644 --- a/TODO +++ b/TODO @@ -9,7 +9,6 @@ Todo Todo (tool related) - Report on python doctests. (also coverage of) - Cache tools._python_version. -- Add bandit tool for python. Done @@ -166,6 +165,7 @@ Done on the command line. - Can mypy be a tool? <- Yes, but wait for it to be included in python, or until it is an ubuntu package. +- Add bandit tool for python. A-syntax, B-tests, C-auto docs, D-lint, E-coverage, F-profile, G-tidy, H-import deps A B C D E F G H diff --git a/golden-files/results/bandit-hi3_py b/golden-files/results/bandit-hi3_py new file mode 100644 index 0000000..2545b84 --- /dev/null +++ b/golden-files/results/bandit-hi3_py @@ -0,0 +1,19 @@ +Test results: + No issues identified. + +Code scanned: + Total lines of code: 2 + Total lines skipped (#nosec): 0 + +Run metrics: + Total issues (by severity): + Undefined: 0.0 + Low: 0.0 + Medium: 0.0 + High: 0.0 + Total issues (by confidence): + Undefined: 0.0 + Low: 0.0 + Medium: 0.0 + High: 0.0 +Files skipped (0): \ No newline at end of file diff --git a/golden-files/results/bandit-hi_py b/golden-files/results/bandit-hi_py new file mode 100644 index 0000000..70a5fbf --- /dev/null +++ b/golden-files/results/bandit-hi_py @@ -0,0 +1,19 @@ +Test results: + No issues identified. + +Code scanned: + Total lines of code: 2 + Total lines skipped (#nosec): 0 + +Run metrics: + Total issues (by severity): + Undefined: 0 + Low: 0 + Medium: 0 + High: 0 + Total issues (by confidence): + Undefined: 0 + Low: 0 + Medium: 0 + High: 0 +Files skipped (0): \ No newline at end of file diff --git a/install-dependencies b/install-dependencies index 4f4c0fb..158c321 100755 --- a/install-dependencies +++ b/install-dependencies @@ -10,3 +10,6 @@ sudo apt-get --yes install python3-minimal python3-pygments python3-pyinotify \ echo echo "Install all the tools vigil may need..." ./install-tools +sudo apt-get --yes install python-pip python3-pip +pip install bandit==1.1.0 +pip3 install bandit==1.1.0 diff --git a/tools.py b/tools.py index 19c98d2..92442d6 100644 --- a/tools.py +++ b/tools.py @@ -446,6 +446,18 @@ def disassemble_pyc(path): disassemble_pyc.dependencies = set() +def bandit(path): + python_version = _python_version(path) + stdout, stderr, returncode = _do_command( + [python_version, "-m", "bandit.cli.main", "-f", "txt", path], + timeout=TIMEOUT) + status = Status.ok if returncode == 0 else Status.normal + text = stdout if python_version == "python" else _fix_input(eval(stdout)) + text_without_timestamp = "".join(text.splitlines(keepends=True)[2:]) + return status, fill3.Text(text_without_timestamp) +bandit.dependencies = {} + + def _perl_version(path): stdout, stderr, returncode = _do_command(["perl", "-c", path]) return "perl6" if "Perl v6.0.0 required" in stderr else "perl" @@ -694,7 +706,7 @@ def _tools_for_extension(): return { "py": [python_syntax, python_unittests, pydoc, mypy, python_coverage, python_profile, pep8, pyflakes, pylint, python_gut, - python_modulefinder, python_mccabe], + python_modulefinder, python_mccabe, bandit], "pyc": [disassemble_pyc], "pl": [perl_syntax, perldoc, perltidy], "pm": [perl_syntax, perldoc, perltidy], diff --git a/tools_test.py b/tools_test.py index 7627fcb..1d07d89 100755 --- a/tools_test.py +++ b/tools_test.py @@ -115,6 +115,10 @@ class ToolsTestCase(unittest.TestCase): def test_python_mccable(self): self._test_tool(tools.python_mccabe, self.HI_OK) + def test_bandit(self): + self._test_tool(tools.bandit, [("hi3.py", tools.Status.ok), + ("hi.py", tools.Status.ok)]) + def test_disassemble_pyc(self): self._test_tool(tools.disassemble_pyc, [("hi3.cpython-34.pyc", tools.Status.normal)])