Normalizing & editing command-line help text
This commit contains a number of relatively minor changes to the help text displayed by Bandit when 'bandit -h' is executed. It is an attempt to normalize (capitalization, formatting, and usage of certain terms) and edit for clarity. It also updates the README to include the new help text, and the test that checks the README is up-to-date. Change-Id: Ic583f891a295ac13339db1f65bcf38d66bd2abcd
This commit is contained in:
parent
cac2f22dee
commit
0fabff579d
46
README.rst
46
README.rst
@ -83,56 +83,52 @@ Usage::
|
|||||||
[--ini INI_PATH] [--version]
|
[--ini INI_PATH] [--version]
|
||||||
targets [targets ...]
|
targets [targets ...]
|
||||||
|
|
||||||
Bandit - a Python source code analyzer.
|
Bandit - a Python source code security analyzer
|
||||||
|
|
||||||
positional arguments:
|
positional arguments:
|
||||||
targets source file(s) or directory(s) to be tested
|
targets source file(s) or directory(s) to be tested
|
||||||
|
|
||||||
optional arguments:
|
optional arguments:
|
||||||
-h, --help show this help message and exit
|
-h, --help show this help message and exit
|
||||||
-r, --recursive process files in subdirectories
|
-r, --recursive find and process files in subdirectories
|
||||||
-a {file,vuln}, --aggregate {file,vuln}
|
-a {file,vuln}, --aggregate {file,vuln}
|
||||||
group results by vulnerability type or file it occurs
|
aggregate output by vulnerability (default) or by
|
||||||
in
|
filename
|
||||||
-n CONTEXT_LINES, --number CONTEXT_LINES
|
-n CONTEXT_LINES, --number CONTEXT_LINES
|
||||||
max number of code lines to display for each issue
|
maximum number of code lines to output for each issue
|
||||||
identified
|
|
||||||
-c CONFIG_FILE, --configfile CONFIG_FILE
|
-c CONFIG_FILE, --configfile CONFIG_FILE
|
||||||
optional config file to use for selecting plugins and
|
optional config file to use for selecting plugins and
|
||||||
overriding defaults
|
overriding defaults
|
||||||
-p PROFILE, --profile PROFILE
|
-p PROFILE, --profile PROFILE
|
||||||
test set profile in config to use (defaults to all
|
profile to use (defaults to executing all tests)
|
||||||
tests)
|
|
||||||
-t TESTS, --tests TESTS
|
-t TESTS, --tests TESTS
|
||||||
comma separated list of test IDs to run
|
comma-separated list of test IDs to run
|
||||||
-s SKIPS, --skip SKIPS
|
-s SKIPS, --skip SKIPS
|
||||||
comma separated list of test IDs to skip
|
comma-separated list of test IDs to skip
|
||||||
-l, --level results severity filter. Show only issues of a given
|
-l, --level report only issues of a given severity level or higher
|
||||||
severity level or higher. -l for LOW, -ll for MEDIUM,
|
(-l for LOW, -ll for MEDIUM, -lll for HIGH)
|
||||||
-lll for HIGH
|
-i, --confidence report only issues of a given confidence level or
|
||||||
-i, --confidence confidence results filter, show only issues of this
|
higher (-i for LOW, -ii for MEDIUM, -iii for HIGH)
|
||||||
level or higher. -i for LOW, -ii for MEDIUM, -iii for
|
|
||||||
HIGH
|
|
||||||
-f {csv,html,json,screen,txt,xml}, --format {csv,html,json,screen,txt,xml}
|
-f {csv,html,json,screen,txt,xml}, --format {csv,html,json,screen,txt,xml}
|
||||||
specify output format
|
specify output format
|
||||||
-o OUTPUT_FILE, --output OUTPUT_FILE
|
-o OUTPUT_FILE, --output OUTPUT_FILE
|
||||||
write report to filename
|
write report to filename
|
||||||
-v, --verbose show extra information like excluded and included
|
-v, --verbose output extra information like excluded and included
|
||||||
files
|
files
|
||||||
-d, --debug turn on debug mode
|
-d, --debug turn on debug mode
|
||||||
--ignore-nosec do not skip lines with # nosec comments
|
--ignore-nosec do not skip lines with # nosec comments
|
||||||
-x EXCLUDED_PATHS, --exclude EXCLUDED_PATHS
|
-x EXCLUDED_PATHS, --exclude EXCLUDED_PATHS
|
||||||
Comma separated list of paths to exclude from scan.
|
comma-separated list of paths to exclude from scan
|
||||||
Note that these are in addition to the excluded paths
|
(note that these are in addition to the excluded paths
|
||||||
provided in the config file.
|
provided in the config file)
|
||||||
-b BASELINE, --baseline BASELINE
|
-b BASELINE, --baseline BASELINE
|
||||||
Path to a baseline report. Only JSON formatted files
|
path of a baseline report to compare against (only
|
||||||
are accepted.
|
JSON-formatted files are accepted)
|
||||||
--ini INI_PATH Path to a .bandit file which supplies command line
|
--ini INI_PATH path to a .bandit file that supplies command line
|
||||||
arguments to Bandit.
|
arguments
|
||||||
--version show program's version number and exit
|
--version show program's version number and exit
|
||||||
|
|
||||||
The following plugin suites were discovered and loaded:
|
The following tests were discovered and loaded:
|
||||||
B101 assert_used
|
B101 assert_used
|
||||||
B102 exec_used
|
B102 exec_used
|
||||||
B103 set_bad_file_permissions
|
B103 set_bad_file_permissions
|
||||||
|
@ -149,7 +149,7 @@ def main():
|
|||||||
|
|
||||||
# now do normal startup
|
# now do normal startup
|
||||||
parser = argparse.ArgumentParser(
|
parser = argparse.ArgumentParser(
|
||||||
description='Bandit - a Python source code analyzer.',
|
description='Bandit - a Python source code security analyzer',
|
||||||
formatter_class=argparse.RawDescriptionHelpFormatter
|
formatter_class=argparse.RawDescriptionHelpFormatter
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
@ -158,51 +158,49 @@ def main():
|
|||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-r', '--recursive', dest='recursive',
|
'-r', '--recursive', dest='recursive',
|
||||||
action='store_true', help='process files in subdirectories'
|
action='store_true', help='find and process files in subdirectories'
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-a', '--aggregate', dest='agg_type',
|
'-a', '--aggregate', dest='agg_type',
|
||||||
action='store', default='file', type=str,
|
action='store', default='file', type=str,
|
||||||
choices=['file', 'vuln'],
|
choices=['file', 'vuln'],
|
||||||
help='group results by vulnerability type or file it occurs in'
|
help='aggregate output by vulnerability (default) or by filename'
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-n', '--number', dest='context_lines',
|
'-n', '--number', dest='context_lines',
|
||||||
action='store', default=3, type=int,
|
action='store', default=3, type=int,
|
||||||
help='max number of code lines to display for each issue identified'
|
help='maximum number of code lines to output for each issue'
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-c', '--configfile', dest='config_file',
|
'-c', '--configfile', dest='config_file',
|
||||||
action='store', default=None, type=str,
|
action='store', default=None, type=str,
|
||||||
help=('optional config file to use for selecting plugins and '
|
help='optional config file to use for selecting plugins and '
|
||||||
'overriding defaults')
|
'overriding defaults'
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-p', '--profile', dest='profile',
|
'-p', '--profile', dest='profile',
|
||||||
action='store', default=None, type=str,
|
action='store', default=None, type=str,
|
||||||
help='test set profile in config to use (defaults to all tests)'
|
help='profile to use (defaults to executing all tests)'
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-t', '--tests', dest='tests',
|
'-t', '--tests', dest='tests',
|
||||||
action='store', default=None, type=str,
|
action='store', default=None, type=str,
|
||||||
help='comma separated list of test IDs to run'
|
help='comma-separated list of test IDs to run'
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-s', '--skip', dest='skips',
|
'-s', '--skip', dest='skips',
|
||||||
action='store', default=None, type=str,
|
action='store', default=None, type=str,
|
||||||
help='comma separated list of test IDs to skip'
|
help='comma-separated list of test IDs to skip'
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-l', '--level', dest='severity', action='count',
|
'-l', '--level', dest='severity', action='count',
|
||||||
default=1, help=('results severity filter. Show only issues of a given'
|
default=1, help='report only issues of a given severity level or '
|
||||||
' severity level or higher. -l for LOW,'
|
'higher (-l for LOW, -ll for MEDIUM, -lll for HIGH)'
|
||||||
' -ll for MEDIUM, -lll for HIGH')
|
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-i', '--confidence', dest='confidence', action='count',
|
'-i', '--confidence', dest='confidence', action='count',
|
||||||
default=1, help='confidence results filter, show only issues of this '
|
default=1, help='report only issues of a given confidence level or '
|
||||||
'level or higher. -i for LOW, -ii for MEDIUM, '
|
'higher (-i for LOW, -ii for MEDIUM, -iii for HIGH)'
|
||||||
'-iii for HIGH'
|
|
||||||
)
|
)
|
||||||
output_format = 'screen' if sys.stdout.isatty() else 'txt'
|
output_format = 'screen' if sys.stdout.isatty() else 'txt'
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
@ -216,7 +214,7 @@ def main():
|
|||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-v', '--verbose', dest='verbose', action='store_true',
|
'-v', '--verbose', dest='verbose', action='store_true',
|
||||||
help='show extra information like excluded and included files'
|
help='output extra information like excluded and included files'
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-d', '--debug', dest='debug', action='store_true',
|
'-d', '--debug', dest='debug', action='store_true',
|
||||||
@ -228,19 +226,18 @@ def main():
|
|||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-x', '--exclude', dest='excluded_paths', action='store',
|
'-x', '--exclude', dest='excluded_paths', action='store',
|
||||||
default='', help='Comma separated list of paths to exclude from scan. '
|
default='', help='comma-separated list of paths to exclude from scan '
|
||||||
'Note that these are in addition to the excluded '
|
'(note that these are in addition to the excluded '
|
||||||
'paths provided in the config file.'
|
'paths provided in the config file)'
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-b', '--baseline', dest='baseline', action='store',
|
'-b', '--baseline', dest='baseline', action='store',
|
||||||
default=None, help=('Path to a baseline report. Only JSON formatted '
|
default=None, help='path of a baseline report to compare against '
|
||||||
'files are accepted.')
|
'(only JSON-formatted files are accepted)'
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--ini', dest='ini_path', action='store', default=None,
|
'--ini', dest='ini_path', action='store', default=None,
|
||||||
help='Path to a .bandit file which supplies command line arguments to '
|
help='path to a .bandit file that supplies command line arguments'
|
||||||
'Bandit.'
|
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--version', action='version',
|
'--version', action='version',
|
||||||
@ -258,7 +255,7 @@ def main():
|
|||||||
blacklist_info.append('%s\t%s' % (b['id'], b['name']))
|
blacklist_info.append('%s\t%s' % (b['id'], b['name']))
|
||||||
|
|
||||||
plugin_list = '\n\t'.join(sorted(set(plugin_info + blacklist_info)))
|
plugin_list = '\n\t'.join(sorted(set(plugin_info + blacklist_info)))
|
||||||
parser.epilog = ('The following plugin suites were discovered and'
|
parser.epilog = ('The following tests were discovered and'
|
||||||
' loaded:\n\t{0}\n'.format(plugin_list))
|
' loaded:\n\t{0}\n'.format(plugin_list))
|
||||||
|
|
||||||
# setup work - parse arguments, and initialize BanditManager
|
# setup work - parse arguments, and initialize BanditManager
|
||||||
|
@ -57,11 +57,13 @@ class RuntimeTests(testtools.TestCase):
|
|||||||
def test_help_arg(self):
|
def test_help_arg(self):
|
||||||
(retcode, output) = self._test_runtime(['bandit', '-h'])
|
(retcode, output) = self._test_runtime(['bandit', '-h'])
|
||||||
self.assertEqual(0, retcode)
|
self.assertEqual(0, retcode)
|
||||||
self.assertIn("Bandit - a Python source code analyzer.", output)
|
self.assertIn(
|
||||||
|
"Bandit - a Python source code security analyzer", output
|
||||||
|
)
|
||||||
self.assertIn("usage: bandit [-h]", output)
|
self.assertIn("usage: bandit [-h]", output)
|
||||||
self.assertIn("positional arguments:", output)
|
self.assertIn("positional arguments:", output)
|
||||||
self.assertIn("optional arguments:", output)
|
self.assertIn("optional arguments:", output)
|
||||||
self.assertIn("plugin suites were discovered and loaded:", output)
|
self.assertIn("tests were discovered and loaded:", output)
|
||||||
|
|
||||||
def test_help_in_readme(self):
|
def test_help_in_readme(self):
|
||||||
replace_list = [' ', '\t']
|
replace_list = [' ', '\t']
|
||||||
|
Loading…
Reference in New Issue
Block a user