Allow specifying targets in ini file
this patch makes 'targets' args optional and allows to specify them in the ini file. This makes it possible to keep most of bandit configuration right in the ini file. OpenStack projects can now populate their tox.ini with [bandit] section and do 'bandit --ini {toxinidir}/tox.ini -r' almost uniformly accross all projects. Change-Id: Ia0153e0aaa602171690ca8f66635fbea69b1cfab Closes-Bug: #1730307
This commit is contained in:
parent
a98519927b
commit
446e7f7249
|
@ -90,7 +90,7 @@ Usage::
|
|||
[-f {csv,html,json,screen,txt,xml,yaml}] [-o [OUTPUT_FILE]] [-v]
|
||||
[-d] [--ignore-nosec] [-x EXCLUDED_PATHS] [-b BASELINE]
|
||||
[--ini INI_PATH] [--version]
|
||||
targets [targets ...]
|
||||
[targets [targets ...]]
|
||||
|
||||
Bandit - a Python source code security analyzer
|
||||
|
||||
|
@ -221,6 +221,7 @@ Projects may include a `.bandit` file that specifies command line arguments
|
|||
that should be supplied for that project. The currently supported arguments
|
||||
are:
|
||||
|
||||
- targets: comma separated list of target dirs/files to run bandit on
|
||||
- exclude: comma separated list of excluded paths
|
||||
- skips: comma separated list of tests to skip
|
||||
- tests: comma separated list of tests to run
|
||||
|
|
|
@ -97,7 +97,7 @@ def _log_option_source(arg_val, ini_val, option_name):
|
|||
LOG.info("Using command line arg for %s", option_name)
|
||||
return arg_val
|
||||
elif ini_val:
|
||||
LOG.info("Using .bandit arg for %s", option_name)
|
||||
LOG.info("Using ini file for %s", option_name)
|
||||
return ini_val
|
||||
else:
|
||||
return None
|
||||
|
@ -150,7 +150,7 @@ def main():
|
|||
formatter_class=argparse.RawDescriptionHelpFormatter
|
||||
)
|
||||
parser.add_argument(
|
||||
'targets', metavar='targets', type=str, nargs='+',
|
||||
'targets', metavar='targets', type=str, nargs='*',
|
||||
help='source file(s) or directory(s) to be tested'
|
||||
)
|
||||
parser.add_argument(
|
||||
|
@ -278,8 +278,16 @@ def main():
|
|||
|
||||
args.tests = _log_option_source(args.tests, ini_options.get('tests'),
|
||||
'selected tests')
|
||||
ini_targets = ini_options.get('targets')
|
||||
if ini_targets:
|
||||
ini_targets = ini_targets.split(',')
|
||||
args.targets = _log_option_source(args.targets, ini_targets,
|
||||
'selected targets')
|
||||
# TODO(tmcpeak): any other useful options to pass from .bandit?
|
||||
|
||||
if not args.targets:
|
||||
LOG.error("No targets found in CLI or ini files, exiting.")
|
||||
sys.exit(2)
|
||||
# if the log format string was set in the options, reinitialize
|
||||
if b_conf.get_option('log_format'):
|
||||
log_format = b_conf.get_option('log_format')
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
The 'targets' CLI arguments are now optional and can be specified in the
|
||||
ini file.
|
|
@ -15,7 +15,6 @@
|
|||
import os
|
||||
import subprocess
|
||||
|
||||
import six
|
||||
import testtools
|
||||
|
||||
|
||||
|
@ -41,10 +40,7 @@ class RuntimeTests(testtools.TestCase):
|
|||
def test_no_arguments(self):
|
||||
(retcode, output) = self._test_runtime(['bandit', ])
|
||||
self.assertEqual(2, retcode)
|
||||
if six.PY2:
|
||||
self.assertIn("error: too few arguments", output)
|
||||
else:
|
||||
self.assertIn("arguments are required: targets", output)
|
||||
self.assertIn("No targets found in CLI or ini files", output)
|
||||
|
||||
def test_piped_input(self):
|
||||
with open('examples/imports.py', 'r') as infile:
|
||||
|
|
Loading…
Reference in New Issue