Allow specifying targets in ini file

this patch makes 'targets' args optional and allows to specify them in the ini file. This makes it possible to keep most of bandit configuration right in the ini file. OpenStack projects can now populate their tox.ini with [bandit] section and do 'bandit --ini {toxinidir}/tox.ini -r' almost uniformly accross all projects. Change-Id: Ia0153e0aaa602171690ca8f66635fbea69b1cfab Closes-Bug: #1730307
2017-11-06 10:51:26 +02:00 · 2017-11-06 10:51:26 +02:00 · 446e7f7249
parent a98519927b
commit 446e7f7249
4 changed files with 18 additions and 8 deletions
--- a/README.rst
+++ b/README.rst
@ -90,7 +90,7 @@ Usage::
                  [-f {csv,html,json,screen,txt,xml,yaml}] [-o [OUTPUT_FILE]] [-v]
                  [-d] [--ignore-nosec] [-x EXCLUDED_PATHS] [-b BASELINE]
                  [--ini INI_PATH] [--version]
-                  targets [targets ...]
+                  [targets [targets ...]]

    Bandit - a Python source code security analyzer

@ -221,6 +221,7 @@ Projects may include a `.bandit` file that specifies command line arguments
 that should be supplied for that project. The currently supported arguments
 are:

+ - targets: comma separated list of target dirs/files to run bandit on
 - exclude: comma separated list of excluded paths
 - skips: comma separated list of tests to skip
 - tests: comma separated list of tests to run
--- a/bandit/cli/main.py
+++ b/bandit/cli/main.py
@ -97,7 +97,7 @@ def _log_option_source(arg_val, ini_val, option_name):
        LOG.info("Using command line arg for %s", option_name)
        return arg_val
    elif ini_val:
-        LOG.info("Using .bandit arg for %s", option_name)
+        LOG.info("Using ini file for %s", option_name)
        return ini_val
    else:
        return None
@ -150,7 +150,7 @@ def main():
        formatter_class=argparse.RawDescriptionHelpFormatter
    )
    parser.add_argument(
-        'targets', metavar='targets', type=str, nargs='+',
+        'targets', metavar='targets', type=str, nargs='*',
        help='source file(s) or directory(s) to be tested'
    )
    parser.add_argument(
@ -278,8 +278,16 @@ def main():

        args.tests = _log_option_source(args.tests, ini_options.get('tests'),
                                        'selected tests')
+        ini_targets = ini_options.get('targets')
+        if ini_targets:
+            ini_targets = ini_targets.split(',')
+        args.targets = _log_option_source(args.targets, ini_targets,
+                                          'selected targets')
        # TODO(tmcpeak): any other useful options to pass from .bandit?

+    if not args.targets:
+        LOG.error("No targets found in CLI or ini files, exiting.")
+        sys.exit(2)
    # if the log format string was set in the options, reinitialize
    if b_conf.get_option('log_format'):
        log_format = b_conf.get_option('log_format')
--- a/releasenotes/notes/target-in-ini-81802418b1cc970f.yaml
+++ b/releasenotes/notes/target-in-ini-81802418b1cc970f.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The 'targets' CLI arguments are now optional and can be specified in the
+    ini file.
--- a/tests/functional/test_runtime.py
+++ b/tests/functional/test_runtime.py
@ -15,7 +15,6 @@
 import os
 import subprocess

-import six
 import testtools


@ -41,10 +40,7 @@ class RuntimeTests(testtools.TestCase):
    def test_no_arguments(self):
        (retcode, output) = self._test_runtime(['bandit', ])
        self.assertEqual(2, retcode)
-        if six.PY2:
-            self.assertIn("error: too few arguments", output)
-        else:
-            self.assertIn("arguments are required: targets", output)
+        self.assertIn("No targets found in CLI or ini files", output)

    def test_piped_input(self):
        with open('examples/imports.py', 'r') as infile: