This commit removes the requirement for having a config file.
Sometimes projects may want to use one to list out tests, define
a profile, or override a setting, but they are no longer required.
Change-Id: I6e467f58b2b27cae647901ac2c3f75a764e74c0c
This commit adds a tool which will run Bandit against the parent
commit of a current branch, and then run Bandit in baseline mode
using the parent's results as the baseline. Any options that are
supplied to the script will be passed as options to Bandit (for
example severity filters, targets, etc).
By including this tool we can allow projects to run Bandit
baseline as part of their existing tox jobs.
Change-Id: Iaa1314aa348c7c5ca03c5c8b7dcfee456f279e56
Previously, the default bandit.yaml config file had an entry
for a relative word-list which is only really useful if
running bandit from git, as the path is both relative but
also the default word-list is not installed by the bandit
python package.
If the word-list from the config cannot be found, the
current behavior is to silently continue with an empty set,
meaning that this test does not function at all - giving a
false sense of assurance.
This change installs the default word_list to:
- /usr/local/share/bandit/wordlist/default-passwords
The config file now supports "(site_data_dir)" for
substitution, which is replaced by distro standard site_data
locations (including /usr/local and /usr).
The first substitution attempted is still relative to the
pwd, to allow the current working tree (and unit tests) to
function).
Crucially, this change now raises an exception if the
declared word-list cannot be found.
Closes-Bug: #1451575
Signed-off-by: Dave Walker (Daviey) <email@daviey.com>
Change-Id: Ia090ee6b16866d374191c03de55529fbd6a10c99
This allows Bandit to be extended by third-party packages with both
plugins and formatters. It also updates Bandit's existing in-tree
formatters to be loaded by the plugin manager. When running
$ bandit -h
The loaded plugins will be displayed to the user if any are installed.
Change-Id: I102277dcd9481f2573028a436e910eda10011d91
In the effort to port bandit to python 3, we need to start depending on
some tools to make the porting easier. This adds a dependency on six and
takes care of the two cases where we call iteritems.
Change-Id: I2e687713de7f910104ab1f7c62e7c677052993c4
This large change makes bandit into an installable packahge, needed
for tox testing. I have added the tox testing scaffolding but no
real tests, they will come in a later change. I have also disabled
all failing PEP8 test (lots) since I have changed enough stuff for
one patch. I'll start re-enabling and fixing PEP8 stuff soon.
Change-Id: I774ed9149f285e4e2bceacda0484a7e2a934a3aa