From 185a2a8a4297aa7250a3c137b9e561ebb485c3b5 Mon Sep 17 00:00:00 2001
From: Tin Lam <tin@irrational.io>
Date: Wed, 27 Dec 2017 23:14:17 -0600
Subject: [PATCH] Add more_info URL to the JSON output

Currently, outputting bandit findings as JSON does not put the ``more_info``
URL in the output as it would if the output format is HTML.  This patch
set updates the JSON formatter to include the ``more_info`` URL to be inline
with the HTML display.

Change-Id: I58a8490b427fe146d517a8aff124f4443562f48b
Closes-Bug: #1695890
Signed-off-by: Tin Lam <tin@irrational.io>
---
 bandit/formatters/json.py                                | 5 +++++
 releasenotes/notes/add-url-in-json-64f90161ab613a54.yaml | 5 +++++
 tests/unit/formatters/test_json.py                       | 2 ++
 3 files changed, 12 insertions(+)
 create mode 100644 releasenotes/notes/add-url-in-json-64f90161ab613a54.yaml

diff --git a/bandit/formatters/json.py b/bandit/formatters/json.py
index aa85ee07..03bb08ac 100644
--- a/bandit/formatters/json.py
+++ b/bandit/formatters/json.py
@@ -65,6 +65,7 @@ This formatter outputs the issues in JSON.
           "line_range": [
             5
           ],
+          "more_info": "https://docs.openstack.org/developer/bandit/",
           "test_name": "blacklist_calls",
           "test_id": "B301"
         }
@@ -84,6 +85,7 @@ import logging
 import operator
 import sys
 
+from bandit.core import docs_utils
 from bandit.core import test_properties
 
 LOG = logging.getLogger(__name__)
@@ -114,12 +116,15 @@ def report(manager, fileobj, sev_level, conf_level, lines=-1):
         collector = []
         for r in results:
             d = r.as_dict()
+            d['more_info'] = docs_utils.get_url(d['test_id'])
             if len(results[r]) > 1:
                 d['candidates'] = [c.as_dict() for c in results[r]]
             collector.append(d)
 
     else:
         collector = [r.as_dict() for r in results]
+        for elem in collector:
+            elem['more_info'] = docs_utils.get_url(elem['test_id'])
 
     itemgetter = operator.itemgetter
     if manager.agg_type == 'vuln':
diff --git a/releasenotes/notes/add-url-in-json-64f90161ab613a54.yaml b/releasenotes/notes/add-url-in-json-64f90161ab613a54.yaml
new file mode 100644
index 00000000..7e8261c5
--- /dev/null
+++ b/releasenotes/notes/add-url-in-json-64f90161ab613a54.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    [bug/1695890] The ``more_info`` URL link displayed in the HTML output is
+    now also available in the JSON output.
diff --git a/tests/unit/formatters/test_json.py b/tests/unit/formatters/test_json.py
index 001ef981..957c0473 100644
--- a/tests/unit/formatters/test_json.py
+++ b/tests/unit/formatters/test_json.py
@@ -94,3 +94,5 @@ class JsonFormatterTests(testtools.TestCase):
                              data['results'][0]['line_range'])
             self.assertEqual(self.check_name, data['results'][0]['test_name'])
             self.assertIn('candidates', data['results'][0])
+            self.assertIn('more_info', data['results'][0])
+            self.assertIsNotNone(data['results'][0]['more_info'])