From 446e7f72498460861d094e640d74def93275c91b Mon Sep 17 00:00:00 2001 From: Pavlo Shchelokovskyy Date: Mon, 6 Nov 2017 10:51:26 +0200 Subject: [PATCH] Allow specifying targets in ini file this patch makes 'targets' args optional and allows to specify them in the ini file. This makes it possible to keep most of bandit configuration right in the ini file. OpenStack projects can now populate their tox.ini with [bandit] section and do 'bandit --ini {toxinidir}/tox.ini -r' almost uniformly accross all projects. Change-Id: Ia0153e0aaa602171690ca8f66635fbea69b1cfab Closes-Bug: #1730307 --- README.rst | 3 ++- bandit/cli/main.py | 12 ++++++++++-- .../notes/target-in-ini-81802418b1cc970f.yaml | 5 +++++ tests/functional/test_runtime.py | 6 +----- 4 files changed, 18 insertions(+), 8 deletions(-) create mode 100644 releasenotes/notes/target-in-ini-81802418b1cc970f.yaml diff --git a/README.rst b/README.rst index f53de9fa..092df495 100644 --- a/README.rst +++ b/README.rst @@ -90,7 +90,7 @@ Usage:: [-f {csv,html,json,screen,txt,xml,yaml}] [-o [OUTPUT_FILE]] [-v] [-d] [--ignore-nosec] [-x EXCLUDED_PATHS] [-b BASELINE] [--ini INI_PATH] [--version] - targets [targets ...] + [targets [targets ...]] Bandit - a Python source code security analyzer @@ -221,6 +221,7 @@ Projects may include a `.bandit` file that specifies command line arguments that should be supplied for that project. The currently supported arguments are: + - targets: comma separated list of target dirs/files to run bandit on - exclude: comma separated list of excluded paths - skips: comma separated list of tests to skip - tests: comma separated list of tests to run diff --git a/bandit/cli/main.py b/bandit/cli/main.py index 423e95c7..06091615 100644 --- a/bandit/cli/main.py +++ b/bandit/cli/main.py @@ -97,7 +97,7 @@ def _log_option_source(arg_val, ini_val, option_name): LOG.info("Using command line arg for %s", option_name) return arg_val elif ini_val: - LOG.info("Using .bandit arg for %s", option_name) + LOG.info("Using ini file for %s", option_name) return ini_val else: return None @@ -150,7 +150,7 @@ def main(): formatter_class=argparse.RawDescriptionHelpFormatter ) parser.add_argument( - 'targets', metavar='targets', type=str, nargs='+', + 'targets', metavar='targets', type=str, nargs='*', help='source file(s) or directory(s) to be tested' ) parser.add_argument( @@ -278,8 +278,16 @@ def main(): args.tests = _log_option_source(args.tests, ini_options.get('tests'), 'selected tests') + ini_targets = ini_options.get('targets') + if ini_targets: + ini_targets = ini_targets.split(',') + args.targets = _log_option_source(args.targets, ini_targets, + 'selected targets') # TODO(tmcpeak): any other useful options to pass from .bandit? + if not args.targets: + LOG.error("No targets found in CLI or ini files, exiting.") + sys.exit(2) # if the log format string was set in the options, reinitialize if b_conf.get_option('log_format'): log_format = b_conf.get_option('log_format') diff --git a/releasenotes/notes/target-in-ini-81802418b1cc970f.yaml b/releasenotes/notes/target-in-ini-81802418b1cc970f.yaml new file mode 100644 index 00000000..0fe31257 --- /dev/null +++ b/releasenotes/notes/target-in-ini-81802418b1cc970f.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + The 'targets' CLI arguments are now optional and can be specified in the + ini file. diff --git a/tests/functional/test_runtime.py b/tests/functional/test_runtime.py index 2fe8ff29..be97765a 100644 --- a/tests/functional/test_runtime.py +++ b/tests/functional/test_runtime.py @@ -15,7 +15,6 @@ import os import subprocess -import six import testtools @@ -41,10 +40,7 @@ class RuntimeTests(testtools.TestCase): def test_no_arguments(self): (retcode, output) = self._test_runtime(['bandit', ]) self.assertEqual(2, retcode) - if six.PY2: - self.assertIn("error: too few arguments", output) - else: - self.assertIn("arguments are required: targets", output) + self.assertIn("No targets found in CLI or ini files", output) def test_piped_input(self): with open('examples/imports.py', 'r') as infile: