bandit.formatters package¶
Submodules¶
bandit.formatters.csv module¶
CSV Formatter¶
This formatter outputs the issues in a comma separated values format.
Example: |
---|
filename,test_name,test_id,issue_severity,issue_confidence,issue_text,
line_number,line_range
examples/yaml_load.py,blacklist_calls,B301,MEDIUM,HIGH,"Use of unsafe yaml
load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
",5,[5]
New in version 0.11.0.
-
bandit.formatters.csv.
report
(manager, fileobj, sev_level, conf_level, lines=-1)¶ Prints issues in CSV format
Parameters: - manager – the bandit manager object
- fileobj – The output file object, which may be sys.stdout
- sev_level – Filtering severity level
- conf_level – Filtering confidence level
- lines – Number of lines to report, -1 for all
bandit.formatters.html module¶
HTML formatter¶
This formatter outputs the issues as HTML.
Example: |
---|
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>
Bandit Report
</title>
<style>
html * {
font-family: "Arial", sans-serif;
}
pre {
font-family: "Monaco", monospace;
}
.bordered-box {
border: 1px solid black;
padding-top:.5em;
padding-bottom:.5em;
padding-left:1em;
}
.metrics-box {
font-size: 1.1em;
line-height: 130%;
}
.metrics-title {
font-size: 1.5em;
font-weight: 500;
margin-bottom: .25em;
}
.issue-description {
font-size: 1.3em;
font-weight: 500;
}
.candidate-issues {
margin-left: 2em;
border-left: solid 1px; LightGray;
padding-left: 5%;
margin-top: .2em;
margin-bottom: .2em;
}
.issue-block {
border: 1px solid LightGray;
padding-left: .5em;
padding-top: .5em;
padding-bottom: .5em;
margin-bottom: .5em;
}
.issue-sev-high {
background-color: Pink;
}
.issue-sev-medium {
background-color: NavajoWhite;
}
.issue-sev-low {
background-color: LightCyan;
}
</style>
</head>
<body>
<div id="metrics">
<div class="metrics-box bordered-box">
<div class="metrics-title">
Metrics:<br>
</div>
Total lines of code: <span id="loc">9</span><br>
Total lines skipped (#nosec): <span id="nosec">0</span>
</div>
</div>
<br>
<div id="results">
<div id="issue-0">
<div class="issue-block issue-sev-medium">
<b>yaml_load: </b> Use of unsafe yaml load. Allows
instantiation of arbitrary objects. Consider yaml.safe_load().<br>
<b>Test ID:</b> B506<br>
<b>Severity: </b>MEDIUM<br>
<b>Confidence: </b>HIGH<br>
<b>File: </b><a href="examples/yaml_load.py"
target="_blank">examples/yaml_load.py</a> <br>
<b>More info: </b><a href="https://docs.openstack.org/developer/bandit/
plugins/yaml_load.html" target="_blank">
https://docs.openstack.org/developer/bandit/plugins/yaml_load.html</a>
<br>
<div class="code">
<pre>
5 ystr = yaml.dump({'a' : 1, 'b' : 2, 'c' : 3})
6 y = yaml.load(ystr)
7 yaml.dump(y)
</pre>
</div>
</div>
</div>
</div>
</body>
</html>
New in version 0.14.0.
-
bandit.formatters.html.
report
(manager, fileobj, sev_level, conf_level, lines=-1)¶ Writes issues to ‘fileobj’ in HTML format
Parameters: - manager – the bandit manager object
- fileobj – The output file object, which may be sys.stdout
- sev_level – Filtering severity level
- conf_level – Filtering confidence level
- lines – Number of lines to report, -1 for all
bandit.formatters.json module¶
JSON formatter¶
This formatter outputs the issues in JSON.
Example: |
---|
{
"errors": [],
"generated_at": "2015-12-16T22:27:34Z",
"metrics": {
"_totals": {
"CONFIDENCE.HIGH": 1,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 1,
"SEVERITY.UNDEFINED": 0,
"loc": 5,
"nosec": 0
},
"examples/yaml_load.py": {
"CONFIDENCE.HIGH": 1,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 1,
"SEVERITY.UNDEFINED": 0,
"loc": 5,
"nosec": 0
}
},
"results": [
{
"code": "4 ystr = yaml.dump({'a' : 1, 'b' : 2, 'c' : 3})\n5
y = yaml.load(ystr)\n6 yaml.dump(y)\n",
"filename": "examples/yaml_load.py",
"issue_confidence": "HIGH",
"issue_severity": "MEDIUM",
"issue_text": "Use of unsafe yaml load. Allows instantiation of
arbitrary objects. Consider yaml.safe_load().\n",
"line_number": 5,
"line_range": [
5
],
"test_name": "blacklist_calls",
"test_id": "B301"
}
]
}
New in version 0.10.0.
-
bandit.formatters.json.
report
(manager, fileobj, sev_level, conf_level, lines=-1)¶ ”Prints issues in JSON format
Parameters: - manager – the bandit manager object
- fileobj – The output file object, which may be sys.stdout
- sev_level – Filtering severity level
- conf_level – Filtering confidence level
- lines – Number of lines to report, -1 for all
bandit.formatters.screen module¶
Screen formatter¶
This formatter outputs the issues as color coded text.
Example: |
---|
>> Issue: [B301:blacklist_calls] Use of unsafe yaml load. Allows
instantiation of arbitrary objects. Consider yaml.safe_load().
Severity: Medium Confidence: High
Location: examples/yaml_load.py:5
4 ystr = yaml.dump({'a' : 1, 'b' : 2, 'c' : 3})
5 y = yaml.load(ystr)
6 yaml.dump(y)
New in version 0.9.0.
-
bandit.formatters.screen.
do_print
(bits)¶
-
bandit.formatters.screen.
get_metrics
(manager)¶
-
bandit.formatters.screen.
get_results
(manager, sev_level, conf_level, lines)¶
-
bandit.formatters.screen.
get_verbose_details
(manager)¶
-
bandit.formatters.screen.
header
(text, *args)¶
-
bandit.formatters.screen.
report
(manager, fileobj, sev_level, conf_level, lines=-1)¶ Prints discovered issues formatted for screen reading
This makes use of VT100 terminal codes for colored text.
Parameters: - manager – the bandit manager object
- fileobj – The output file object, which may be sys.stdout
- sev_level – Filtering severity level
- conf_level – Filtering confidence level
- lines – Number of lines to report, -1 for all
bandit.formatters.text module¶
Text Formatter¶
This formatter outputs the issues as plain text.
Example: |
---|
>> Issue: [B301:blacklist_calls] Use of unsafe yaml load. Allows
instantiation of arbitrary objects. Consider yaml.safe_load().
Severity: Medium Confidence: High
Location: examples/yaml_load.py:5
4 ystr = yaml.dump({'a' : 1, 'b' : 2, 'c' : 3})
5 y = yaml.load(ystr)
6 yaml.dump(y)
New in version 0.9.0.
-
bandit.formatters.text.
get_metrics
(manager)¶
-
bandit.formatters.text.
get_results
(manager, sev_level, conf_level, lines)¶
-
bandit.formatters.text.
get_verbose_details
(manager)¶
-
bandit.formatters.text.
report
(manager, fileobj, sev_level, conf_level, lines=-1)¶ Prints discovered issues in the text format
Parameters: - manager – the bandit manager object
- fileobj – The output file object, which may be sys.stdout
- sev_level – Filtering severity level
- conf_level – Filtering confidence level
- lines – Number of lines to report, -1 for all
bandit.formatters.utils module¶
Utility functions for formatting plugins for Bandit.
-
bandit.formatters.utils.
convert_file_contents
(text)¶ Convert text to built-in strings on Python 2.
-
bandit.formatters.utils.
wrap_file_object
(fileobj)¶ Handle differences in Python 2 and 3 around writing bytes.
bandit.formatters.xml module¶
XML Formatter¶
This formatter outputs the issues as XML.
Example: |
---|
<?xml version='1.0' encoding='utf-8'?>
<testsuite name="bandit" tests="1"><testcase
classname="examples/yaml_load.py" name="blacklist_calls"><error
message="Use of unsafe yaml load. Allows instantiation of arbitrary
objects. Consider yaml.safe_load(). " type="MEDIUM">Test ID: B301
Severity: MEDIUM Confidence: HIGH Use of unsafe yaml load. Allows
instantiation of arbitrary objects. Consider yaml.safe_load().
Location examples/yaml_load.py:5</error></testcase></testsuite>
New in version 0.12.0.
-
bandit.formatters.xml.
report
(manager, fileobj, sev_level, conf_level, lines=-1)¶ Prints issues in XML format
Parameters: - manager – the bandit manager object
- fileobj – The output file object, which may be sys.stdout
- sev_level – Filtering severity level
- conf_level – Filtering confidence level
- lines – Number of lines to report, -1 for all
bandit.formatters.yaml module¶
YAML Formatter¶
This formatter outputs the issues in a yaml format.
Example: |
---|
errors: []
generated_at: '2017-03-09T22:29:30Z'
metrics:
_totals:
CONFIDENCE.HIGH: 1
CONFIDENCE.LOW: 0
CONFIDENCE.MEDIUM: 0
CONFIDENCE.UNDEFINED: 0
SEVERITY.HIGH: 0
SEVERITY.LOW: 0
SEVERITY.MEDIUM: 1
SEVERITY.UNDEFINED: 0
loc: 9
nosec: 0
examples/yaml_load.py:
CONFIDENCE.HIGH: 1
CONFIDENCE.LOW: 0
CONFIDENCE.MEDIUM: 0
CONFIDENCE.UNDEFINED: 0
SEVERITY.HIGH: 0
SEVERITY.LOW: 0
SEVERITY.MEDIUM: 1
SEVERITY.UNDEFINED: 0
loc: 9
nosec: 0
results:
- code: '5 ystr = yaml.dump({''a'' : 1, ''b'' : 2, ''c'' : 3})\n
6 y = yaml.load(ystr)\n7 yaml.dump(y)\n'
filename: examples/yaml_load.py
issue_confidence: HIGH
issue_severity: MEDIUM
issue_text: Use of unsafe yaml load. Allows instantiation of arbitrary
objects.
Consider yaml.safe_load().
line_number: 6
line_range:
- 6
test_id: B506
test_name: yaml_load
New in version 1.4.1.
-
bandit.formatters.yaml.
report
(manager, fileobj, sev_level, conf_level, lines=-1)¶ Prints issues in YAML format
Parameters: - manager – the bandit manager object
- fileobj – The output file object, which may be sys.stdout
- sev_level – Filtering severity level
- conf_level – Filtering confidence level
- lines – Number of lines to report, -1 for all