bandit.formatters package¶

Submodules¶

bandit.formatters.csv module¶

CSV Formatter¶

This formatter outputs the issues in a comma separated values format.

Example:

filename,test_name,test_id,issue_severity,issue_confidence,issue_text,
line_number,line_range
examples/yaml_load.py,blacklist_calls,B301,MEDIUM,HIGH,"Use of unsafe yaml
load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
",5,[5]

New in version 0.11.0.

bandit.formatters.csv.report(manager, fileobj, sev_level, conf_level, lines=-1)¶

Prints issues in CSV format

Parameters:	manager – the bandit manager object fileobj – The output file object, which may be sys.stdout sev_level – Filtering severity level conf_level – Filtering confidence level lines – Number of lines to report, -1 for all

bandit.formatters.custom module¶

Custom Formatter¶

This formatter outputs the issues in custom machine-readable format.

default template: {abspath}:{line}: {test_id}[bandit]: {severity}: {msg}

Example:

/usr/lib/python3.6/site-packages/openlp/core/utils/__init__.py: 405: B310[bandit]: MEDIUM: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.

class bandit.formatters.custom.SafeMapper¶

Bases: dict

Safe mapper to handle format key errors

bandit.formatters.custom.report(manager, fileobj, sev_level, conf_level, lines=-1, template=None)¶

Prints issues in custom format

Parameters:	manager – the bandit manager object fileobj – The output file object, which may be sys.stdout sev_level – Filtering severity level conf_level – Filtering confidence level lines – Number of lines to report, -1 for all template – Output template with non-terminal tags <N> (default: ‘{abspath}:{line}: {test_id}[bandit]: {severity}: {msg}’)

bandit.formatters.html module¶

HTML formatter¶

This formatter outputs the issues as HTML.

Example:

<!DOCTYPE html>
<html>
<head>

<meta charset="UTF-8">

<title>
    Bandit Report
</title>

<style>

html * {
    font-family: "Arial", sans-serif;
}

pre {
    font-family: "Monaco", monospace;
}

.bordered-box {
    border: 1px solid black;
    padding-top:.5em;
    padding-bottom:.5em;
    padding-left:1em;
}

.metrics-box {
    font-size: 1.1em;
    line-height: 130%;
}

.metrics-title {
    font-size: 1.5em;
    font-weight: 500;
    margin-bottom: .25em;
}

.issue-description {
    font-size: 1.3em;
    font-weight: 500;
}

.candidate-issues {
    margin-left: 2em;
    border-left: solid 1px; LightGray;
    padding-left: 5%;
    margin-top: .2em;
    margin-bottom: .2em;
}

.issue-block {
    border: 1px solid LightGray;
    padding-left: .5em;
    padding-top: .5em;
    padding-bottom: .5em;
    margin-bottom: .5em;
}

.issue-sev-high {
    background-color: Pink;
}

.issue-sev-medium {
    background-color: NavajoWhite;
}

.issue-sev-low {
    background-color: LightCyan;
}

</style>
</head>

<body>

<div id="metrics">
    <div class="metrics-box bordered-box">
        <div class="metrics-title">
            Metrics:<br>
        </div>
        Total lines of code: <span id="loc">9</span><br>
        Total lines skipped (#nosec): <span id="nosec">0</span>
    </div>
</div>




<br>
<div id="results">

<div id="issue-0">
<div class="issue-block issue-sev-medium">
    <b>yaml_load: </b> Use of unsafe yaml load. Allows
    instantiation of arbitrary objects. Consider yaml.safe_load().<br>
    <b>Test ID:</b> B506<br>
    <b>Severity: </b>MEDIUM<br>
    <b>Confidence: </b>HIGH<br>
    <b>File: </b><a href="examples/yaml_load.py"
    target="_blank">examples/yaml_load.py</a> <br>
    <b>More info: </b><a href="https://docs.openstack.org/bandit/latest/
    plugins/yaml_load.html" target="_blank">
    https://docs.openstack.org/bandit/latest/plugins/yaml_load.html</a>
    <br>

<div class="code">
<pre>
5       ystr = yaml.dump({'a' : 1, 'b' : 2, 'c' : 3})
6       y = yaml.load(ystr)
7       yaml.dump(y)
</pre>
</div>


</div>
</div>

</div>

</body>
</html>

New in version 0.14.0.

bandit.formatters.html.report(manager, fileobj, sev_level, conf_level, lines=-1)¶

Writes issues to ‘fileobj’ in HTML format

Parameters:	manager – the bandit manager object fileobj – The output file object, which may be sys.stdout sev_level – Filtering severity level conf_level – Filtering confidence level lines – Number of lines to report, -1 for all

bandit.formatters.json module¶

JSON formatter¶

This formatter outputs the issues in JSON.

Example:

{
  "errors": [],
  "generated_at": "2015-12-16T22:27:34Z",
  "metrics": {
    "_totals": {
      "CONFIDENCE.HIGH": 1,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 1,
      "SEVERITY.UNDEFINED": 0,
      "loc": 5,
      "nosec": 0
    },
    "examples/yaml_load.py": {
      "CONFIDENCE.HIGH": 1,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 1,
      "SEVERITY.UNDEFINED": 0,
      "loc": 5,
      "nosec": 0
    }
  },
  "results": [
    {
      "code": "4     ystr = yaml.dump({'a' : 1, 'b' : 2, 'c' : 3})\n5
                     y = yaml.load(ystr)\n6     yaml.dump(y)\n",
      "filename": "examples/yaml_load.py",
      "issue_confidence": "HIGH",
      "issue_severity": "MEDIUM",
      "issue_text": "Use of unsafe yaml load. Allows instantiation of
                     arbitrary objects. Consider yaml.safe_load().\n",
      "line_number": 5,
      "line_range": [
        5
      ],
      "more_info": "https://docs.openstack.org/bandit/latest/",
      "test_name": "blacklist_calls",
      "test_id": "B301"
    }
  ]
}

New in version 0.10.0.

bandit.formatters.json.report(manager, fileobj, sev_level, conf_level, lines=-1)¶

‘’Prints issues in JSON format

Parameters:	manager – the bandit manager object fileobj – The output file object, which may be sys.stdout sev_level – Filtering severity level conf_level – Filtering confidence level lines – Number of lines to report, -1 for all

bandit.formatters.screen module¶

Screen formatter¶

This formatter outputs the issues as color coded text.

Example:

>> Issue: [B301:blacklist_calls] Use of unsafe yaml load. Allows
   instantiation of arbitrary objects. Consider yaml.safe_load().

   Severity: Medium   Confidence: High
   Location: examples/yaml_load.py:5
4       ystr = yaml.dump({'a' : 1, 'b' : 2, 'c' : 3})
5       y = yaml.load(ystr)
6       yaml.dump(y)

New in version 0.9.0.

bandit.formatters.screen.do_print(bits)¶

bandit.formatters.screen.get_metrics(manager)¶

bandit.formatters.screen.get_results(manager, sev_level, conf_level, lines)¶

bandit.formatters.screen.get_verbose_details(manager)¶

bandit.formatters.screen.header(text, *args)¶

bandit.formatters.screen.report(manager, fileobj, sev_level, conf_level, lines=-1)¶

Prints discovered issues formatted for screen reading

This makes use of VT100 terminal codes for colored text.

Parameters:	manager – the bandit manager object fileobj – The output file object, which may be sys.stdout sev_level – Filtering severity level conf_level – Filtering confidence level lines – Number of lines to report, -1 for all

bandit.formatters.text module¶

Text Formatter¶

This formatter outputs the issues as plain text.

Example:

>> Issue: [B301:blacklist_calls] Use of unsafe yaml load. Allows
   instantiation of arbitrary objects. Consider yaml.safe_load().

   Severity: Medium   Confidence: High
   Location: examples/yaml_load.py:5
4       ystr = yaml.dump({'a' : 1, 'b' : 2, 'c' : 3})
5       y = yaml.load(ystr)
6       yaml.dump(y)

New in version 0.9.0.

bandit.formatters.text.get_metrics(manager)¶

bandit.formatters.text.get_results(manager, sev_level, conf_level, lines)¶

bandit.formatters.text.get_verbose_details(manager)¶

bandit.formatters.text.report(manager, fileobj, sev_level, conf_level, lines=-1)¶

Prints discovered issues in the text format

Parameters:	manager – the bandit manager object fileobj – The output file object, which may be sys.stdout sev_level – Filtering severity level conf_level – Filtering confidence level lines – Number of lines to report, -1 for all

bandit.formatters.utils module¶

Utility functions for formatting plugins for Bandit.

bandit.formatters.utils.convert_file_contents(text)¶: Convert text to built-in strings on Python 2.

bandit.formatters.utils.wrap_file_object(fileobj)¶: Handle differences in Python 2 and 3 around writing bytes.

bandit.formatters.xml module¶

XML Formatter¶

This formatter outputs the issues as XML.

Example:

<?xml version='1.0' encoding='utf-8'?>
<testsuite name="bandit" tests="1"><testcase
classname="examples/yaml_load.py" name="blacklist_calls"><error
message="Use of unsafe yaml load. Allows instantiation of arbitrary
objects. Consider yaml.safe_load().&#10;" type="MEDIUM">Test ID: B301
Severity: MEDIUM Confidence: HIGH Use of unsafe yaml load. Allows
instantiation of arbitrary objects. Consider yaml.safe_load().

Location examples/yaml_load.py:5</error></testcase></testsuite>

New in version 0.12.0.

bandit.formatters.xml.report(manager, fileobj, sev_level, conf_level, lines=-1)¶

Prints issues in XML format

Parameters:	manager – the bandit manager object fileobj – The output file object, which may be sys.stdout sev_level – Filtering severity level conf_level – Filtering confidence level lines – Number of lines to report, -1 for all

bandit.formatters.yaml module¶

YAML Formatter¶

This formatter outputs the issues in a yaml format.

Example:

errors: []
generated_at: '2017-03-09T22:29:30Z'
metrics:
  _totals:
    CONFIDENCE.HIGH: 1
    CONFIDENCE.LOW: 0
    CONFIDENCE.MEDIUM: 0
    CONFIDENCE.UNDEFINED: 0
    SEVERITY.HIGH: 0
    SEVERITY.LOW: 0
    SEVERITY.MEDIUM: 1
    SEVERITY.UNDEFINED: 0
    loc: 9
    nosec: 0
  examples/yaml_load.py:
    CONFIDENCE.HIGH: 1
    CONFIDENCE.LOW: 0
    CONFIDENCE.MEDIUM: 0
    CONFIDENCE.UNDEFINED: 0
    SEVERITY.HIGH: 0
    SEVERITY.LOW: 0
    SEVERITY.MEDIUM: 1
    SEVERITY.UNDEFINED: 0
    loc: 9
    nosec: 0
results:
- code: '5     ystr = yaml.dump({''a'' : 1, ''b'' : 2, ''c'' : 3})\n
         6     y = yaml.load(ystr)\n7     yaml.dump(y)\n'
  filename: examples/yaml_load.py
  issue_confidence: HIGH
  issue_severity: MEDIUM
  issue_text: Use of unsafe yaml load. Allows instantiation of arbitrary
              objects.
    Consider yaml.safe_load().
  line_number: 6
  line_range:
  - 6
  more_info: https://docs.openstack.org/bandit/latest/
  test_id: B506
  test_name: yaml_load

New in version 1.4.1.

bandit.formatters.yaml.report(manager, fileobj, sev_level, conf_level, lines=-1)¶

Prints issues in YAML format

Parameters:	manager – the bandit manager object fileobj – The output file object, which may be sys.stdout sev_level – Filtering severity level conf_level – Filtering confidence level lines – Number of lines to report, -1 for all

OpenStack

bandit.formatters package¶

Submodules¶

bandit.formatters.csv module¶

CSV Formatter¶

bandit.formatters.custom module¶

Custom Formatter¶

bandit.formatters.html module¶

HTML formatter¶

bandit.formatters.json module¶

JSON formatter¶

bandit.formatters.screen module¶

Screen formatter¶

bandit.formatters.text module¶

Text Formatter¶

bandit.formatters.utils module¶

bandit.formatters.xml module¶

XML Formatter¶

bandit.formatters.yaml module¶

YAML Formatter¶

Module contents¶

Table Of Contents

This Page

OpenStack

bandit.formatters package¶

Submodules¶

bandit.formatters.csv module¶

CSV Formatter¶

bandit.formatters.custom module¶

Custom Formatter¶

bandit.formatters.html module¶

HTML formatter¶

bandit.formatters.json module¶

JSON formatter¶

bandit.formatters.screen module¶

Screen formatter¶

bandit.formatters.text module¶

Text Formatter¶

bandit.formatters.utils module¶

bandit.formatters.xml module¶

XML Formatter¶

bandit.formatters.yaml module¶

YAML Formatter¶

Module contents¶

Table Of Contents

This Page

Quick search