3
# Copyright 2014 Hewlett-Packard Development Company, L.P.
5
# Licensed under the Apache License, Version 2.0 (the "License"); you may
6
# not use this file except in compliance with the License. You may obtain
7
# a copy of the License at
9
# http://www.apache.org/licenses/LICENSE-2.0
11
# Unless required by applicable law or agreed to in writing, software
12
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14
# License for the specific language governing permissions and limitations
16
from __future__ import absolute_import
23
from bandit.core import extension_loader as ext_loader
24
from bandit.core import manager as b_manager
26
default_test_config = 'bandit.yaml'
30
extension_mgr = ext_loader.MANAGER
31
parser = argparse.ArgumentParser(
32
description='Bandit - a Python source code analyzer.'
35
'targets', metavar='targets', type=str, nargs='+',
36
help='source file(s) or directory(s) to be tested'
39
'-r', '--recursive', dest='recursive',
40
action='store_true', help='process files in subdirectories'
43
'-a', '--aggregate', dest='agg_type',
44
action='store', default='file', type=str,
45
choices=['file', 'vuln'],
46
help='group results by vulnerability type or file it occurs in'
49
'-n', '--number', dest='context_lines',
50
action='store', default=-1, type=int,
51
help='max number of code lines to display for each issue identified'
54
'-c', '--configfile', dest='config_file',
55
action='store', default=None, type=str,
56
help=('test config file, defaults to /etc/bandit/bandit.yaml, or'
57
'./bandit.yaml if not given')
60
'-p', '--profile', dest='profile',
61
action='store', default=None, type=str,
62
help='test set profile in config to use (defaults to all tests)'
65
'-l', '--level', dest='level', action='count',
66
default=1, help='results level filter'
69
'-f', '--format', dest='output_format', action='store',
70
default='txt', help='specify output format',
71
choices=sorted(extension_mgr.formatter_names)
74
'-o', '--output', dest='output_file', action='store',
75
default=None, help='write report to filename'
78
'-v', '--verbose', dest='verbose', action='store_true',
79
help='show extra information like excluded and included files'
82
'-d', '--debug', dest='debug', action='store_true',
83
help='turn on debug mode'
85
parser.set_defaults(debug=False)
86
parser.set_defaults(verbose=False)
88
parser.epilog = ('The following plugin suites were discovered and'
90
', '.join(extension_mgr.plugin_names) + ']')
92
# setup work - parse arguments, and initialize BanditManager
93
args = parser.parse_args()
94
config_file = args.config_file
99
# attempt to get the home directory from environment
100
home_dir = os.environ.get('HOME')
102
home_config = "%s/.config/bandit/%s" % (home_dir,
105
installed_config = str(os.path.dirname(os.path.realpath(__file__)) +
106
'/config/%s' % default_test_config)
108
# prefer config file in the following order:
109
# 1) current directory, 2) user home directory, 3) bundled config
110
config_paths = [default_test_config, home_config, installed_config]
112
for path in config_paths:
113
if path and os.access(path, os.R_OK):
118
# no logger yet, so using print
119
print ("no config found, tried ...")
120
for path in config_paths:
122
print ("\t%s" % path)
125
b_mgr = b_manager.BanditManager(config_file, args.agg_type,
126
args.debug, profile_name=args.profile,
127
verbose=args.verbose)
128
# we getLogger() here because BanditManager has configured it at this point
129
logger = logging.getLogger()
130
if args.output_format != "json":
131
logger.info("using config: %s", config_file)
132
logger.info("running on Python %d.%d.%d", sys.version_info.major,
133
sys.version_info.minor, sys.version_info.micro)
135
# check ability to write output file, if requested
136
if args.output_file is not None:
137
check_dest = b_mgr.check_output_destination(args.output_file)
138
if check_dest is not True:
140
'Problem with specified output destination\n\t%s: %s',
141
check_dest, args.output_file
145
# initiate file discovery step within Bandit Manager
146
b_mgr.discover_files(args.targets, args.recursive)
148
# initiate execution of tests within Bandit Manager
151
b_mgr.output_metaast()
153
# trigger output of results by Bandit Manager
154
b_mgr.output_results(args.context_lines, args.level - 1, args.output_file,
157
# return an exit code of 1 if there are results, 0 otherwise
158
if b_mgr.results_count > 0:
164
if __name__ == '__main__':