탐색 도움말
로그인
sintez
/
py_task
2
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: c91ea224e8
브랜치 태그
py_task
/
venv
/
lib
/
python3.9
/
site-packages
/
bandit
/
formatters
/
csv.py

csv.py 2.3 KB
히스토리 Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. #
    2. 

  2. # SPDX-License-Identifier: Apache-2.0
    3. 

  3. r"""
    4. 

  4. =============
    5. 

  5. CSV Formatter
    6. 

  6. =============
    7. 

  7. 

  8. This formatter outputs the issues in a comma separated values format.
    9. 

  9. 

  10. :Example:
    11. 

  11. 

  12. .. code-block:: none
    13. 

  13. 

  14.     filename,test_name,test_id,issue_severity,issue_confidence,issue_cwe,
    15. 

  15.     issue_text,line_number,line_range,more_info
    16. 

  16.     examples/yaml_load.py,blacklist_calls,B301,MEDIUM,HIGH,
    17. 

  17.     https://cwe.mitre.org/data/definitions/20.html,"Use of unsafe yaml
    18. 

  18.     load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
    19. 

  19.     ",5,[5],https://bandit.readthedocs.io/en/latest/
    20. 

  20. 

  21. .. versionadded:: 0.11.0
    22. 

  22. 

  23. .. versionchanged:: 1.5.0
    24. 

  24.     New field `more_info` added to output
    25. 

  25. 

  26. .. versionchanged:: 1.7.3
    27. 

  27.     New field `CWE` added to output
    28. 

  28. 

  29. """
    30. 

  30. # Necessary for this formatter to work when imported on Python 2. Importing
    31. 

  31. # the standard library's csv module conflicts with the name of this module.
    32. 

  32. import csv
    33. 

  33. import logging
    34. 

  34. import sys
    35. 

  35. 

  36. from bandit.core import docs_utils
    37. 

  37. 

  38. LOG = logging.getLogger(__name__)
    39. 

  39. 

  40. 

  41. def report(manager, fileobj, sev_level, conf_level, lines=-1):
    42. 

  42.     """Prints issues in CSV format
    43. 

  43. 

  44.     :param manager: the bandit manager object
    45. 

  45.     :param fileobj: The output file object, which may be sys.stdout
    46. 

  46.     :param sev_level: Filtering severity level
    47. 

  47.     :param conf_level: Filtering confidence level
    48. 

  48.     :param lines: Number of lines to report, -1 for all
    49. 

  49.     """
    50. 

  50. 

  51.     results = manager.get_issue_list(
    52. 

  52.         sev_level=sev_level, conf_level=conf_level
    53. 

  53.     )
    54. 

  54. 

  55.     with fileobj:
    56. 

  56.         fieldnames = [
    57. 

  57.             "filename",
    58. 

  58.             "test_name",
    59. 

  59.             "test_id",
    60. 

  60.             "issue_severity",
    61. 

  61.             "issue_confidence",
    62. 

  62.             "issue_cwe",
    63. 

  63.             "issue_text",
    64. 

  64.             "line_number",
    65. 

  65.             "col_offset",
    66. 

  66.             "end_col_offset",
    67. 

  67.             "line_range",
    68. 

  68.             "more_info",
    69. 

  69.         ]
    70. 

  70. 

  71.         writer = csv.DictWriter(
    72. 

  72.             fileobj, fieldnames=fieldnames, extrasaction="ignore"
    73. 

  73.         )
    74. 

  74.         writer.writeheader()
    75. 

  75.         for result in results:
    76. 

  76.             r = result.as_dict(with_code=False)
    77. 

  77.             r["issue_cwe"] = r["issue_cwe"]["link"]
    78. 

  78.             r["more_info"] = docs_utils.get_url(r["test_id"])
    79. 

  79.             writer.writerow(r)
    80. 

  80. 

  81.     if fileobj.name != sys.stdout.name:
    82. 

  82.         LOG.info("CSV output written to file: %s", fileobj.name)
    83.