bandit.formatters package

Submodules

bandit.formatters.csv module

CSV Formatter

This formatter outputs the issues in a comma separated values format.

Example:
filename,test_name,test_id,issue_severity,issue_confidence,issue_text,
line_number,line_range
examples/yaml_load.py,blacklist_calls,B301,MEDIUM,HIGH,"Use of unsafe yaml
load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
",5,[5]

New in version 0.11.0.

bandit.formatters.csv.report(manager, fileobj, sev_level, conf_level, lines=-1)

Prints issues in CSV format

Parameters:
  • manager – the bandit manager object
  • fileobj – The output file object, which may be sys.stdout
  • sev_level – Filtering severity level
  • conf_level – Filtering confidence level
  • lines – Number of lines to report, -1 for all

bandit.formatters.custom module

Custom Formatter

This formatter outputs the issues in custom machine-readable format.

default template: {abspath}:{line}: {test_id}[bandit]: {severity}: {msg}

Example:

/usr/lib/python3.6/site-packages/openlp/core/utils/__init__.py: 405: B310[bandit]: MEDIUM: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.

class bandit.formatters.custom.SafeMapper

Bases: dict

Safe mapper to handle format key errors

bandit.formatters.custom.report(manager, fileobj, sev_level, conf_level, lines=-1, template=None)

Prints issues in custom format

Parameters:
  • manager – the bandit manager object
  • fileobj – The output file object, which may be sys.stdout
  • sev_level – Filtering severity level
  • conf_level – Filtering confidence level
  • lines – Number of lines to report, -1 for all
  • template – Output template with non-terminal tags <N> (default: ‘{abspath}:{line}: {test_id}[bandit]: {severity}: {msg}’)

bandit.formatters.html module

HTML formatter

This formatter outputs the issues as HTML.

Example:
<!DOCTYPE html>
<html>
<head>

<meta charset="UTF-8">

<title>
    Bandit Report
</title>

<style>

html * {
    font-family: "Arial", sans-serif;
}

pre {
    font-family: "Monaco", monospace;
}

.bordered-box {
    border: 1px solid black;
    padding-top:.5em;
    padding-bottom:.5em;
    padding-left:1em;
}

.metrics-box {
    font-size: 1.1em;
    line-height: 130%;
}

.metrics-title {
    font-size: 1.5em;
    font-weight: 500;
    margin-bottom: .25em;
}

.issue-description {
    font-size: 1.3em;
    font-weight: 500;
}

.candidate-issues {
    margin-left: 2em;
    border-left: solid 1px; LightGray;
    padding-left: 5%;
    margin-top: .2em;
    margin-bottom: .2em;
}

.issue-block {
    border: 1px solid LightGray;
    padding-left: .5em;
    padding-top: .5em;
    padding-bottom: .5em;
    margin-bottom: .5em;
}

.issue-sev-high {
    background-color: Pink;
}

.issue-sev-medium {
    background-color: NavajoWhite;
}

.issue-sev-low {
    background-color: LightCyan;
}

</style>
</head>

<body>

<div id="metrics">
    <div class="metrics-box bordered-box">
        <div class="metrics-title">
            Metrics:<br>
        </div>
        Total lines of code: <span id="loc">9</span><br>
        Total lines skipped (#nosec): <span id="nosec">0</span>
    </div>
</div>




<br>
<div id="results">

<div id="issue-0">
<div class="issue-block issue-sev-medium">
    <b>yaml_load: </b> Use of unsafe yaml load. Allows
    instantiation of arbitrary objects. Consider yaml.safe_load().<br>
    <b>Test ID:</b> B506<br>
    <b>Severity: </b>MEDIUM<br>
    <b>Confidence: </b>HIGH<br>
    <b>File: </b><a href="examples/yaml_load.py"
    target="_blank">examples/yaml_load.py</a> <br>
    <b>More info: </b><a href="https://docs.openstack.org/bandit/latest/
    plugins/yaml_load.html" target="_blank">
    https://docs.openstack.org/bandit/latest/plugins/yaml_load.html</a>
    <br>

<div class="code">
<pre>
5       ystr = yaml.dump({'a' : 1, 'b' : 2, 'c' : 3})
6       y = yaml.load(ystr)
7       yaml.dump(y)
</pre>
</div>


</div>
</div>

</div>

</body>
</html>

New in version 0.14.0.

bandit.formatters.html.report(manager, fileobj, sev_level, conf_level, lines=-1)

Writes issues to ‘fileobj’ in HTML format

Parameters:
  • manager – the bandit manager object
  • fileobj – The output file object, which may be sys.stdout
  • sev_level – Filtering severity level
  • conf_level – Filtering confidence level
  • lines – Number of lines to report, -1 for all

bandit.formatters.json module

JSON formatter

This formatter outputs the issues in JSON.

Example:
{
  "errors": [],
  "generated_at": "2015-12-16T22:27:34Z",
  "metrics": {
    "_totals": {
      "CONFIDENCE.HIGH": 1,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 1,
      "SEVERITY.UNDEFINED": 0,
      "loc": 5,
      "nosec": 0
    },
    "examples/yaml_load.py": {
      "CONFIDENCE.HIGH": 1,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 1,
      "SEVERITY.UNDEFINED": 0,
      "loc": 5,
      "nosec": 0
    }
  },
  "results": [
    {
      "code": "4     ystr = yaml.dump({'a' : 1, 'b' : 2, 'c' : 3})\n5
                     y = yaml.load(ystr)\n6     yaml.dump(y)\n",
      "filename": "examples/yaml_load.py",
      "issue_confidence": "HIGH",
      "issue_severity": "MEDIUM",
      "issue_text": "Use of unsafe yaml load. Allows instantiation of
                     arbitrary objects. Consider yaml.safe_load().\n",
      "line_number": 5,
      "line_range": [
        5
      ],
      "more_info": "https://docs.openstack.org/bandit/latest/",
      "test_name": "blacklist_calls",
      "test_id": "B301"
    }
  ]
}

New in version 0.10.0.

bandit.formatters.json.report(manager, fileobj, sev_level, conf_level, lines=-1)

‘’Prints issues in JSON format

Parameters:
  • manager – the bandit manager object
  • fileobj – The output file object, which may be sys.stdout
  • sev_level – Filtering severity level
  • conf_level – Filtering confidence level
  • lines – Number of lines to report, -1 for all

bandit.formatters.screen module

Screen formatter

This formatter outputs the issues as color coded text.

Example:
>> Issue: [B301:blacklist_calls] Use of unsafe yaml load. Allows
   instantiation of arbitrary objects. Consider yaml.safe_load().

   Severity: Medium   Confidence: High
   Location: examples/yaml_load.py:5
4       ystr = yaml.dump({'a' : 1, 'b' : 2, 'c' : 3})
5       y = yaml.load(ystr)
6       yaml.dump(y)

New in version 0.9.0.

bandit.formatters.screen.do_print(bits)
bandit.formatters.screen.get_metrics(manager)
bandit.formatters.screen.get_results(manager, sev_level, conf_level, lines)
bandit.formatters.screen.get_verbose_details(manager)
bandit.formatters.screen.header(text, *args)
bandit.formatters.screen.report(manager, fileobj, sev_level, conf_level, lines=-1)

Prints discovered issues formatted for screen reading

This makes use of VT100 terminal codes for colored text.

Parameters:
  • manager – the bandit manager object
  • fileobj – The output file object, which may be sys.stdout
  • sev_level – Filtering severity level
  • conf_level – Filtering confidence level
  • lines – Number of lines to report, -1 for all

bandit.formatters.text module

Text Formatter

This formatter outputs the issues as plain text.

Example:
>> Issue: [B301:blacklist_calls] Use of unsafe yaml load. Allows
   instantiation of arbitrary objects. Consider yaml.safe_load().

   Severity: Medium   Confidence: High
   Location: examples/yaml_load.py:5
4       ystr = yaml.dump({'a' : 1, 'b' : 2, 'c' : 3})
5       y = yaml.load(ystr)
6       yaml.dump(y)

New in version 0.9.0.

bandit.formatters.text.get_metrics(manager)
bandit.formatters.text.get_results(manager, sev_level, conf_level, lines)
bandit.formatters.text.get_verbose_details(manager)
bandit.formatters.text.report(manager, fileobj, sev_level, conf_level, lines=-1)

Prints discovered issues in the text format

Parameters:
  • manager – the bandit manager object
  • fileobj – The output file object, which may be sys.stdout
  • sev_level – Filtering severity level
  • conf_level – Filtering confidence level
  • lines – Number of lines to report, -1 for all

bandit.formatters.utils module

Utility functions for formatting plugins for Bandit.

bandit.formatters.utils.convert_file_contents(text)

Convert text to built-in strings on Python 2.

bandit.formatters.utils.wrap_file_object(fileobj)

Handle differences in Python 2 and 3 around writing bytes.

bandit.formatters.xml module

XML Formatter

This formatter outputs the issues as XML.

Example:
<?xml version='1.0' encoding='utf-8'?>
<testsuite name="bandit" tests="1"><testcase
classname="examples/yaml_load.py" name="blacklist_calls"><error
message="Use of unsafe yaml load. Allows instantiation of arbitrary
objects. Consider yaml.safe_load().&#10;" type="MEDIUM">Test ID: B301
Severity: MEDIUM Confidence: HIGH Use of unsafe yaml load. Allows
instantiation of arbitrary objects. Consider yaml.safe_load().

Location examples/yaml_load.py:5</error></testcase></testsuite>

New in version 0.12.0.

bandit.formatters.xml.report(manager, fileobj, sev_level, conf_level, lines=-1)

Prints issues in XML format

Parameters:
  • manager – the bandit manager object
  • fileobj – The output file object, which may be sys.stdout
  • sev_level – Filtering severity level
  • conf_level – Filtering confidence level
  • lines – Number of lines to report, -1 for all

bandit.formatters.yaml module

YAML Formatter

This formatter outputs the issues in a yaml format.

Example:
errors: []
generated_at: '2017-03-09T22:29:30Z'
metrics:
  _totals:
    CONFIDENCE.HIGH: 1
    CONFIDENCE.LOW: 0
    CONFIDENCE.MEDIUM: 0
    CONFIDENCE.UNDEFINED: 0
    SEVERITY.HIGH: 0
    SEVERITY.LOW: 0
    SEVERITY.MEDIUM: 1
    SEVERITY.UNDEFINED: 0
    loc: 9
    nosec: 0
  examples/yaml_load.py:
    CONFIDENCE.HIGH: 1
    CONFIDENCE.LOW: 0
    CONFIDENCE.MEDIUM: 0
    CONFIDENCE.UNDEFINED: 0
    SEVERITY.HIGH: 0
    SEVERITY.LOW: 0
    SEVERITY.MEDIUM: 1
    SEVERITY.UNDEFINED: 0
    loc: 9
    nosec: 0
results:
- code: '5     ystr = yaml.dump({''a'' : 1, ''b'' : 2, ''c'' : 3})\n
         6     y = yaml.load(ystr)\n7     yaml.dump(y)\n'
  filename: examples/yaml_load.py
  issue_confidence: HIGH
  issue_severity: MEDIUM
  issue_text: Use of unsafe yaml load. Allows instantiation of arbitrary
              objects.
    Consider yaml.safe_load().
  line_number: 6
  line_range:
  - 6
  more_info: https://docs.openstack.org/bandit/latest/
  test_id: B506
  test_name: yaml_load

New in version 1.4.1.

bandit.formatters.yaml.report(manager, fileobj, sev_level, conf_level, lines=-1)

Prints issues in YAML format

Parameters:
  • manager – the bandit manager object
  • fileobj – The output file object, which may be sys.stdout
  • sev_level – Filtering severity level
  • conf_level – Filtering confidence level
  • lines – Number of lines to report, -1 for all

Module contents