Added default ini files and targets

Fixed bool params not working in ini file
PyCQA · May 26, 2022 · 4374cb8 · 4374cb8
1 parent 6fe4930
commit 4374cb8
Show file tree

Hide file tree

Showing 10 changed files with 209 additions and 182 deletions.
diff --git a/bandit/cli/main.py b/bandit/cli/main.py
diff --git a/bandit/core/utils.py b/bandit/core/utils.py
@@ -12,6 +12,14 @@
 except ImportError:
     import ConfigParser as configparser
 
+BOOL_PARAMS = [
+    'recursive',
+    'verbose',
+    'debug',
+    'quiet',
+    'ignore-nosec',
+    'exit-zero'
+]
 LOG = logging.getLogger(__name__)
 
 
@@ -349,12 +357,18 @@ def parse_ini_file(f_loc):
     config = configparser.ConfigParser()
     try:
         config.read(f_loc)
-        return {k: v for k, v in config.items("bandit")}
+        options = {k: v for k, v in config['bandit'].items()}
+        for bool_param in BOOL_PARAMS:
+            if config['bandit'].getboolean(bool_param) is not None:
+                options.update(
+                    {bool_param: config['bandit'].getboolean(bool_param)}
+                )
+
+        return options
 
     except (configparser.Error, KeyError, TypeError):
-        LOG.warning(
-            "Unable to parse config file %s or missing [bandit] " "section",
-            f_loc,
+        LOG.debug("Config file %s not found or missing [bandit] "
+                  "section", f_loc,
         )
 
     return None

diff --git a/examples/ini_file_test/okay.py b/examples/ini_file_test/okay.py
@@ -0,0 +1 @@
+print('hopefully no vulnerabilities here')
diff --git a/examples/ini_file_test/recursive2/okay.py b/examples/ini_file_test/recursive2/okay.py
@@ -0,0 +1 @@
+print('hopefully no vulnerabilities here')
diff --git a/examples/ini_file_test/setup.cfg b/examples/ini_file_test/setup.cfg
@@ -0,0 +1,2 @@
+[bandit]
+recursive=false
diff --git a/examples/ini_file_test_2/okay.py b/examples/ini_file_test_2/okay.py
@@ -0,0 +1 @@
+print('hopefully no vulnerabilities here')
diff --git a/examples/ini_file_test_2/recursive2/okay.py b/examples/ini_file_test_2/recursive2/okay.py
@@ -0,0 +1 @@
+print('hopefully no vulnerabilities here')
diff --git a/examples/ini_file_test_2/setup.cfg b/examples/ini_file_test_2/setup.cfg
@@ -0,0 +1,2 @@
+[bandit]
+recursive=true
diff --git a/tests/functional/test_runtime.py b/tests/functional/test_runtime.py
@@ -25,15 +25,6 @@ def _test_example(self, cmdlist, targets):
             cmdlist.append(os.path.join(os.getcwd(), "examples", t))
         return self._test_runtime(cmdlist)
 
-    def test_no_arguments(self):
-        (retcode, output) = self._test_runtime(
-            [
-                "bandit",
-            ]
-        )
-        self.assertEqual(2, retcode)
-        self.assertIn("usage: bandit [-h]", output)
-
     def test_piped_input(self):
         with open("examples/imports.py") as infile:
             (retcode, output) = self._test_runtime(["bandit", "-"], infile)
@@ -92,7 +83,27 @@ def test_example_okay(self):
         self.assertIn("No issues identified.", output)
 
     def test_recurse(self):
-        (retcode, output) = self._test_runtime(['bandit', '-r', 'examples/recursive1'])
+        (retcode, output) = self._test_runtime(['bandit', '-r',
+                                                'examples/recursive1'])
+        self.assertEqual(0, retcode)
+        self.assertIn("Total lines of code: 2", output)
+        self.assertIn("Files skipped (0):", output)
+        self.assertIn("No issues identified.", output)
+
+    def test_ini_file_override(self):
+        """Tests that ini file properly overrides default values"""
+        (retcode, output) = self._test_runtime(
+            ['bandit', 'examples/ini_file_test_2', '--ini', 'examples/ini_file_test_2/setup.cfg'])
+        self.assertEqual(0, retcode)
+        self.assertIn("Total lines of code: 2", output)
+        self.assertIn("Files skipped (0):", output)
+        self.assertIn("No issues identified.", output)
+
+    def test_cli_before_ini_file(self):
+        """Tests that ini file doesn't override cli args"""
+        (retcode, output) = self._test_runtime(
+            ['bandit', '-r', 'examples/ini_file_test', '--ini', 'examples/ini_file_test/setup.cfg']
+        )
         self.assertEqual(0, retcode)
         self.assertIn("Total lines of code: 2", output)
         self.assertIn("Files skipped (0):", output)

diff --git a/tests/unit/cli/test_main.py b/tests/unit/cli/test_main.py
@@ -86,7 +86,7 @@ def tearDown(self):
     def test_get_options_from_ini_no_ini_path_no_target(self):
         # Test that no config options are loaded when no ini path or target
         # directory are provided
-        self.assertIsNone(bandit._get_options_from_ini(None, []))
+        self.assertEqual(bandit._get_options_from_ini(None, []), {})
 
     def test_get_options_from_ini_empty_directory_no_target(self):
         # Test that no config options are loaded when an empty directory is
@@ -96,10 +96,11 @@ def test_get_options_from_ini_empty_directory_no_target(self):
 
     def test_get_options_from_ini_no_ini_path_no_bandit_files(self):
         # Test that no config options are loaded when no ini path is provided
-        # and the target directory contains no bandit config files (.bandit)
+        # and the target directory contains no bandit config files
         target_directory = self.useFixture(fixtures.TempDir()).path
-        self.assertIsNone(
-            bandit._get_options_from_ini(None, [target_directory])
+        self.assertEqual(
+            bandit._get_options_from_ini(None, [target_directory]),
+            {}
         )
 
     def test_get_options_from_ini_no_ini_path_multi_bandit_files(self):