new formatting

exasol · Nov 15, 2024 · f22961e · f22961e
1 parent 5094bff
commit f22961e
Show file tree

Hide file tree

Showing 4 changed files with 65 additions and 13 deletions.
diff --git a/exasol/toolbox/tools/security.py b/exasol/toolbox/tools/security.py
@@ -100,7 +100,16 @@ def from_maven(report: str) -> Iterable[Issue]:
             )
 
 
-def from_json(report_str: str, prefix: Path) -> Iterable[Issue]:
+@dataclass(frozen=True)
+class SecurityIssue:
+    coordinates: str
+    cwe: str
+    test_id: str
+    description: str
+    references: tuple
+
+
+def from_json(report_str: str, prefix: Path) -> Iterable[SecurityIssue]:
     report = json.loads(report_str)
     issues = report.get("results", {})
     for issue in issues:
@@ -111,32 +120,32 @@ def from_json(report_str: str, prefix: Path) -> Iterable[Issue]:
             references.append(issue["issue_cve"]["link"])
         if issue.get("issue_cwe", {}).get("link", None):
             references.append(issue["issue_cwe"]["link"])
-        yield Issue(
-            cve=str(issue.get("issue_cve", {}).get("id", "")),
-            cwe=str(issue.get("issue_cwe", {}).get("id", "")),
+        yield SecurityIssue(
+            cwe=str(issue["issue_cwe"].get("id", "")),
             description=issue["issue_text"],
+            test_id=issue["test_id"],
             coordinates=issue["filename"].replace(
                 str(prefix) + "/", ""
                 ) + ":" + str(issue["line_number"]) + ":" + str(issue["col_offset"]) + ":",
             references=tuple(references)
         )
 
 
-def issues_to_markdown(issues: Iterable[Issue]) -> str:
+def issues_to_markdown(issues: Iterable[SecurityIssue]) -> str:
     template = cleandoc("""
         {header}{rows}
     """)
 
     def _header():
         header = "# Security\n\n"
-        header += "|File|Cve|Cwe|Details|\n"
+        header += "|File|Cwe|Test ID|Details|\n"
         header += "|---|:-:|:-:|---|\n"
         return header
 
     def _row(issue):
         row = "|" + issue.coordinates + "|"
-        row += issue.cve + "|"
         row += issue.cwe + "|"
+        row += issue.test_id + "|"
         for element in issue.references:
             row += element + " ,<br>"
         row = row[:-5] + "|"
@@ -314,6 +323,7 @@ def json_issue_to_markdown(
 ) -> None:
     content = json_file.read()
     issues = from_json(content, path.absolute())
+    issues = sorted(issues, key=lambda i: (i.coordinates[0:i.coordinates.index(":")], i.cwe, i.test_id))
     print(issues_to_markdown(issues))
 
 

diff --git a/test/integration/cli/security-pprint-emty.t b/test/integration/cli/security-pprint-emty.t
@@ -12,7 +12,7 @@ Run test case
   $ tbx security pretty-print .security.json
   # Security
 
-  |File|Cve|Cwe|Details|
+  |File|Cwe|Test ID|Details|
   |---|:-:|:-:|---|
 
 
diff --git a/test/integration/cli/security-pprint.t b/test/integration/cli/security-pprint.t
@@ -24,6 +24,46 @@ Create test input
   >       "more_info": "https://bandit.readthedocs.io/en/1.7.10/plugins/b602_subprocess_popen_with_shell_equals_true.html",
   >       "test_id": "B602",
   >       "test_name": "subprocess_popen_with_shell_equals_true"
+  >     },
+  >     {
+  >       "code": "156         )\n157         subprocess.check_call(cmd, cwd=gitroot, stdout=fp)\n158         fp.seek(0)\n",
+  >       "col_offset": 8,
+  >       "end_col_offset": 58,
+  >       "filename": "/home/jami/Git/python-toolbox/exasol/toolbox/sphinx/multiversion/git.py",
+  >       "issue_confidence": "HIGH",
+  >       "issue_cwe": {
+  >         "id": 78,
+  >         "link": "https://cwe.mitre.org/data/definitions/78.html"
+  >       },
+  >       "issue_severity": "LOW",
+  >       "issue_text": "subprocess call - check for execution of untrusted input.",
+  >       "line_number": 157,
+  >       "line_range": [
+  >         157
+  >       ],
+  >       "more_info": "https://bandit.readthedocs.io/en/1.7.10/plugins/b603_subprocess_without_shell_equals_true.html",
+  >       "test_id": "B603",
+  >       "test_name": "subprocess_without_shell_equals_true"
+  >     },
+  >     {
+  >       "code": "159         with tarfile.TarFile(fileobj=fp) as tarfp:\n160             tarfp.extractall(dst)\n",
+  >       "col_offset": 12,
+  >       "end_col_offset": 33,
+  >       "filename": "exasol/toolbox/sphinx/multiversion/git.py",
+  >       "issue_confidence": "HIGH",
+  >       "issue_cwe": {
+  >         "id": 22,
+  >         "link": "https://cwe.mitre.org/data/definitions/22.html"
+  >       },
+  >       "issue_severity": "HIGH",
+  >       "issue_text": "tarfile.extractall used without any validation. Please check and discard dangerous members.",
+  >       "line_number": 160,
+  >       "line_range": [
+  >         160
+  >       ],
+  >       "more_info": "https://bandit.readthedocs.io/en/1.7.10/plugins/b202_tarfile_unsafe_members.html",
+  >       "test_id": "B202",
+  >       "test_name": "tarfile_unsafe_members"
   >     }
   >   ]
   > }
@@ -34,6 +74,8 @@ Run test case
   $ tbx security pretty-print .security.json
   # Security
 
-  |File|Cve|Cwe|Details|
+  |File|Cwe|Test ID|Details|
   |---|:-:|:-:|---|
-  |exasol/toolbox/sphinx/multiversion/main.py:556:16:||78|https://bandit.readthedocs.io/en/1.7.10/plugins/b602_subprocess_popen_with_shell_equals_true.html ,<br>https://cwe.mitre.org/data/definitions/78.html |
+  |exasol/toolbox/sphinx/multiversion/git.py:160:12:|22|B202|https://bandit.readthedocs.io/en/1.7.10/plugins/b202_tarfile_unsafe_members.html ,<br>https://cwe.mitre.org/data/definitions/22.html |
+  |exasol/toolbox/sphinx/multiversion/git.py:157:8:|78|B603|https://bandit.readthedocs.io/en/1.7.10/plugins/b603_subprocess_without_shell_equals_true.html ,<br>https://cwe.mitre.org/data/definitions/78.html |
+  |exasol/toolbox/sphinx/multiversion/main.py:556:16:|78|B602|https://bandit.readthedocs.io/en/1.7.10/plugins/b602_subprocess_popen_with_shell_equals_true.html ,<br>https://cwe.mitre.org/data/definitions/78.html |
diff --git a/test/unit/security_test.py b/test/unit/security_test.py
@@ -436,8 +436,8 @@ def test_format_jsonl_removes_newline():
 }
             ''',
             {
-                "cve": "",
                 "cwe": "78",
+                "test_id": "B404",
                 "description": "Consider possible security implications associated with the subprocess module.",
                 "coordinates": "exasol/toolbox/git.py:1:0:",
                 "references": (
@@ -450,9 +450,9 @@ def test_format_jsonl_removes_newline():
 )
 def test_from_json(json_file, expected):
     actual = security.from_json(json_file, pathlib.Path("/home/test/Git/python-toolbox"))
-    expected_issue = security.Issue(
-        cve=expected["cve"],
+    expected_issue = security.SecurityIssue(
         cwe=expected["cwe"],
+        test_id=expected["test_id"],
         description=expected["description"],
         coordinates=expected["coordinates"],
         references=expected["references"]