changed format of pprint

Author: Jannis-Mittenzwei

exasol/toolbox/tools/security.py

@@ -103,7 +103,9 @@ def from_maven(report: str) -> Iterable[Issue]:
 
 @dataclass(frozen=True)
 class SecurityIssue:
-    coordinates: str
+    file_name: str
+    line: int
+    column: int
     cwe: str
     test_id: str
     description: str
@@ -117,17 +119,15 @@ def from_json(report_str: str, prefix: Path) -> Iterable[SecurityIssue]:
         references = []
         if issue["more_info"]:
             references.append(issue["more_info"])
-        if issue.get("issue_cve", {}).get("link", None):
-            references.append(issue["issue_cve"]["link"])
         if issue.get("issue_cwe", {}).get("link", None):
             references.append(issue["issue_cwe"]["link"])
         yield SecurityIssue(
+            file_name=issue["filename"].replace(str(prefix) + "/", ""),
+            line=issue["line_number"],
+            column=issue["col_offset"],
             cwe=str(issue["issue_cwe"].get("id", "")),
-            description=issue["issue_text"],
             test_id=issue["test_id"],
-            coordinates=issue["filename"].replace(
-                str(prefix) + "/", ""
-                ) + ":" + str(issue["line_number"]) + ":" + str(issue["col_offset"]) + ":",
+            description=issue["issue_text"],
             references=tuple(references)
         )
 
@@ -139,12 +139,13 @@ def issues_to_markdown(issues: Iterable[SecurityIssue]) -> str:
 
     def _header():
         header = "# Security\n\n"
-        header += "|File|Cwe|Test ID|Details|\n"
-        header += "|---|:-:|:-:|---|\n"
+        header += "|File|line/<br>column|Cwe|Test ID|Details|\n"
+        header += "|---|:-:|:-:|:-:|---|\n"
         return header
 
     def _row(issue):
-        row = "|" + issue.coordinates + "|"
+        row = "|" + issue.file_name + "|"
+        row += f"line: {issue.line}<br>column: {issue.column}|"
         row += issue.cwe + "|"
         row += issue.test_id + "|"
         for element in issue.references:
@@ -324,7 +325,7 @@ def json_issue_to_markdown(
 ) -> None:
     content = json_file.read()
     issues = from_json(content, path.absolute())
-    issues = sorted(issues, key=lambda i: (i.coordinates[0:i.coordinates.index(":")], i.cwe, i.test_id))
+    issues = sorted(issues, key=lambda i: (i.file_name, i.cwe, i.test_id))
     print(issues_to_markdown(issues))
 
 

test/integration/cli/security-pprint-emty.t

@@ -12,7 +12,7 @@ Run test case
   $ tbx security pretty-print .security.json
   # Security
 
-  |File|Cwe|Test ID|Details|
-  |---|:-:|:-:|---|
+  |File|line/<br>column|Cwe|Test ID|Details|
+  |---|:-:|:-:|:-:|---|
 
 

test/integration/cli/security-pprint.t

@@ -74,8 +74,8 @@ Run test case
   $ tbx security pretty-print .security.json
   # Security
 
-  |File|Cwe|Test ID|Details|
-  |---|:-:|:-:|---|
-  |exasol/toolbox/sphinx/multiversion/git.py:160:12:|22|B202|https://bandit.readthedocs.io/en/1.7.10/plugins/b202_tarfile_unsafe_members.html ,<br>https://cwe.mitre.org/data/definitions/22.html |
-  |exasol/toolbox/sphinx/multiversion/git.py:157:8:|78|B603|https://bandit.readthedocs.io/en/1.7.10/plugins/b603_subprocess_without_shell_equals_true.html ,<br>https://cwe.mitre.org/data/definitions/78.html |
-  |exasol/toolbox/sphinx/multiversion/main.py:556:16:|78|B602|https://bandit.readthedocs.io/en/1.7.10/plugins/b602_subprocess_popen_with_shell_equals_true.html ,<br>https://cwe.mitre.org/data/definitions/78.html |
+  |File|line/<br>column|Cwe|Test ID|Details|
+  |---|:-:|:-:|:-:|---|
+  |exasol/toolbox/sphinx/multiversion/git.py|line: 160<br>column: 12|22|B202|https://bandit.readthedocs.io/en/1.7.10/plugins/b202_tarfile_unsafe_members.html ,<br>https://cwe.mitre.org/data/definitions/22.html |
+  |exasol/toolbox/sphinx/multiversion/git.py|line: 157<br>column: 8|78|B603|https://bandit.readthedocs.io/en/1.7.10/plugins/b603_subprocess_without_shell_equals_true.html ,<br>https://cwe.mitre.org/data/definitions/78.html |
+  |exasol/toolbox/sphinx/multiversion/main.py|line: 556<br>column: 16|78|B602|https://bandit.readthedocs.io/en/1.7.10/plugins/b602_subprocess_popen_with_shell_equals_true.html ,<br>https://cwe.mitre.org/data/definitions/78.html |

test/unit/security_test.py

@@ -414,17 +414,17 @@ def test_format_jsonl_removes_newline():
     "results": [
         {
             "code": "1 import subprocess\\n2 from typing import Iterable\\n3 \\n",
-            "col_offset": 0,
+            "col_offset": 12,
             "end_col_offset": 17,
-            "filename": "/home/test/Git/python-toolbox/exasol/toolbox/git.py",
+            "filename": "/home/test/python-toolbox/exasol/toolbox/git.py",
             "issue_confidence": "HIGH",
             "issue_cwe": {
                 "id": 78,
                 "link": "https://cwe.mitre.org/data/definitions/78.html"
             },
             "issue_severity": "LOW",
             "issue_text": "Consider possible security implications associated with the subprocess module.",
-            "line_number": 1,
+            "line_number": 53,
             "line_range": [
                 1
             ],
@@ -436,10 +436,12 @@ def test_format_jsonl_removes_newline():
 }
             ''',
             {
+                "file_name": "exasol/toolbox/git.py",
+                "line": 53,
+                "column": 12,
                 "cwe": "78",
                 "test_id": "B404",
                 "description": "Consider possible security implications associated with the subprocess module.",
-                "coordinates": "exasol/toolbox/git.py:1:0:",
                 "references": (
                     "https://bandit.readthedocs.io/en/1.7.10/blacklists/blacklist_imports.html#b404-import-subprocess",
                     "https://cwe.mitre.org/data/definitions/78.html"
@@ -449,12 +451,14 @@ def test_format_jsonl_removes_newline():
     ]
 )
 def test_from_json(json_file, expected):
-    actual = security.from_json(json_file, pathlib.Path("/home/test/Git/python-toolbox"))
+    actual = security.from_json(json_file, pathlib.Path("/home/test/python-toolbox"))
     expected_issue = security.SecurityIssue(
+        file_name=expected["file_name"],
+        line=expected["line"],
+        column=expected["column"],
         cwe=expected["cwe"],
         test_id=expected["test_id"],
         description=expected["description"],
-        coordinates=expected["coordinates"],
         references=expected["references"]
     )
     assert list(actual) == [expected_issue]