Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrongly formatted json output #1019

Open
eyaranossian opened this issue Apr 11, 2023 · 2 comments
Open

Wrongly formatted json output #1019

eyaranossian opened this issue Apr 11, 2023 · 2 comments
Labels
bug Something isn't working

Comments

@eyaranossian
Copy link

eyaranossian commented Apr 11, 2023
edited
Loading

Describe the bug

I'm running bandit with pre-commit. I want to dump the report in a json format so that I can exploit it afterward.
For some unknown reason, the json generated is broken at the end, in a random way at every run.

Here is the json ouput :

  "errors": [],
  "generated_at": "2023-04-11T14:36:30Z",
  "metrics": {
    "_totals": {
      "CONFIDENCE.HIGH": 47,
      "CONFIDENCE.LOW": 7,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 47,
      "SEVERITY.MEDIUM": 7,
      "SEVERITY.UNDEFINED": 0,
      "loc": 1010,
      "nosec": 0,
      "skipped_tests": 0
    },
    "some_file.py": {
      "CONFIDENCE.HIGH": 3,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 3,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 31,
      "nosec": 0,
      "skipped_tests": 0
    }
  },
  "results": []
}kipped_tests": 0
    }
  },
  "results": []
}s": []
}": 0
    }
  },
  "results": []
}s": []
}"nosec": 0,
      "skipped_tests": 0
    }
  },
  "results": []
}

Here is my pre-commit hook :

- repo: https://github.com/PyCQA/bandit
    rev: '1.7.4'
    hooks:
    - id: bandit
      args: [-lll, -i, -f, json, -o, bandit_report.json]

Reproduction steps

1. Run the command : pre-commit run -a
2. Check the json file generated

Expected behavior

I would expect the json file to be properly formatted and not have this random excess at the end of the file.

Bandit version

1.7.4

Python version

3.11 (Default)

Additional context

Looks like the issue only happen when using bandit with pre-commit. I did the test using bandit alone an its working fine, so maybe this issue is not at the right place...

No response
@eyaranossian eyaranossian added the bug Something isn't working label Apr 11, 2023
@OClark23
Copy link

  1. Try updating the bandit tool to the latest version

  2. To solve this issue, I changed the output format to YAML

- repo: https://github.com/PyCQA/bandit rev: '1.7.4' hooks: - id: bandit args: [-lll, -i, -f, yaml, -o, bandit_report.yaml]

@ChandanChainani
Copy link

Currently there is no issue with json output with bandit version 1.7.10

(venv) ➜  bandit -l . -i --format json
[main]	INFO	profile include tests: None
[main]	INFO	profile exclude tests: None
[main]	INFO	cli include tests: None
[main]	INFO	cli exclude tests: None
[manager]	WARNING	Skipping directory (.), use -r flag to scan contents
{
  "errors": [],
  "generated_at": "2024-10-06T14:54:18Z",
  "metrics": {
    "_totals": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 0,
      "nosec": 0,
      "skipped_tests": 0
    }
  },
  "results": []
}

cc: @eyaranossian @OClark23

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@eyaranossian @ChandanChainani @OClark23