search

PyCQA / bandit

Bandit is a tool designed to find common security issues in Python code.
https://bandit.readthedocs.io
Apache License 2.0
6.51k stars 612 forks source link

Broken JSON on standard output #1000

Open muszalski opened 1 year ago

muszalski commented 1 year ago

Describe the bug

Hi!

When JSON format is requested the standard output starts with:

Working... ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:08

which breaks JSON.

Reproduction steps

1. Run `bandit -r . -f json` or `bandit -r . -f json -o -`
2. Check first line of the output - there is `Working...`

Expected behavior

Valid JSON on output

Bandit version

1.7.5 (Default)

Python version

3.11 (Default)

Additional context

No response

OClark23 commented 1 year ago

@muszalski try: bandit -r . -f json -q > output.json

FHu-HMS commented 1 year ago

This also caused me trouble yesterday. Why not redirect this message to stderr? The 'settings' information is also output via stderr after all.

ericwb commented 11 months ago

FYI, you won't see the "Working ..." part if you use the -o argument. For example: bandit -r examples/ -f json -o test.json

You can also pass -q to use quiet mode which skips the use of the progress statement.

ericwb commented 11 months ago

Not sure if there is a preferred way to fix this. Redirecting the progress to stderr doesn't necessarily make sense since I do think this is acceptable output for stdout. And there are workarounds using -o or -q to avoid the issue. But I can leave the issue open for now, maybe there is a more ideal solution.