Closed MVrachev closed 5 years ago
I noticed this is a problem for both Go and Python code. When scanning python code Bandit gives you that information about the problems when parsing the AST but in Gosec when you use the JSON output there is no information about this problem.
I start and generate results from gosec with this command:
gosec -fmt=json --out=result.json testData/app
on this file which clearly misses the curly bracket of the main function (line 11):
and the results.json content is:
If you do the same command but without generating an output on the command line you will see the problem:
So the report we get from Gosec can be really missleading. For Bandit we will fix it easily.
Duplicate of #142
Describe the bug When you run Precaution against files with syntax or other problems Precaution doesn't catch when there are problems parsing the AST.
The result from that is a "No issues found" report by Precaution on files with syntax or possibly other security issues. That way you can bypass the Precaution scan.
To Reproduce Steps to reproduce the behavior:
Expected behavior Normally I would expect the "App error" conclusion from the Precaution scan and in detail information like "syntax error while parsing AST from file".