search

tomasbjerre / violations-lib

Java library for parsing report files from static code analysis.
Apache License 2.0
148 stars 39 forks source link

Bandit format not parsing #175

Closed bmagistro closed 1 year ago

bmagistro commented 1 year ago

References: https://github.com/tomasbjerre/violations-lib/issues/73 https://github.com/PyCQA/bandit/issues/220

Software/Plugins Jenkins 2.387.1 Warnings-NG 10.0.2 AnalysisModel 11.0.0 (believe this is where violations-lib is pulled in)

I am not sure where the issue is so putting this together and asking for some assistance. Looking at the diff in https://github.com/tomasbjerre/violations-lib/commit/0af669fb166b9524f1a12681cdf735d6e84b6a9f I am not seeing anything obvious. The format lines look to be identical and the logic looks sound.

Attached is the log file generated by running bandit and below are the relevant sections from the Jenkins file and associated output. The bandit issue for this test is generated by simply saying print(eval('1+2')) for testing purposes only.

bandit.log bandit.log

Bandit call + outout

sh """
    . ./venv/bin/activate
    bandit -r rc_smtp_bridge/ -f custom --msg-template '{abspath}:{line}: {severity}: {test_id}: {msg}' | tee bandit.log || true
"""

+ bandit -r rc_smtp_bridge/ -f custom --msg-template {abspath}:{line}: {severity}: {test_id}: {msg}
+ tee bandit.log
[main]  INFO    profile include tests: None
[main]  INFO    profile exclude tests: None
[main]  INFO    cli include tests: None
[main]  INFO    cli exclude tests: None
[main]  INFO    running on Python 3.11.2
/jenkins/workspace/ure_RC_SMTP_Bridge_flake8-bandit@2/rc_smtp_bridge/rc_smtp_bridge.py:42: MEDIUM: B307: Use of possibly insecure function - consider using safer ast.literal_eval.

RecordIssues

[bandit.log](https://github.com/tomasbjerre/violations-lib/files/11008580/bandit.log)

recordIssues aggregatingResults: true,
    qualityGates: [[threshold: 1, type: 'TOTAL', unstable: false]],
    enabledForFailure: true,
    tools: [clang(name: 'bandit', pattern: "bandit.log")]

[bandit] Searching for all files in '/jenkins/workspace/ure_RC_SMTP_Bridge_flake8-bandit@2' that match the pattern 'bandit.log'
[bandit] Traversing of symbolic links: enabled
[bandit] -> found 1 file
[bandit] Successfully parsed file /jenkins/workspace/ure_RC_SMTP_Bridge_flake8-bandit@2/bandit.log
[bandit] -> found 0 issues (skipped 0 duplicates)
[bandit] Successfully processed file 'bandit.log'
[bandit] Skipping post processing
[bandit] No filter has been set, publishing all 0 issues
[bandit] Repository miner is not configured, skipping repository mining
[bandit] Searching for all files in '/jenkins/workspace/ure_RC_SMTP_Bridge_flake8-bandit@2' that match the pattern 'bandit.log'
[bandit] Traversing of symbolic links: enabled
[bandit] -> found 1 file
[bandit] Successfully parsed file /jenkins/workspace/ure_RC_SMTP_Bridge_flake8-bandit@2/bandit.log
[bandit] -> found 0 issues (skipped 0 duplicates)
[bandit] Successfully processed file 'bandit.log'
[bandit] Skipping post processing
[bandit] No filter has been set, publishing all 0 issues
[bandit] Ignoring 'aggregatingResults' and ID 'null' since only a single tool is defined.
[bandit] Searching for all files in '/jenkins/workspace/ure_RC_SMTP_Bridge_flake8-bandit@2' that match the pattern 'bandit.log'
[bandit] Traversing of symbolic links: enabled
[bandit] -> found 1 file
[bandit] Successfully parsed file /jenkins/workspace/ure_RC_SMTP_Bridge_flake8-bandit@2/bandit.log
[bandit] -> found 0 issues (skipped 0 duplicates)
[bandit] Successfully processed file 'bandit.log'
[bandit] Skipping post processing
[bandit] No filter has been set, publishing all 0 issues
[bandit] Repository miner is not configured, skipping repository mining
[bandit] Reference build recorder is not configured
[bandit] Obtaining reference build from same job (flake8-bandit)
[bandit] Using reference build 'Infrastructure/RC SMTP Bridge/flake8-bandit #11' to compute new, fixed, and outstanding issues
[bandit] Issues delta (vs. reference build): outstanding: 0, new: 0, fixed: 0
[bandit] Evaluating quality gates
[bandit] -> PASSED - Total (any severity): 0 - Quality Gate: 1
[bandit] -> All quality gates have been passed
[bandit] Health report is disabled - skipping
[bandit] Created analysis result for 0 issues (found 0 new issues, fixed 0 issues)
[bandit] Attaching ResultAction with ID 'clang' to build 'Infrastructure/RC SMTP Bridge/flake8-bandit #21'.
[Checks API] No suitable checks publisher found.
tomasbjerre commented 1 year ago

The bug is not here, the parser can parse the output: https://github.com/tomasbjerre/violations-lib/commit/0a5de0f3b7716389422444182df4a15c6d32ea7c