Add string options for severity and confidence (#702)

Adds two new command line arguments which allow the user to specify severity level and confidence level with a key-value pair rather than repeating a flag. This makes it easier to specify those values if using an alternate interface which invokes Bandit's CLI. The previous repeatable flags have been retained and existing workflows will not be affected. New arguments: * --severity-level: Takes a string "all", "low", "medium", or "high" to set the level. This has the same effect as the existing -l/--level option. If both options are specified, an error will be printed. * --confidence-level: Takes a string "all", "low", "medium", or "high" to set the level. This has the same effect as the existing -i/--confidence option. If both options are specified, an error will be printed. * Help text for these parameters clarifies why 'all' and 'low' aren't the same although they will almost certainly produce the same set of results. Co-authored-by: Nathan Stocking <nathan.stocking@microsoft.com>
PyCQA · Apr 2, 2021 · 1eff509 · 1eff509
1 parent 6765a57
commit 1eff509
Showing 1 changed file with 43 additions and 2 deletions.
diff --git a/bandit/cli/main.py b/bandit/cli/main.py
@@ -180,16 +180,34 @@ def main():
         action='store', default=None, type=str,
         help='comma-separated list of test IDs to skip'
     )
-    parser.add_argument(
+    severity_group = parser.add_mutually_exclusive_group(required=False)
+    severity_group.add_argument(
         '-l', '--level', dest='severity', action='count',
         default=1, help='report only issues of a given severity level or '
                         'higher (-l for LOW, -ll for MEDIUM, -lll for HIGH)'
     )
-    parser.add_argument(
+    severity_group.add_argument(
+        '--severity-level', dest='severity_string', action='store',
+        help='report only issues of a given severity level or higher.'
+             ' "all" and "low" are likely to produce the same results, but it'
+             ' is possible for rules to be undefined which will'
+             ' not be listed in "low".',
+        choices=['all', 'low', 'medium', 'high']
+    )
+    confidence_group = parser.add_mutually_exclusive_group(required=False)
+    confidence_group.add_argument(
         '-i', '--confidence', dest='confidence', action='count',
         default=1, help='report only issues of a given confidence level or '
                         'higher (-i for LOW, -ii for MEDIUM, -iii for HIGH)'
     )
+    confidence_group.add_argument(
+        '--confidence-level', dest='confidence_string', action='store',
+        help='report only issues of a given confidence level or higher.'
+             ' "all" and "low" are likely to produce the same results, but it'
+             ' is possible for rules to be undefined which will'
+             ' not be listed in "low".',
+        choices=["all", "low", "medium", "high"]
+    )
     output_format = 'screen' if sys.stdout.isatty() else 'txt'
     parser.add_argument(
         '-f', '--format', dest='output_format', action='store',
@@ -302,6 +320,29 @@ def main():
     if args.output_format != 'custom' and args.msg_template is not None:
         parser.error("--msg-template can only be used with --format=custom")
 
+    # Check if confidence or severity level have been specified with strings
+    if args.severity_string is not None:
+        if args.severity_string == "all":
+            args.severity = 1
+        elif args.severity_string == "low":
+            args.severity = 2
+        elif args.severity_string == "medium":
+            args.severity = 3
+        elif args.severity_string == "high":
+            args.severity = 4
+        # Other strings will be blocked by argparse
+
+    if args.confidence_string is not None:
+        if args.confidence_string == "all":
+            args.confidence = 1
+        elif args.confidence_string == "low":
+            args.confidence = 2
+        elif args.confidence_string == "medium":
+            args.confidence = 3
+        elif args.confidence_string == "high":
+            args.confidence = 4
+        # Other strings will be blocked by argparse
+
     try:
         b_conf = b_config.BanditConfig(config_file=args.config_file)
     except utils.ConfigError as e: