Merge pull request #2250 from m-pilia/bandit

Add bandit linter for Python

2 files changed, 91 insertions, 0 deletions

diff --git a/test/command_callback/test_bandit_command_callback.vader b/test/command_callback/test_bandit_command_callback.vader
new file mode 100644
index 00000000..5d1e6fd3
--- /dev/null
+++ b/test/command_callback/test_bandit_command_callback.vader
@@ -0,0 +1,49 @@
+Before:
+  call ale#assert#SetUpLinterTest('python', 'bandit')
+  let b:bandit_flags = ' --format custom '
+  \   . '--msg-template "{line}:{test_id}:{severity}:{msg}" '
+
+After:
+  call ale#assert#TearDownLinterTest()
+  unlet! b:bandit_flags
+
+Execute(The bandit command callback should return default string):
+  AssertLinter 'bandit',
+  \ ale#Escape('bandit')
+  \ . b:bandit_flags
+  \ . ' -'
+
+Execute(The bandit command callback should allow options):
+  let g:ale_python_bandit_options = '--configfile bandit.yaml'
+
+  AssertLinter 'bandit',
+  \ ale#Escape('bandit')
+  \ . b:bandit_flags
+  \ . ' --configfile bandit.yaml -'
+
+Execute(The bandit executable should be configurable):
+  let g:ale_python_bandit_executable = '~/.local/bin/bandit'
+
+  AssertLinter '~/.local/bin/bandit',
+  \ ale#Escape('~/.local/bin/bandit')
+  \ . b:bandit_flags
+  \ . ' -'
+
+Execute(Setting executable to 'pipenv' appends 'run bandit'):
+  let g:ale_python_bandit_executable = 'path/to/pipenv'
+
+  AssertLinter 'path/to/pipenv',
+  \ ale#Escape('path/to/pipenv')
+  \ . ' run bandit'
+  \ . b:bandit_flags
+  \ . ' -'
+
+Execute(Pipenv is detected when python_bandit_auto_pipenv is set):
+  let g:ale_python_bandit_auto_pipenv = 1
+  call ale#test#SetFilename('/testplugin/test/python_fixtures/pipenv/whatever.py')
+
+  AssertLinter 'pipenv',
+  \ ale#Escape('pipenv')
+  \ . ' run bandit'
+  \ . b:bandit_flags
+  \ . ' -'
diff --git a/test/handler/test_bandit_handler.vader b/test/handler/test_bandit_handler.vader
new file mode 100644
index 00000000..a2793a46
--- /dev/null
+++ b/test/handler/test_bandit_handler.vader
@@ -0,0 +1,42 @@
+Before:
+  runtime ale_linters/python/bandit.vim
+
+After:
+  call ale#linter#Reset()
+
+Execute(The bandit handler for Python should parse input correctly):
+  AssertEqual
+  \ [
+  \   {
+  \     'bufnr': 0,
+  \     'lnum': 2,
+  \     'code': 'B404',
+  \     'type': 'I',
+  \     'text': 'Consider possible security implications associated with subprocess module.',
+  \   },
+  \   {
+  \     'bufnr': 0,
+  \     'lnum': 4,
+  \     'code': 'B305',
+  \     'type': 'W',
+  \     'text': 'Use of insecure cipher mode cryptography.hazmat.primitives.ciphers.modes.ECB.',
+  \   },
+  \   {
+  \     'bufnr': 0,
+  \     'lnum': 6,
+  \     'code': 'B609',
+  \     'type': 'E',
+  \     'text': 'Possible wildcard injection in call: subprocess.Popen',
+  \   },
+  \ ],
+  \ ale_linters#python#bandit#Handle(0, [
+  \   '[main]  INFO    profile include tests: None',
+  \   '[main]  INFO    profile exclude tests: None',
+  \   '[main]  INFO    cli include tests: None',
+  \   '[main]  INFO    cli exclude tests: None',
+  \   '[main]  INFO    running on Python 3.7.2',
+  \   '[node_visitor]  INFO    Unable to find qualified name for module: <stdin>',
+  \   '2:B404:LOW:Consider possible security implications associated with subprocess module.',
+  \   '4:B305:MEDIUM:Use of insecure cipher mode cryptography.hazmat.primitives.ciphers.modes.ECB.',
+  \   '6:B609:HIGH:Possible wildcard injection in call: subprocess.Popen',
+  \ ])