Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Baseline support #106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
KevinHock merged 12 commits into from
Apr 13, 2018
Merged

Baseline support #106

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
c4cd04c
Create baseline.py
omergunal Apr 9, 2018
fb388e9
Update __main__.py
omergunal Apr 9, 2018
4bfa815
Update baseline.py
omergunal Apr 9, 2018
e824d1e
Update __main__.py
omergunal Apr 11, 2018
26a3bc0
Update baseline.py
omergunal Apr 11, 2018
217eb0f
Update json.py
omergunal Apr 11, 2018
e8bbf3f
Update baseline.py
omergunal Apr 12, 2018
a530a69
Update __main__.py
omergunal Apr 12, 2018
fa2ef7e
Update baseline.py
omergunal Apr 13, 2018
4c9434b
Update json.py
omergunal Apr 13, 2018
458cf83
Update __main__.py
omergunal Apr 13, 2018
8c4b03a
update for baseline.py
omergunal Apr 13, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion pyt/__main__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
vulnerabilities_to_file
)
from .vulnerabilities import find_vulnerabilities
from .baseline import compare


def parse_args(args):
Expand Down Expand Up @@ -136,6 +137,11 @@ def parse_args(args):

parser.add_argument('-ppm', '--print-project-modules',
help='Print project modules.', action='store_true')
parser.add_argument('-b', '--baseline',
help='path of a baseline report to compare against '
'(only JSON-formatted files are accepted)',
type=str,
default=False)

save_parser = subparsers.add_parser('save', help='Save menu.')
save_parser.set_defaults(which='save')
Expand Down Expand Up @@ -167,6 +173,7 @@ def parse_args(args):
help='Output everything to file.',
action='store_true')


search_parser = subparsers.add_parser(
'github_search',
help='Searches through github and runs PyT'
Expand Down Expand Up @@ -242,6 +249,7 @@ def main(command_line_args=sys.argv[1:]):
repo.clean_up()
exit()


if args.which == 'search':
set_github_api_token()
scan_github(
Expand Down Expand Up @@ -303,7 +311,9 @@ def main(command_line_args=sys.argv[1:]):
json.report(vulnerabilities, sys.stdout)
else:
text.report(vulnerabilities, sys.stdout)

if args.baseline:
baseline = args.baseline
compare(json.report(vulnerabilities, sys.stdout),baseline)
Copy link
Copy Markdown
Collaborator

@KevinHock KevinHock Apr 10, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So what is happening (I think) is that the previous call to report closes sys.stdout.

     if args.json:
         json.report(vulnerabilities, sys.stdout)
     else:
         text.report(vulnerabilities, sys.stdout)

then does
with fileobj: which closes it.

The solution I think is to do

if args.baseline:
    vulnerabilities = get_vulnerabilities_not_in_baseline(vulnerabilities, baseline)

before we do if args.json.

You can loop through vulnerabilities and return "vulnerabilities - baseline". This will make it work both for json output and text output.

See https://github.com/Yelp/detect-secrets/blob/b16acf1e8dc1e05366a9bfbd7ce35ed611adb94d/detect_secrets/pre_commit_hook.py#L34-L37 for an example of how we have results and then just return results - baseline.

Copy link
Copy Markdown
Contributor Author

@omergunal omergunal Apr 11, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, i will edit it

if args.draw_cfg:
if args.output_filename:
draw_cfgs(cfg_list, args.output_filename)
Expand Down
27 changes: 27 additions & 0 deletions pyt/baseline.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
from pprint import pprint
Copy link
Copy Markdown
Contributor Author

@omergunal omergunal Apr 9, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not totally done.

import json

Copy link
Copy Markdown
Collaborator

@KevinHock KevinHock Apr 12, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't notice this before but from looking at the Code Climate issues at the bottom of the PR, there are a couple of pep8 ones. Normally people have 2 lines between imports and the next class or function call like in expr_visitor.py for example.


def isSame(res, base):
if res == base:
return(True)
return(False)

def compare(results, baseline):

baseline = json.load(open(baseline))
results = json.load(open(results))
result = {'generated_at':results["generated_at"], 'vulnerabilities':[]}

if "generated_at" in results and baseline:
if not isSame(results["generated_at"], baseline["generated_at"]):
pprint(results["generated_at"])

if "vulnerabilities" in results and baseline:
if not isSame(results["vulnerabilities"], baseline["vulnerabilities"]):
for i in range(len(results["vulnerabilities"])):
if results["vulnerabilities"][i] not in baseline["vulnerabilities"]:
result["vulnerabilities"].append(results["vulnerabilities"][i])

result = json.dumps(result, indent=4)
print(result)