>/i'*SrSSKrSSKrSSKrSSKrSSKJr SSKr SSK J r SSK r SSK Jr \R"\5rSrSrSrSSjrS rS rS rS rS rSrSrSrg)a[ =============== SARIF formatter =============== This formatter outputs the issues in SARIF formatted JSON. :Example: .. code-block:: javascript { "runs": [ { "tool": { "driver": { "name": "Bandit", "organization": "PyCQA", "rules": [ { "id": "B101", "name": "assert_used", "properties": { "tags": [ "security", "external/cwe/cwe-703" ], "precision": "high" }, "helpUri": "https://bandit.readthedocs.io/en/1.7.8/plugins/b101_assert_used.html" } ], "version": "1.7.8", "semanticVersion": "1.7.8" } }, "invocations": [ { "executionSuccessful": true, "endTimeUtc": "2024-03-05T03:28:48Z" } ], "properties": { "metrics": { "_totals": { "loc": 1, "nosec": 0, "skipped_tests": 0, "SEVERITY.UNDEFINED": 0, "CONFIDENCE.UNDEFINED": 0, "SEVERITY.LOW": 1, "CONFIDENCE.LOW": 0, "SEVERITY.MEDIUM": 0, "CONFIDENCE.MEDIUM": 0, "SEVERITY.HIGH": 0, "CONFIDENCE.HIGH": 1 }, "./examples/assert.py": { "loc": 1, "nosec": 0, "skipped_tests": 0, "SEVERITY.UNDEFINED": 0, "SEVERITY.LOW": 1, "SEVERITY.MEDIUM": 0, "SEVERITY.HIGH": 0, "CONFIDENCE.UNDEFINED": 0, "CONFIDENCE.LOW": 0, "CONFIDENCE.MEDIUM": 0, "CONFIDENCE.HIGH": 1 } } }, "results": [ { "message": { "text": "Use of assert detected. The enclosed code will be removed when compiling to optimised byte code." }, "level": "note", "locations": [ { "physicalLocation": { "region": { "snippet": { "text": "assert True\n" }, "endColumn": 11, "endLine": 1, "startColumn": 0, "startLine": 1 }, "artifactLocation": { "uri": "examples/assert.py" }, "contextRegion": { "snippet": { "text": "assert True\n" }, "endLine": 1, "startLine": 1 } } } ], "properties": { "issue_confidence": "HIGH", "issue_severity": "LOW" }, "ruleId": "B101", "ruleIndex": 0 } ] } ], "version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json" } .. versionadded:: 1.7.8 N)to_json) docs_utilsz-https://json.schemastore.org/sarif-2.1.0.jsonz2.1.0z%Y-%m-%dT%H:%M:%SZc[R"[[[R"[R "[R "S[R[R[RS9S9[R"[RR[RR5R[ 5SS9/SUR"R$0S9/S9nUR&S nUR(S nUR+5n[-X5 UR/X#S 9n [1X5 [3U5n U UR5U 5 S S S 5 UR6[8R:R6:wa![<R?S UR65 g g !,(df  NX=f) aPrints issues in SARIF format :param manager: the bandit manager object :param fileobj: The output file object, which may be sys.stdout :param sev_level: Filtering severity level :param conf_level: Filtering confidence level :param lines: Number of lines to report, -1 for all Bandit)name organizationsemantic_versionversion)driverT) end_time_utcexecution_successfulmetrics)tool invocations properties) schema_urir runsr) sev_level conf_levelNz SARIF output written to file: %s) omSarifLog SCHEMA_URI SCHEMA_VERRunTool ToolComponentbandit __author__ __version__ Invocationdatetimenowtimezoneutcstrftime TS_FORMATrdatarr get_skippedadd_skipped_file_notificationsget_issue_list add_resultsrwritersysstdoutLOGinfo) managerfileobjrrlineslogrun invocationskipsissues serializedLogs Q/home/james-whalen/.local/lib/python3.13/site-packages/bandit/formatters/sarif.pyreportr;sY ++ FFWW++%%+%6%6)/);); & 2 2 MM%-%6%6%:%:$--11&"(9--1 &w';';<#   C4 ((1+C#J    !E"55  # #i # OFCLM  m$ ||szz& 3W\\B' s F;; G crUb[U5S:XagURc/UlUHnUup4[R"S[R"US9[R "[R "[R"[U5S9S9S9/S9nURRU5 M g)Nrerrortexturiartifact_locationphysical_location)levelmessage locations) len tool_configuration_notificationsr NotificationMessageLocationPhysicalLocationArtifactLocationto_uriappend)r7r6skip file_namereason notifications r:r)r)s }E a22:68 3"JJF+ &(&9&9*,*=*= &y 1+'   33::<H#cURc/Ul0n0nUH*n[XBU5nURRU5 M, [U5S:a3[ UR 55UR Rlgg)Nr) results create_resultrQrIlistvaluesrr rules)r8r5r\ rule_indicesissueresults r:r+r+sr {{ ELu\: 6" 5zA~ $U\\^ 4rVc UR5n[X1U5upE[R"[R"[ US5S9S9n[ UUSUSUSUS5 [R"URU[R"USS 9[US 5[R"US 9/US US S .S9$)Nfilenamer@rB line_range col_offsetend_col_offsetcode issue_textr>issue_severityrDissue_confidence)rhrg)rule_id rule_indexrGrFrHr) as_dictcreate_or_find_rulerrNrOrPadd_region_and_context_regionResultidrLlevel_from_severityrM)r^r\r] issue_dictrulerjrEs r:rYrYsJ*:lKD++--z*-.  "< < #$6  99 < 89!*-=">?;;1BCD *+= >()9:  rVc.US:XagUS:XagUS:Xagg)NHIGHr=MEDIUMwarningLOWnote)severitys r:rprps&6 X  U rVc U(a,[U5upVXaSU- n[R"US9nOSn[R"US[ U5S:aUSOUSUS-US-US9UlU(aL[R"WU[ W5-S- [R"SR U5S9S9Ulgg)Nrr>) start_lineend_line start_column end_columnsnippet)r}r~r) parse_coderArtifactContentRegionrIregionjoincontext_region) rErbrcrdrefirst_line_number snippet_lines snippet_liners r:rmrms +5d+;($]5F%FG $$,7!yya="%j/A"5A:a=!^!A%   +-99(&]);;a?&&BGGM,BC, ( rVcURS5nU[U5S- nSn[U5S:XaUR5 Sn/nSnSnUHEnURSS5nU(a[US5nSnUSS-n UR U 5 MG U(d1U[U5S- nUS[U5S- U[U5S- 'XT4$)N r|FrT )splitrIpopintrQ) re code_lines last_linelast_real_line_ends_in_newlinerrfirst code_linenumber_and_snippet_liners r:rr7sD!J3z?Q./I%*" 9~)-&M E "+//#q"9  #$;A$> ? E.q1D8 \*  *!#m"4q"89 09:NC NQrsywp - " ! <  4CnI6 5@ 4,>0*rV