Add test ID to the output

Now that we have a test ID, its useful that it is shown to the
users.

Change-Id: I3a8b35c094a9a04341f14830fb74bdb2d99818d0

bandit/core/issue.py

@@ -32,18 +32,21 @@ class Issue(object):
         self.ident = ident
         self.fname = ""
         self.test = ""
+        self.test_id = ""
         self.lineno = lineno
         self.linerange = []
 
     def __str__(self):
-        return "Issue: '%s' from %s: Severity: %s Confidence: %s at %s:%i" % (
-            self.text, (self.ident or self.test), self.severity,
-            self.confidence, self.fname, self.lineno)
+        return ("Issue: '%s' from %s:%s: Severity: %s Confidence: "
+                "%s at %s:%i") % (self.text, self.test_id,
+                                  (self.ident or self.test), self.severity,
+                                  self.confidence, self.fname, self.lineno)
 
     def __eq__(self, other):
         # if the issue text, severity, confidence, and filename match, it's
         # the same issue from our perspective
-        match_types = ['text', 'severity', 'confidence', 'fname', 'test']
+        match_types = ['text', 'severity', 'confidence', 'fname', 'test',
+                       'test_id']
         return all(getattr(self, field) == getattr(other, field)
                    for field in match_types)
 
@@ -99,6 +102,7 @@ class Issue(object):
         out = {
             'filename': self.fname,
             'test_name': self.test,
+            'test_id': self.test_id,
             'issue_severity': self.severity,
             'issue_confidence': self.confidence,
             'issue_text': self.text,
@@ -117,6 +121,7 @@ class Issue(object):
         self.confidence = data["issue_confidence"]
         self.text = data["issue_text"]
         self.test = data["test_name"]
+        self.test_id = data["test_id"]
         self.lineno = data["line_number"]
         self.linerange = data["line_range"]
 

bandit/core/tester.py

@@ -74,6 +74,7 @@ class BanditTester():
                         result.lineno = temp_context['lineno']
                     result.linerange = temp_context['linerange']
                     result.test = test.__name__
+                    result.test_id = test._test_id
 
                     self.results.append(result)
 

bandit/formatters/csv.py

@@ -21,10 +21,10 @@ Sample Output
 -------------
 .. code-block:: none
 
-    filename,test_name,issue_severity,issue_confidence,issue_text,line_number,
-    line_range
-    examples/yaml_load.py,blacklist_calls,MEDIUM,HIGH,"Use of unsafe yaml load.
-    Allows instantiation of arbitrary objects. Consider yaml.safe_load().
+    filename,test_name,test_id,issue_severity,issue_confidence,issue_text,
+    line_number,line_range
+    examples/yaml_load.py,blacklist_calls,B301,MEDIUM,HIGH,"Use of unsafe yaml
+    load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
     ",5,[5]
 
 .. versionadded:: 0.11.0
@@ -58,6 +58,7 @@ def report(manager, filename, sev_level, conf_level, lines=-1):
     with utils.output_file(filename, 'w') as fout:
         fieldnames = ['filename',
                       'test_name',
+                      'test_id',
                       'issue_severity',
                       'issue_confidence',
                       'issue_text',

bandit/formatters/html.py

@@ -118,6 +118,7 @@ Sample Output
         <b>blacklist_calls: </b> Use of unsafe yaml load. Allows instantiation
         of arbitrary objects. Consider yaml.safe_load().
     <br>
+        <b>Test ID: </b>B301<br />
         <b>Severity: </b>MEDIUM<br />
         <b>Confidence: </b>HIGH</br />
         <b>File: </b><a href='examples/yaml_load.py' target='_blank'>
@@ -255,6 +256,7 @@ pre {
 <span id='issue-{issue_no}'>
 <div class='issue-block {issue_class}'>
     <b>{test_name}: </b> {test_text}<br>
+    <b>Test ID: {test_id}: </b> {test_id}<br>
     <b>Severity: </b>{severity}<br />
     <b>Confidence: </b>{confidence}</br />
     <b>File: </b><a href='{path}' target='_blank'>{path}</a> <br />
@@ -343,8 +345,8 @@ pre {
         results_str += issue_block.format(issue_no=index,
                                           issue_class='issue-sev-{}'.
                                           format(issue.severity.lower()),
-
                                           test_name=issue.test,
+                                          test_id=issue.test_id,
                                           test_text=issue.text,
                                           severity=issue.severity,
                                           confidence=issue.confidence,

bandit/formatters/json.py

@@ -63,7 +63,8 @@ Sample Output
           "line_range": [
             5
           ],
-          "test_name": "blacklist_calls"
+          "test_name": "blacklist_calls",
+          "test_id": "B301"
         }
       ],
       "stats": [

bandit/formatters/screen.py

@@ -64,8 +64,8 @@ def _output_issue_str(issue, indent, show_lineno=True, show_code=True,
                       lines=-1):
     # returns a list of lines that should be added to the existing lines list
     bits = []
-    bits.append("%s%s>> Issue: [%s] %s" % (
-        indent, color[issue.severity], issue.test, issue.text))
+    bits.append("%s%s>> Issue: [%s:%s] %s" % (
+        indent, color[issue.severity], issue.test_id, issue.test, issue.text))
 
     bits.append("%s   Severity: %s   Confidence: %s" % (
         indent, issue.severity.capitalize(), issue.confidence.capitalize()))

bandit/formatters/text.py

@@ -22,8 +22,8 @@ Sample Output
 -------------
 .. code-block:: none
 
-    >> Issue: [blacklist_calls] Use of unsafe yaml load. Allows instantiation
-       of arbitrary objects. Consider yaml.safe_load().
+    >> Issue: [B301:blacklist_calls] Use of unsafe yaml load. Allows
+       instantiation of arbitrary objects. Consider yaml.safe_load().
 
        Severity: Medium   Confidence: High
        Location: examples/yaml_load.py:5
@@ -75,8 +75,8 @@ def _output_issue_str(issue, indent, show_lineno=True, show_code=True,
                       lines=-1):
     # returns a list of lines that should be added to the existing lines list
     bits = []
-    bits.append("%s>> Issue: [%s] %s" % (
-        indent, issue.test, issue.text))
+    bits.append("%s>> Issue: [%s:%s] %s" % (
+        indent, issue.test_id, issue.test, issue.text))
 
     bits.append("%s   Severity: %s   Confidence: %s" % (
         indent, issue.severity.capitalize(), issue.confidence.capitalize()))

bandit/formatters/xml.py

@@ -25,9 +25,9 @@ Sample Output
     <testsuite name="bandit" tests="1"><testcase
     classname="examples/yaml_load.py" name="blacklist_calls"><error
     message="Use of unsafe yaml load. Allows instantiation of arbitrary
-    objects. Consider yaml.safe_load().&#10;" type="MEDIUM">Severity: MEDIUM
-    Confidence: HIGH Use of unsafe yaml load. Allows instantiation of arbitrary
-    objects. Consider yaml.safe_load().
+    objects. Consider yaml.safe_load().&#10;" type="MEDIUM">Test ID: B301
+    Severity: MEDIUM Confidence: HIGH Use of unsafe yaml load. Allows
+    instantiation of arbitrary objects. Consider yaml.safe_load().
 
     Location examples/yaml_load.py:5</error></testcase></testsuite>
 
@@ -65,12 +65,10 @@ def report(manager, filename, sev_level, conf_level, lines=-1):
         testcase = ET.SubElement(root, 'testcase',
                                  classname=issue.fname, name=test)
 
-        text = 'Severity: %s Confidence: %s\n%s\nLocation %s:%s'
-        text = text % (
-            issue.severity, issue.confidence,
-            issue.text, issue.fname, issue.lineno)
-        ET.SubElement(testcase, 'error',
-                      type=issue.severity,
+        text = 'Test ID: %s Severity: %s Confidence: %s\n%s\nLocation %s:%s'
+        text = text % (issue.test_id, issue.severity, issue.confidence,
+                       issue.text, issue.fname, issue.lineno)
+        ET.SubElement(testcase, 'error', type=issue.severity,
                       message=issue.text).text = text
 
     tree = ET.ElementTree(root)

tests/functional/test_functional.py

@@ -502,7 +502,8 @@ class FunctionalTests(testtools.TestCase):
               "line_range": [
                 10
               ],
-              "test_name": "flask_debug_true"
+              "test_name": "flask_debug_true",
+              "test_id": "B201"
             }
           ]
         }

tests/functional/test_runtime.py

@@ -96,6 +96,7 @@ class RuntimeTests(testtools.TestCase):
         self.assertIn("Low: 2", output)
         self.assertIn("High: 2", output)
         self.assertIn("Files skipped (0):", output)
-        self.assertIn("Issue: [blacklist_imports] Consider possible", output)
+        self.assertIn("Issue: [B401:blacklist_imports] Consider possible",
+                      output)
         self.assertIn("imports.py:2", output)
         self.assertIn("imports.py:4", output)

tests/unit/core/test_issue.py

@@ -30,7 +30,7 @@ class IssueTests(testtools.TestCase):
     def test_issue_str(self):
         test_issue = _get_issue_instance()
         self.assertEqual(
-            ("Issue: 'Test issue' from bandit_plugin: Severity: MEDIUM "
+            ("Issue: 'Test issue' from B999:bandit_plugin: Severity: MEDIUM "
              "Confidence: MEDIUM at code.py:1"),
             str(test_issue)
         )
@@ -41,6 +41,7 @@ class IssueTests(testtools.TestCase):
         self.assertIsInstance(test_issue_dict, dict)
         self.assertEqual(test_issue_dict['filename'], 'code.py')
         self.assertEqual(test_issue_dict['test_name'], 'bandit_plugin')
+        self.assertEqual(test_issue_dict['test_id'], 'B999')
         self.assertEqual(test_issue_dict['issue_severity'], 'MEDIUM')
         self.assertEqual(test_issue_dict['issue_confidence'], 'MEDIUM')
         self.assertEqual(test_issue_dict['issue_text'], 'Test issue')
@@ -118,5 +119,6 @@ def _get_issue_instance(severity=bandit.MEDIUM, confidence=bandit.MEDIUM):
     new_issue = issue.Issue(severity, confidence, 'Test issue')
     new_issue.fname = 'code.py'
     new_issue.test = 'bandit_plugin'
+    new_issue.test_id = 'B999'
     new_issue.lineno = 1
     return new_issue

tests/unit/formatters/test_screen.py

@@ -39,9 +39,9 @@ class ScreenFormatterTests(testtools.TestCase):
         indent_val = 'CCCCCCC'
 
         def _template(_issue, _indent_val, _code, _color):
-            return_val = ["{}{}>> Issue: [{}] {}".
-                          format(_indent_val, _color, _issue.test,
-                                 _issue.text),
+            return_val = ["{}{}>> Issue: [{}:{}] {}".
+                          format(_indent_val, _color, _issue.test_id,
+                                 _issue.test, _issue.text),
                           "{}   Severity: {}   Confidence: {}".
                           format(_indent_val, _issue.severity.capitalize(),
                                  _issue.confidence.capitalize()),

tests/unit/formatters/test_text.py

@@ -39,8 +39,8 @@ class TextFormatterTests(testtools.TestCase):
         indent_val = 'CCCCCCC'
 
         def _template(_issue, _indent_val, _code):
-            return_val = ["{}>> Issue: [{}] {}".
-                          format(_indent_val, _issue.test,
+            return_val = ["{}>> Issue: [{}:{}] {}".
+                          format(_indent_val, _issue.test_id, _issue.test,
                                  _issue.text),
                           "{}   Severity: {}   Confidence: {}".
                           format(_indent_val, _issue.severity.capitalize(),