Bandit

HTML Output - Vulnerability Documentation Path Incorrect

Bug #1761254 reported by Eric Pesch on 2018-04-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Bandit	Fix Released	Medium	Eric Brown

Bug Description

Hello,

Currently the HTML format (-f html) flag is outputting files with "More Info" paths which are routing to missing/dead webpages. Looks like the root documentation was changed and so the references are now incorrect.

Sample for a SQL Vulnerability Doc:
hardcoded_sql_expressions: Possible SQL injection vector through string-based query construction.
Test ID: B608
Severity: MEDIUM
Confidence: LOW
File: my/src/code.py

More info: http://docs.openstack.org/developer/bandit/plugins/hardcoded_sql_expressions.html
New Correct Path: https://docs.openstack.org/bandit/latest/plugins/b608_hardcoded_sql_expressions.html

Let me know if you need more info.

Thanks,
-Eric

Eric Brown (ericwb) on 2018-04-04

Changed in bandit:
importance:	Undecided → Medium

Eric Brown (ericwb) on 2018-04-04

Changed in bandit:
assignee:	nobody → Eric Brown (ericwb)
status:	New → Confirmed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-04: Fix proposed to bandit (master)

Fix proposed to branch: master
Review: https://review.openstack.org/558959

Changed in bandit:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-05: Fix merged to bandit (master)

Reviewed: https://review.openstack.org/558959
Committed: https://git.openstack.org/cgit/openstack/bandit/commit/?id=9d848dd79eb43b62ad389675b1d8c8a79bd59b5b
Submitter: Zuul
Branch: master

commit 9d848dd79eb43b62ad389675b1d8c8a79bd59b5b
Author: Eric Brown <email address hidden>
Date: Wed Apr 4 16:03:56 2018 -0700

Add bandit ID to prefix of more_info link

    In a recent commit [1], the names of the plugin doc files changed
    to include the bandit ID as a prefix. Unfortunately, the doc_utils
    wasn't updated at the time, so it still pointed to the previous
    docs, thus resulting in 404 errors when browsing to the link.

This patch modifies doc_utils to properly prefix the bandit ID to
reference the doc for a particular plugin.

[1] https://review.openstack.org/#/c/540170/

Change-Id: Ia4b4c87e880ba39a677a84fc53943bc7a37849ef
Closes-Bug: #1761254

Changed in bandit:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.