Coverage for tests / integration / test_bandit_integration.py: 100%

36 statements  

« prev     ^ index     » next       coverage.py v7.13.0, created at 2026-04-03 18:53 +0000

1"""Integration tests for Bandit tool (security linter).""" 

2 

3import contextlib 

4import os 

5import shutil 

6import tempfile 

7 

8import pytest 

9from assertpy import assert_that 

10from loguru import logger 

11 

12from lintro.models.core.tool_result import ToolResult 

13from lintro.plugins import ToolRegistry 

14 

15 

16@pytest.mark.skipif( 

17 shutil.which("bandit") is None, 

18 reason="Bandit not installed on PATH; skip integration test.", 

19) 

20def test_bandit_detects_issues_on_sample_file() -> None: 

21 """Run BanditTool against a known vulnerable sample and expect findings.""" 

22 tool = ToolRegistry.get("bandit") 

23 assert_that(tool).is_not_none() 

24 # Clear exclude patterns to allow scanning test_samples 

25 tool.exclude_patterns = [] 

26 sample = os.path.abspath("test_samples/tools/python/bandit/bandit_violations.py") 

27 assert_that(os.path.exists(sample)).is_true() 

28 result: ToolResult = tool.check([sample], {}) 

29 assert_that(isinstance(result, ToolResult)).is_true() 

30 assert_that(result.name).is_equal_to("bandit") 

31 assert_that(result.issues_count > 0).is_true() 

32 logger.info(f"[TEST] bandit found {result.issues_count} issues on sample file") 

33 

34 

35@pytest.mark.skipif( 

36 shutil.which("bandit") is None, 

37 reason="Bandit not installed on PATH; skip integration test.", 

38) 

39def test_bandit_no_crash_on_clean_temp_file() -> None: 

40 """Bandit should handle a trivial (clean) temp file gracefully.""" 

41 tool = ToolRegistry.get("bandit") 

42 assert_that(tool).is_not_none() 

43 with tempfile.NamedTemporaryFile(mode="w", suffix=".py", delete=False) as f: 

44 f.write("def ok():\n return 0\n") 

45 f.flush() 

46 path = f.name 

47 try: 

48 result: ToolResult = tool.check([path], {}) 

49 assert_that(isinstance(result, ToolResult)).is_true() 

50 assert_that(result.name).is_equal_to("bandit") 

51 assert_that(result.issues_count >= 0).is_true() 

52 finally: 

53 with contextlib.suppress(FileNotFoundError): 

54 os.unlink(path)