or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

command-line-tools.mdcontext-analysis.mdcore-management.mdindex.mdissue-reporting.mdoutput-formatters.mdplugin-development.md

issue-reporting.mddocs/

0
# Issue Reporting
1


2
Comprehensive security issue representation with structured metadata, severity classification, and Common Weakness Enumeration (CWE) mapping. The issue reporting system provides detailed vulnerability information for integration with security tools and development workflows.
3


4
## Capabilities
5


6
### Issue
7


8
Represents a security vulnerability or weakness found during code analysis. Issues include severity levels, confidence ratings, source code context, and structured metadata.
9


10
```python { .api }
11
class Issue:
12
    def __init__(self, severity, cwe=0, confidence=constants.CONFIDENCE_DEFAULT, text="", ident=None, lineno=None, test_id="", col_offset=-1, end_col_offset=0):
13
        """
14
        Create a new security issue.
15
        
16
        Parameters:
17
        - severity: str, severity level ('LOW', 'MEDIUM', 'HIGH')
18
        - cwe: int or Cwe, Common Weakness Enumeration identifier
19
        - confidence: str, confidence level ('LOW', 'MEDIUM', 'HIGH', 'UNDEFINED')
20
        - text: str, human-readable issue description
21
        - ident: str, optional unique identifier
22
        - lineno: int, source code line number
23
        - test_id: str, security test identifier (e.g., 'B101')
24
        - col_offset: int, column start position
25
        - end_col_offset: int, column end position
26
        """
27
    
28
    def filter(self, severity, confidence):
29
        """
30
        Check if issue meets severity and confidence thresholds.
31
        
32
        Parameters:
33
        - severity: str, minimum severity level
34
        - confidence: str, minimum confidence level
35
        
36
        Returns:
37
        bool: True if issue meets thresholds
38
        """
39
    
40
    def get_code(self, max_lines=3, tabbed=False):
41
        """
42
        Get source code context for the issue.
43
        
44
        Parameters:
45
        - max_lines: int, maximum lines of context to include
46
        - tabbed: bool, use tabs instead of spaces for indentation
47
        
48
        Returns:
49
        str: Source code context around the issue
50
        """
51
    
52
    def as_dict(self, with_code=True, max_lines=3):
53
        """
54
        Convert issue to dictionary representation.
55
        
56
        Parameters:
57
        - with_code: bool, include source code context
58
        - max_lines: int, maximum lines of code context
59
        
60
        Returns:
61
        dict: Issue data as dictionary
62
        """
63
    
64
    @staticmethod
65
    def from_dict(data, with_code=True):
66
        """
67
        Create Issue instance from dictionary data.
68
        
69
        Parameters:
70
        - data: dict, issue data dictionary
71
        - with_code: bool, include code context if available
72
        
73
        Returns:
74
        Issue: Issue instance
75
        """
76
```
77


78
### Cwe
79


80
Common Weakness Enumeration support for mapping security issues to standardized weakness categories. Provides CWE identifiers and links to MITRE CWE database.
81


82
```python { .api }
83
class Cwe:
84
    def __init__(self, id=0):
85
        """
86
        Initialize CWE with identifier.
87
        
88
        Parameters:
89
        - id: int, CWE identifier (default: 0 for NOTSET/unknown)
90
        """
91
    
92
    def link(self):
93
        """
94
        Get MITRE CWE URL for this weakness.
95
        
96
        Returns:
97
        str: MITRE CWE URL or empty string if no valid ID
98
        """
99
    
100
    def as_dict(self):
101
        """
102
        Convert CWE to dictionary representation.
103
        
104
        Returns:
105
        dict: CWE data as dictionary
106
        """
107
    
108
    def as_jsons(self):
109
        """
110
        Convert CWE to JSON string representation.
111
        
112
        Returns:
113
        str: CWE data as JSON string
114
        """
115
    
116
    def from_dict(self, data):
117
        """
118
        Update CWE instance from dictionary data.
119
        
120
        Parameters:
121
        - data: dict, CWE data dictionary with 'id' key
122
        """
123
    
124
    @staticmethod
125
    def from_dict_static(data):
126
        """
127
        Create Cwe instance from dictionary data.
128
        
129
        Parameters:
130
        - data: dict, CWE data dictionary
131
        
132
        Returns:
133
        Cwe: CWE instance
134
        """
135
```
136


137
### CWE Constants
138


139
Predefined CWE identifiers for common security weaknesses detected by Bandit.
140


141
```python { .api }
142
# CWE identifiers for common security issues
143
NOTSET = 0
144
IMPROPER_INPUT_VALIDATION = 20
145
PATH_TRAVERSAL = 22
146
OS_COMMAND_INJECTION = 78
147
XSS = 79
148
BASIC_XSS = 80
149
SQL_INJECTION = 89
150
CODE_INJECTION = 94
151
IMPROPER_WILDCARD_NEUTRALIZATION = 155
152
HARD_CODED_PASSWORD = 259
153
IMPROPER_ACCESS_CONTROL = 284
154
IMPROPER_CERT_VALIDATION = 295
155
WEAK_CRYPTO_KEY = 326
156
INADEQUATE_ENCRYPTION_STRENGTH = 326
157
SSL_WITH_NO_HOSTNAME_VERIFICATION = 295
158
```
159


160
### Utility Functions
161


162
Helper functions for creating Issue and CWE instances from structured data.
163


164
```python { .api }
165
def issue_from_dict(data):
166
    """
167
    Create Issue instance from dictionary data.
168
    
169
    Parameters:
170
    - data: dict, issue data dictionary
171
    
172
    Returns:
173
    Issue: Issue instance
174
    """
175


176
def cwe_from_dict(data):
177
    """
178
    Create CWE instance from dictionary data.
179
    
180
    Parameters:
181
    - data: dict, CWE data dictionary
182
    
183
    Returns:
184
    Cwe: CWE instance
185
    """
186
```
187


188
## Usage Examples
189


190
### Creating Security Issues
191


192
```python
193
from bandit.core.issue import Issue, Cwe
194
import bandit
195


196
# Create a high-severity SQL injection issue
197
sql_injection = Issue(
198
    severity=bandit.HIGH,
199
    confidence=bandit.HIGH,
200
    cwe=Cwe(89),  # CWE-89: SQL Injection
201
    text="SQL string formatting on user input detected",
202
    test_id="B608",
203
    lineno=42
204
)
205


206
# Check if issue meets filtering criteria
207
if sql_injection.filter('MEDIUM', 'HIGH'):
208
    print(f"Issue: {sql_injection.text}")
209
    print(f"CWE Link: {sql_injection.cwe.link()}")
210
```
211


212
### Issue Dictionary Conversion
213


214
```python
215
# Convert issue to dictionary for JSON serialization
216
issue_dict = sql_injection.as_dict(with_code=True, max_lines=5)
217


218
# Reconstruct issue from dictionary
219
reconstructed = Issue.from_dict(issue_dict)
220


221
print(f"Original: {sql_injection.test_id}")
222
print(f"Reconstructed: {reconstructed.test_id}")
223
```
224


225
### Working with CWE Classifications
226


227
```python
228
# Create CWE for hardcoded password
229
password_cwe = Cwe(259)  # CWE-259: Use of Hard-coded Password
230


231
print(f"CWE URL: {password_cwe.link()}")
232
print(f"CWE Dict: {password_cwe.as_dict()}")
233


234
# Create from dictionary
235
cwe_data = {"id": 78}
236
cmd_injection_cwe = Cwe.from_dict(cwe_data)
237
```
238


239
### Filtering Issues by Severity
240


241
```python
242
def filter_critical_issues(issues):
243
    """Filter for high-severity, high-confidence issues."""
244
    critical = []
245
    for issue in issues:
246
        if issue.filter('HIGH', 'HIGH'):
247
            critical.append(issue)
248
    return critical
249


250
# Usage with manager results
251
issues = b_mgr.get_issue_list()
252
critical_issues = filter_critical_issues(issues)
253


254
for issue in critical_issues:
255
    print(f"{issue.fname}:{issue.lineno}")
256
    print(f"  {issue.text}")
257
    print(f"  Test: {issue.test_id}, CWE: {issue.cwe.id}")
258
    print(f"  Code Context:")
259
    print(issue.get_code(max_lines=3))
260
```