Browse files

Add XML output format support

This allows bandit to generates an xml file which contains a
<testsuite> element with <testcase> per bandit warning which contains an
<error> element describing the exact warning message, severity, file
and line number. The XML output can be used to integrate bandit in
Jenkins with either the Junit or Xunit test result report plugin.

Change-Id: Ie4de1ea174fb9fff644285b2198d20dc5b0893e6
  • Loading branch information...
jelly committed May 21, 2015
1 parent f11e9b8 commit 99e4d98201e3235f55aa39165e4c3bca8f9d1cd8
Showing with 39 additions and 1 deletion.
  1. +1 −1 bandit/
  2. +38 −0 bandit/core/
@@ -65,7 +65,7 @@ def main():
'-f', '--format', dest='output_format', action='store',
default='txt', help='specify output format',
choices=['txt', 'json', 'csv']
choices=['txt', 'json', 'csv', 'xml']
'-o', '--output', dest='output_file', action='store',
@@ -91,6 +91,41 @@ def add(self, context, test, issue):
self.count += 1
def _report_xml(self, file_list, scores, excluded_files):
'''Prints/returns warnings in XML format (Xunit compatible)
:param files_list: Which files were inspected
:param scores: The scores awarded to each file in the scope
:param excluded_files: Which files were excluded from the scope
:return: A collection containing the XML data
import xml.etree.cElementTree as ET
if self.out_file is None:
self.out_file = 'bandit_results.xml'
items = self.resstore.items()
root = ET.Element('testsuite', name='bandit', tests=str(len(items)))
for filename, issues in items:
for issue in issues:
test = issue['test']
testcase = ET.SubElement(root, 'testcase',
classname=filename, name=test)
if self._check_severity(issue['issue_severity']):
text = 'Severity: %s Confidence: %s\n%s\nLocation %s:%s'
text = text % (
issue['issue_severity'], issue['issue_confidence'],
issue['issue_text'], issue['fname'], issue['lineno'])
ET.SubElement(testcase, 'error',
message=issue['issue_text']).text = text
tree = ET.ElementTree(root)
tree.write(self.out_file, encoding='utf-8', xml_declaration=True)
print("XML output written to file: %s" % self.out_file)
def _report_csv(self, file_list, scores, excluded_files):
'''Prints/returns warnings in JSON format
@@ -308,6 +343,9 @@ def report(self, files_list, scores, excluded_files=None, lines=-1,
self._report_csv(files_list, scores,
elif self.format == 'xml':
self._report_xml(files_list, scores,
# format is the default "txt"
if self.out_file:

0 comments on commit 99e4d98

Please sign in to comment.