Merge pull request #3 from StacklokLabs/rework-args

Rework args
StacklokLabs · Mar 1, 2024 · f5d81d2 · f5d81d2
2 parents bd9a595 + b6c18d8
commit f5d81d2
Showing 1 changed file with 24 additions and 18 deletions.
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -7,18 +7,15 @@ github_repository=$INPUT_GITHUB_REPOSITORY
 
 # Initialize the Bandit command
 cmd="bandit"
-# # Check if the recursive flag is set
-# if [ -n "${INPUT_RECURSIVE}" ]; then
-#     cmd+=" -r"
-# fi
-
-# Check for the path input and add it to the command
-# if [ -n "${INPUT_PATH}" ]; then
-#     cmd+=" -r ${INPUT_PATH}"
-# fi
-
-# Check for the level input and set the severity level
-if [ -n "${INPUT_LEVEL}" ]; then
+
+# Ensure INPUT_PATH is set, default to the current directory if not
+INPUT_PATH=${INPUT_PATH:-.}
+
+# Check for the level or severity level
+# Since -l and --severity-level cannot be used together, prioritize --severity-level if both are provided
+if [ -n "${INPUT_SEVERITY_LEVEL}" ]; then
+    cmd+=" --severity-level $INPUT_SEVERITY_LEVEL"
+elif [ -n "${INPUT_LEVEL}" ]; then
     case "${INPUT_LEVEL}" in
         "low") cmd+=" -l" ;;
         "medium") cmd+=" -ll" ;;
@@ -27,32 +24,41 @@ if [ -n "${INPUT_LEVEL}" ]; then
 fi
 
 # Check for the confidence input and set the confidence level
-if [ -n "${INPUT_CONFIDENCE}" ]; then
+# Since -i and --confidence-level cannot be used together, prioritize --confidence-level if both are provided
+if [ -n "${INPUT_CONFIDENCE_LEVEL}" ]; then
+    cmd+=" --confidence-level $INPUT_CONFIDENCE_LEVEL"
+elif [ -n "${INPUT_CONFIDENCE}" ]; then
     case "${INPUT_CONFIDENCE}" in
         "low") cmd+=" -i" ;;
         "medium") cmd+=" -ii" ;;
         "high") cmd+=" -iii" ;;
     esac
 fi
 
-
+# Flags without parameters
 [ "$INPUT_VERBOSE" = "true" ] && cmd+=" -v"
 [ "$INPUT_DEBUG" = "true" ] && cmd+=" -d"
 [ "$INPUT_QUIET" = "true" ] && cmd+=" -q"
 [ "$INPUT_IGNORE_NOSEC" = "true" ] && cmd+=" --ignore-nosec"
-[ "$INPUT_RECURSIVE" = "true" ] && cmd+=" -r"
-[ -n "$INPUT_PATH" ] && cmd+=" -r $INPUT_PATH"
+[ "$INPUT_EXIT_ZERO" = "true" ] && cmd+=" --exit-zero"
+
+# Set INPUT_RECURSIVE with INPUT_PATH. We hardcode -r as it is required for Bandit to run
+[ "$INPUT_RECURSIVE" = "true" ] && cmd+=" -r $INPUT_PATH"
+
+# Other flags with parameters
 [ -n "$INPUT_AGGREGATE" ] && cmd+=" -a $INPUT_AGGREGATE"
 [ -n "$INPUT_CONTEXT_LINES" ] && cmd+=" -n $INPUT_CONTEXT_LINES"
 [ -n "$INPUT_CONFIG_FILE" ] && cmd+=" -c $INPUT_CONFIG_FILE"
 [ -n "$INPUT_PROFILE" ] && cmd+=" -p $INPUT_PROFILE"
 [ -n "$INPUT_TESTS" ] && cmd+=" -t $INPUT_TESTS"
 [ -n "$INPUT_SKIPS" ] && cmd+=" -s $INPUT_SKIPS"
-[ -n "$INPUT_SEVERITY_LEVEL" ] && cmd+=" --severity-level $INPUT_SEVERITY_LEVEL"
 [ -n "$INPUT_EXCLUDE_PATHS" ] && cmd+=" -x $INPUT_EXCLUDE_PATHS"
 [ -n "$INPUT_BASELINE" ] && cmd+=" -b $INPUT_BASELINE"
 [ -n "$INPUT_INI_PATH" ] && cmd+=" --ini $INPUT_INI_PATH"
-[ "$INPUT_EXIT_ZERO" = "true" ] && cmd+=" --exit-zero"
+
+# Echo the final command
+echo "Constructed command: $cmd"
+
 
 # Force the output format as JSON and output file, we json and to report.json
 # as this is required to format the output for the post_comment.py script