Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rework args #3

Merged
merged 3 commits into from
Mar 1, 2024
Merged

Rework args #3

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
96552d4
Rework args
lukehinds Mar 1, 2024
2103998
Rework args
lukehinds Mar 1, 2024
b6c18d8
Rework args
lukehinds Mar 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 24 additions & 18 deletions entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,15 @@ github_repository=$INPUT_GITHUB_REPOSITORY

# Initialize the Bandit command
cmd="bandit"
# # Check if the recursive flag is set
# if [ -n "${INPUT_RECURSIVE}" ]; then
# cmd+=" -r"
# fi

# Check for the path input and add it to the command
# if [ -n "${INPUT_PATH}" ]; then
# cmd+=" -r ${INPUT_PATH}"
# fi

# Check for the level input and set the severity level
if [ -n "${INPUT_LEVEL}" ]; then

# Ensure INPUT_PATH is set, default to the current directory if not
INPUT_PATH=${INPUT_PATH:-.}

# Check for the level or severity level
# Since -l and --severity-level cannot be used together, prioritize --severity-level if both are provided
if [ -n "${INPUT_SEVERITY_LEVEL}" ]; then
cmd+=" --severity-level $INPUT_SEVERITY_LEVEL"
elif [ -n "${INPUT_LEVEL}" ]; then
case "${INPUT_LEVEL}" in
"low") cmd+=" -l" ;;
"medium") cmd+=" -ll" ;;
Expand All @@ -27,32 +24,41 @@ if [ -n "${INPUT_LEVEL}" ]; then
fi

# Check for the confidence input and set the confidence level
if [ -n "${INPUT_CONFIDENCE}" ]; then
# Since -i and --confidence-level cannot be used together, prioritize --confidence-level if both are provided
if [ -n "${INPUT_CONFIDENCE_LEVEL}" ]; then
cmd+=" --confidence-level $INPUT_CONFIDENCE_LEVEL"
elif [ -n "${INPUT_CONFIDENCE}" ]; then
case "${INPUT_CONFIDENCE}" in
"low") cmd+=" -i" ;;
"medium") cmd+=" -ii" ;;
"high") cmd+=" -iii" ;;
esac
fi


# Flags without parameters
[ "$INPUT_VERBOSE" = "true" ] && cmd+=" -v"
[ "$INPUT_DEBUG" = "true" ] && cmd+=" -d"
[ "$INPUT_QUIET" = "true" ] && cmd+=" -q"
[ "$INPUT_IGNORE_NOSEC" = "true" ] && cmd+=" --ignore-nosec"
[ "$INPUT_RECURSIVE" = "true" ] && cmd+=" -r"
[ -n "$INPUT_PATH" ] && cmd+=" -r $INPUT_PATH"
[ "$INPUT_EXIT_ZERO" = "true" ] && cmd+=" --exit-zero"

# Set INPUT_RECURSIVE with INPUT_PATH. We hardcode -r as it is required for Bandit to run
[ "$INPUT_RECURSIVE" = "true" ] && cmd+=" -r $INPUT_PATH"

# Other flags with parameters
[ -n "$INPUT_AGGREGATE" ] && cmd+=" -a $INPUT_AGGREGATE"
[ -n "$INPUT_CONTEXT_LINES" ] && cmd+=" -n $INPUT_CONTEXT_LINES"
[ -n "$INPUT_CONFIG_FILE" ] && cmd+=" -c $INPUT_CONFIG_FILE"
[ -n "$INPUT_PROFILE" ] && cmd+=" -p $INPUT_PROFILE"
[ -n "$INPUT_TESTS" ] && cmd+=" -t $INPUT_TESTS"
[ -n "$INPUT_SKIPS" ] && cmd+=" -s $INPUT_SKIPS"
[ -n "$INPUT_SEVERITY_LEVEL" ] && cmd+=" --severity-level $INPUT_SEVERITY_LEVEL"
[ -n "$INPUT_EXCLUDE_PATHS" ] && cmd+=" -x $INPUT_EXCLUDE_PATHS"
[ -n "$INPUT_BASELINE" ] && cmd+=" -b $INPUT_BASELINE"
[ -n "$INPUT_INI_PATH" ] && cmd+=" --ini $INPUT_INI_PATH"
[ "$INPUT_EXIT_ZERO" = "true" ] && cmd+=" --exit-zero"

# Echo the final command
echo "Constructed command: $cmd"


# Force the output format as JSON and output file, we json and to report.json
# as this is required to format the output for the post_comment.py script
Expand Down
Loading