python-security · KevinHock · Apr 13, 2018 · Apr 9, 2018 · Apr 9, 2018 · Apr 9, 2018
diff --git a/pyt/__main__.py b/pyt/__main__.py
@@ -14,6 +14,7 @@
     UImode
 )
 from .ast_helper import generate_ast
+from .baseline import get_vulnerabilities_not_in_baseline
 from .constraint_table import (
     initialize_constraint_table,
     print_table
@@ -136,6 +137,11 @@ def parse_args(args):
 
     parser.add_argument('-ppm', '--print-project-modules',
                         help='Print project modules.', action='store_true')
+    parser.add_argument('-b', '--baseline',
+                        help='path of a baseline report to compare against '
+                             '(only JSON-formatted files are accepted)',
+                        type=str,
+                        default=False)
 
     save_parser = subparsers.add_parser('save', help='Save menu.')
     save_parser.set_defaults(which='save')
@@ -167,6 +173,7 @@ def parse_args(args):
                              help='Output everything to file.',
                              action='store_true')
 
+
     search_parser = subparsers.add_parser(
         'github_search',
         help='Searches through github and runs PyT'
@@ -242,6 +249,7 @@ def main(command_line_args=sys.argv[1:]):
                 repo.clean_up()
         exit()
 
+
     if args.which == 'search':
         set_github_api_token()
         scan_github(
@@ -299,6 +307,9 @@ def main(command_line_args=sys.argv[1:]):
             args.trigger_word_file
         )
     )
+    if args.baseline:
+            vulnerabilities = get_vulnerabilities_not_in_baseline(vulnerabilities, args.baseline)
+
     if args.json:
         json.report(vulnerabilities, sys.stdout)
     else:

diff --git a/pyt/baseline.py b/pyt/baseline.py
@@ -0,0 +1,11 @@
+import json
+
+
+def get_vulnerabilities_not_in_baseline(vulnerabilities, baseline):
+	baseline = json.load(open(baseline))
+	output = list()
+	vulnerabilities =[vuln for vuln in vulnerabilities]
+	for vuln in vulnerabilities:
+		if vuln.as_dict() not in baseline['vulnerabilities']:
+			output.append(vuln)
+	return(output)
diff --git a/pyt/formatters/json.py b/pyt/formatters/json.py
@@ -10,7 +10,6 @@ def report(
 ):
     """
     Prints issues in JSON format.
-
     Args:
         vulnerabilities: list of vulnerabilities to report
         fileobj: The output file object, which may be sys.stdout

diff --git a/tests/command_line_test.py b/tests/command_line_test.py
@@ -27,7 +27,7 @@ def test_no_args(self):
                      [-p | -vp | -trim | -i] [-t TRIGGER_WORD_FILE]
                      [-m BLACKBOX_MAPPING_FILE] [-py2] [-l LOG_LEVEL]
                      [-a ADAPTOR] [-db] [-dl DRAW_LATTICE [DRAW_LATTICE ...]]
-                     [-j] [-li | -re | -rt] [-ppm]
+                     [-j] [-li | -re | -rt] [-ppm] [-b BASELINE]
                      {save,github_search} ...\n""" + \
                      "python -m pyt: error: one of the arguments " + \
                      "-f/--filepath -gr/--git-repos is required\n"
-Original file line number
+Diff line change
@@ Expand Up / @@ -10,7 +10,6 @@ def report( @@
     ):
         """
         Prints issues in JSON format.
         Args:
             vulnerabilities: list of vulnerabilities to report
             fileobj: The output file object, which may be sys.stdout
@@ Expand Down @@