Fix lack of col field in bandit breaking linter output (#16337)

* Allow bandit without col output

* Add a test

* Use a custom regex to fix the bug

* Make sure its called with the custom regex

* Add news entry

* Update news/2 Fixes/15561.md

Co-authored-by: Karthik Nadig <[email protected]>

Author: tonybaloney

news/2 Fixes/15561.md

@@ -0,0 +1,2 @@
+Fixes a bug in the bandit linter where messages weren't being propagated to the editor.
+(thanks [Anthony Shaw](https://github.com/tonybaloney))

src/client/linters/bandit.ts

@@ -16,6 +16,9 @@ const severityMapping: Record<string, LintMessageSeverity | undefined> = {
     HIGH: LintMessageSeverity.Error,
 };
 
+export const BANDIT_REGEX =
+    '(?<line>\\d+),(?<column>(col)?(\\d+)?),(?<type>\\w+),(?<code>\\w+\\d+):(?<message>.*)\\r?(\\n|$)';
+
 export class Bandit extends BaseLinter {
     constructor(outputChannel: OutputChannel, serviceContainer: IServiceContainer) {
         super(Product.bandit, outputChannel, serviceContainer);
@@ -35,6 +38,7 @@ export class Bandit extends BaseLinter {
             ],
             document,
             cancellation,
+            BANDIT_REGEX,
         );
 
         messages.forEach((msg) => {

src/test/linters/bandit.unit.test.ts

@@ -0,0 +1,87 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+'use strict';
+
+import { expect } from 'chai';
+import { parseLine } from '../../client/linters/baseLinter';
+import { BANDIT_REGEX } from '../../client/linters/bandit';
+
+import { ILintMessage, LinterId } from '../../client/linters/types';
+
+suite('Linting - Bandit', () => {
+    test('parsing new bandit with col', () => {
+        const newOutput = `\
+1,0,LOW,B404:Consider possible security implications associated with subprocess module.
+19,4,HIGH,B602:subprocess call with shell=True identified, security issue.
+`;
+
+        const lines = newOutput.split('\n');
+        const tests: [string, ILintMessage | undefined][] = [
+            [
+                lines[0],
+                {
+                    code: 'B404',
+                    message: 'Consider possible security implications associated with subprocess module.',
+                    column: 0,
+                    line: 1,
+                    type: 'LOW',
+                    provider: 'bandit',
+                },
+            ],
+            [
+                lines[1],
+                {
+                    code: 'B602',
+                    message: 'subprocess call with shell=True identified, security issue.',
+                    column: 3,
+                    line: 19,
+                    type: 'HIGH',
+                    provider: 'bandit',
+                },
+            ],
+        ];
+        for (const [line, expected] of tests) {
+            const msg = parseLine(line, BANDIT_REGEX, LinterId.Bandit, 1);
+
+            expect(msg).to.deep.equal(expected);
+        }
+    });
+    test('parsing old bandit with no col', () => {
+        const newOutput = `\
+1,col,LOW,B404:Consider possible security implications associated with subprocess module.
+19,col,HIGH,B602:subprocess call with shell=True identified, security issue.
+`;
+
+        const lines = newOutput.split('\n');
+        const tests: [string, ILintMessage | undefined][] = [
+            [
+                lines[0],
+                {
+                    code: 'B404',
+                    message: 'Consider possible security implications associated with subprocess module.',
+                    column: 0,
+                    line: 1,
+                    type: 'LOW',
+                    provider: 'bandit',
+                },
+            ],
+            [
+                lines[1],
+                {
+                    code: 'B602',
+                    message: 'subprocess call with shell=True identified, security issue.',
+                    column: 0,
+                    line: 19,
+                    type: 'HIGH',
+                    provider: 'bandit',
+                },
+            ],
+        ];
+        for (const [line, expected] of tests) {
+            const msg = parseLine(line, BANDIT_REGEX, LinterId.Bandit, 1);
+
+            expect(msg).to.deep.equal(expected);
+        }
+    });
+});