Skip to main content

Free program analysis focused on bugs that matter to you.

Project description

Bento logo

Find Python web-app bugs delightfully fast, without changing your workflow

Installation · Motivations · Code Checks · Usage
Workflows · Integrations · Help & Community

PyPI PyPI - Downloads Issues welcome! Follow @r2cdev

Inspired by tools like the ESLint plugin for React, Bento was created for Flask and Django. With Bento you’ll:

  • Find bugs that matter. Checks find security and reliability bugs in your code. They’re vetted across thousands of open source projects and never nit your style.
  • Upgrade your tooling. You don’t have to fix existing bugs to adopt Bento. It’s diff-centric, finding new bugs introduced by your changes. And there’s zero config.
  • Go delightfully fast. Run Bento automatically locally or in CI. Either way, it runs offline and never sends your code anywhere.

Demonstrating Bento running in a terminal

Installation

Bento is free and requires Python 3.6+ and Docker 19.03+. It runs on macOS and Linux.

In a Git project directory:

$ pip3 install bento-cli && bento init

Go forth and write great code!

Motivations

See our Bento introductory blog post to learn the full story.

Bento is part of a quest to make world-class security and bugfinding available to all developers, for free. We’ve learned that most developers have never heard of—let alone tried—tools that find deep flaws in code: like Codenomicon, which found Heartbleed, or Zoncolan at Facebook, which finds more top-severity security issues than any human effort. These tools find severe issues and also save tons of time, identifying hundreds of thousands of issues before humans can. Bento is a step towards universal access to tools like these.

We’re also big proponents of opinionated tools like Black and Prettier. This has two implications: Bento ignores style-related issues and the bikeshedding that comes with them, and it ships with a curated set of checks that we believe are high signal and bug-worthy. See Three things your linter shouldn’t tell you for more about our decision making process.

Code Checks

Bento’s check focus on security and reliability bugs in Flask and Django projects.

Flask Jinja Django
missing JWT token href template variable coming soon
secure set cookie missing noopener
send file open missing noreferrer Docker
unescaped file extension missing csrf protection Hadolint
use blueprint for modularity missing doctype
use jsonify meta charset Shell
avoid hardcoded config meta content-type ShellCheck
unquoted attribute template variable
Requests
no auth over http SQLAlchemy
use scheme coming soon
use timeout

See the full list of Bento’s specialty checks.

Usage

Out-of-the-box, Bento is configured for your personal use. See Team Use to setup Bento for all contributors.

Upgrading

$ pip3 install --upgrade bento-cli

Command Line Options

$ bento --help
Usage: bento [OPTIONS] COMMAND [ARGS]...

Options:
  -h, --help    Show this message and exit.
  --version     Show the version and exit.
  --agree       Automatically agree to terms of service.
  --email TEXT  Email address to use while running this command without global
                configs e.g. in CI

Commands:
  archive  Suppress current findings.
  check    Checks for new findings.
  disable  Turn OFF a Bento feature for this project.
  enable   Turn ON a Bento feature for this project.
  init     Autodetects and installs tools.

  To get help for a specific command, run `bento COMMAND --help`

Exit Codes

bento check may exit with the following exit codes:

  • 0: Bento ran successfully and found no errors
  • 2: Bento ran successfully and found issues in your code
  • 3: Bento or one of its underlying tools failed to run

Workflows

Individual Use

Bento understands the importance of getting out of the way so you can write your code. It runs at commit-time on your diffs and only affects you; it won’t change anything for other project contributors or modify Git state.

Initialization enables autorun behind the scenes. By default autorun blocks the commit if Bento returns findings. To make it non-blocking:

$ bento enable autorun --no-block

You can always manually run Bento on staged files or directories via:

$ bento check [PATHS]

This will show only new findings introduced by these files AND that are not in the archive (.bento/archive.json). Use --all to check all Git tracked files, not just those that are staged:

$ bento check --all [PATHS]

This feature makes use of Git hooks. If the Bento hook incorrectly blocks your commit, you can skip it by passing the --no-verify flag to Git at commit-time (please use this sparingly since all hooks will be skipped):

$ git commit --no-verify

Team Use

Running Locally

To setup Bento for all project contributors, add Bento’s configuration to Git (it’s ignored by default):

$ cd <PROJECT DIRECTORY>
# Add Bento's cache to the project's .gitignore
$ echo ".bento/cache" >> .gitignore
# Commit Bento's config to your project
$ git add --force .bento .bentoignore

Contributors can run Bento for themselves using the project’s configuration via:

$ bento init

Running in CI/CD

Bento in CI analyzes your entire project, not just the latest commit. So that you don’t have to fix all existing issues before making Bento blocking, its archive feature allows historical issues to be tracked and ignored during CI.

To use the archive feature so Bento returns a non-zero exit code only for new issues, rather than all existing issues, first create the archive:

$ cd <PROJECT DIRECTORY>
$ bento archive .

Commit Bento’s configuration to the project:

# Add Bento's cache to the project's .gitignore
$ echo ".bento/cache" >> .gitignore
# Commit Bento's config to your project
$ git add --force .bento .bentoignore

You can then add Bento to your CI scripts:

$ pip3 install bento-cli && bento --version
$ bento --agree --email=<YOUR_EMAIL> check --all 2>&1 | cat

We pipe through cat to disable Bento's interactive tty features (e.g. progress bars, using a pager for many findings).

If you use CircleCI, the above commands become:

version: 2.1

jobs:
  bentoCheck:
  executor: circleci/python:3.7.4-stretch-node
  steps:
    - checkout
    - run:
        name: "Install Bento"
        command: pip3 install bento-cli && bento --version
    - run:
        name: "Run Bento check"
        command: bento --agree --email=<YOUR_EMAIL> check --all 2>&1 | cat

bento check will exit with a non-zero exit code if it finds issues in your code (see Exit Codes).

If you need help setting up Bento with another CI provider please open an issue. Documentation PRs welcome if you set up Bento with a CI provider that isn’t documented here!

Help and Community

Need help or want to share feedback? We’d love to hear from you!

We’re constantly shipping new features and improvements.

We’re fortunate to benefit from the contributions of the open source community and great projects such as Bandit, ESLint, Flake8, and their plugins. 🙏

License and Legal

Please refer to the terms and privacy document.



r2c logo

Copyright (c) r2c.

Changelog

This project adheres to Semantic Versioning.

0.9.1 - 2020-02-14

Fixed

  • ShellCheck detect shell files robustly

0.9.0 - 2020-02-13

Added

  • Python tools now scan files that don't end in .py but have python shebang
  • Added ReDoS check via Dlint. The check is off by default. Enable the Dlint tool to run this check: bento enable tool dlint.
  • Jinja checks added and turned on by default

See https://bento.dev/checks for more information on new checks

Fixed

  • Bento iterates over files in batches if number of files to check exceeds OS argmax limit

0.8.2 - 2020-02-05

Fixed

  • bento check works with repos with no previous commits
  • Verify a path is a file before checking if it contains a shell shebang (shellcheck tool)
  • Correctly install autorun even if git-hooks subdirectory is non-existent

0.8.1 - 2020-01-30

Fixed

  • Perfomance improvements when running in large projects
  • Additional human readable check_ids for bandit

0.8.0 - 2020-01-24

This release represents a major shift in Bento's default behavior: It emphasizes an incremental and personal, rather than team-wide, workflow that makes Bento a smaller commitment to use:

  1. Other project contributors won’t see Bento files or have their workflows changed.

  2. You no longer need to manually run Bento. After initialization Bento will automatically check for issues in your code as you commit, analyzing only the files that have changed.

  3. You won’t see a project’s old issues (tech debt) during initialization. To view them, run

    bento check --all
    

Migration

Project configurations have changed in version 0.8. In order to migrate a project from version 0.7 or earlier:

  • Ensure Bento has been upgraded using pip3 install --upgrade bento-cli. Run bento --version to validate Bento’s version.
  • rm -r .bento* (Use git rm if you have previously added Bento files to source control).
  • Run bento init in the project root.

New requirements

  • Docker must be installed, and the docker client running, to use Bento.

Changed

How you use Bento has changed significantly in 0.8.

Usage changes

  • bento check will now only check staged changes.

    • Use bento check --all to check the entire project.
  • bento archive will archive findings due to staged diff:

    • Use bento archive --all to archive all findings in a project.

Other changes

  • hadolint and shellcheck are now enabled by default.
  • Messages for findings are no longer truncated.
  • bento init will now install an empty configuration on a project it can not identify; tools may then be manually enabled using bento enable tool TOOL. Use bento enable tool --help to list tools.
  • Virtual environments for Python tools are now installed in your home directory, instead of in your project directories.
  • eslint is now installed in your project’s .bento directory, and will not modify your project’s package.json.
  • Tool and check names have been modified to improve readability.
  • eslint is disabled by default. To enable it run bento enable tool eslint.

Added

  • On init, Bento will prompt you to ask if you want to add ignore patterns to your global Git ignore file. If you agree, Bento will alter this file to ignore Bento configuration files in your git projects.
  • bento enable autorun and bento disable autorun will cause Bento to either begin or stop analyzing code on every commit.
  • Tab completion can now be installed by Bento. To install for your shell, run bento enable autocomplete. To remove tab completion, run bento disable autocomplete.

Removed

  • bento check --show-all has been removed. Use bento check --all instead. Archived findings can be found at ~/.bento/archive.json.
  • bento install-hook has been removed. Use bento enable autorun to run Bento on every commit.
  • The histogram formatter is no longer used by default. To show findings with a histogram, run bento check -f histo.

0.7.0 - 2019-12-11

Fixed

  • Fixed r2c.hadolint issue where it failed to detect files with .dockerfile suffixes.
  • Fixed r2c.sgrep to respect file path when running on specific files with bento check /path/to/file

Changed

  • Redesigned bento init
    • It now runs bento check and bento archive itself; these were almost always run manually by users immediately after bento init
    • Displays histogram of results
  • bento check supports running a single tool with the -t flag: bento check -t r2c.flask
  • Reworked user registration flow
  • Removed flake8-builtins plugin from r2c.flask based on user feedback: codebases with SQLAlchemy models (common in Flask apps) regularly shadow the id builtin, causing false positives.
  • Added eslint arrow-body-style as a default ignore because it is a style issue.
  • Added unused variable/import related checks (eslint no-unused-vars and no-var, flake8 F401 and F841)to default ignore. While useful they are very noisy and are often non-issues.

Added

0.6.2 - 2019-12-05

Fixed

  • Fixed an issue where upgrade notifications were not shown to users.
  • Fix an issue where certain .gitignore patterns would cause an error or be skipped by Bento
  • Properly render multi-line context in the Clippy formatter.

0.6.1 - 2019-11-26

Fixed

  • Bento no longer completes initialization if it can't identify a project; this prevents confusing errors when subsequently running bento check.
  • Pinned versions of all 3rd-party Python tools, so that remote package upgrades do not break Bento.
  • Bento no longer crashes if a project path contains a space.

Changed

  • Results of bento check are now printed using the Clippy and histogram formatters (see "Added" section below) by default.
  • The APIs to enable and disable a check are now bento enable check [check] and bento disable check [check].
  • The r2c.flask tool is now enabled by default. It finds best-practice and security bugs in code using the Python Flask framework.
  • Multiple formatters can now be used to display results from bento check. For example, bento check -f stylish -f histo will display results using the Stylish formatter, followed by display using a histogram formatter.
  • Progress bars are not emitted to stderr if not a tty; this prevents progress-bar output from littering CI logs.
  • Updated progress bar glyphs for readability on a wider range of terminal themes.
  • Disabled r2c.flake8 check B001 by default, in favor of the (also included) E722 check.

Added

  • Added r2c.requests, which finds best-practice and security bugs in code using the Python Requests framework. It is enabled by default.
  • Added r2c.sgrep, a syntactically aware code search tool. It is not enabled by default. To use it on a project, run bento enable tool r2c.sgrep. Note that Docker is required in order to use r2c.sgrep.
  • All findings, including those previously archived, can now be viewed using bento check --show-all.
  • Tools can now be enabled using bento enable tool [tool_id]. Available tools can be listed by running bento enable tool --help or using shell autocompletion. Tools can be disabled using bento disable tool [tool_id].

0.6.0

Version 0.6.0 was not released.

0.5.0 - 2019-11-18

Fixed

  • r2c.eslint now properly detects TypeScript imports.
  • r2c.eslint now detects global node environments (e.g., jest), and properly resolves their global variables.

Changed

  • To better protect users' data, error messages are no longer reported to our backend.
  • .bentoignore can now be configured to include patterns from other files; by default the contents of the project's .gitignore are included. For more information, please see the comments at the top of the generated .bentoignore file.
  • Tab completion times reduced by approximately half.
  • Disabled a number of r2c.eslint checks by default:
    • arrow-parens, as it conflicts with Prettier's default behavior.
    • TypeScript semicolon checking, which is stylistic.
    • import/no-cycle which takes 50% of tool runtime on moderately large code bases.
  • r2c.flake8 E306 disabled by default, as it is stylistic in nature.
  • Runtime of r2c.eslint has been reduced by up to 30% for some projects.

Added

  • Added r2c.shellcheck tool for shell scripts. To enable, add r2c.shellcheck to the tools section of your .bento.yml. Note that this tool requires docker as a dependency.
  • Added r2c.hadolint tool for Docker files. To enable, add r2c.hadolint to the tools section of your .bento.yml. Note that this tool requires docker to be installed in order to run.

0.4.1 - 2019-11-14

Fixed

  • Fixes a performance regression due to changes in metrics collection.

0.4.0 - 2019-11-11

Changed

  • We updated our privacy policy.
    • Notably, we collect email addresses to understand usage and communicate with users through product announcements, technical notices, updates, security alerts, and support messages.

Added

  • Added additional r2c.click tool for Click framework:

  • Added additional r2c.flask tool for Flask framework:

0.3.1 - 2019-11-08

Fixed

  • Fixed an issue where the tool would fail to install if a macOS user had installed gcc and then upgraded their OS.
  • Fixed a compatibility issue for users with a pre-existing version of GitPython with version between 2.1.1 and 2.1.13.

0.3.0 - 2019-11-01

Changed

  • Bento can now be run from any subdirectory within a project.
  • Updated the privacy and terms-of-service statement.

Added

  • File ignores are configurable via git-style ignore patterns (include patterns are not supported). Patterns should be added to .bentoignore.

  • Added additional checks to the r2c.flake8 tool:

  • Clippy output formatting is now supported.

    • To enable, run: bento check --formatter clippy
    • Example output:
error: r2c.flake8.E113
   --> foo.py:6:5
    |
  6 |   return x
    |
    = note: unexpected indentation
  • Autocompletion is now supported from both bash and zsh. To use:
    • In bash, run echo -e '\neval "$(_BENTO_COMPLETE=source bento)"' >> ~/.bashrc.
    • In zsh, run echo -e '\neval "$(_BENTO_COMPLETE=source_zsh bento)"' >> ~/.zshrc.

0.2.1 - 2019-10-29

Fixed

  • Quoted emails in git configuration do not break user registration.
  • Removed files properly invalidate results cache.
  • Python tools do not crawl node_modules.

0.2.0 - 2019-10-23

Changed

  • Results are cached between runs. This means that an immediate rerun of bento will be much faster.
  • Broadened library compatibility, especially for common packages:
    • attrs from 18.2.0
    • packaging from 14.0
    • pre-commit from 1.0.0
  • r2c.eslint ignores .min.js files. Bento should only report issues in code, not built artifacts.
  • Telemetry endpoint uses bento.r2c.dev.

Added

  • Bento check will optionally run only on passed paths, using bento check [path] ....
  • Add r2c.pyre as a configurable tool. To enable, it must be manually configured in .bento.yml.
  • Formatters can be specified with short names, and these appear in the help text. For example, bento check --formatter json.
  • bento version is passed to telemetry backend.

Fixed

  • Tool does not crash if a git user does not have an email configured.
  • Fixed a regression that caused progress bars to hang after first tool completed.
  • Made fully compatible with Python 3.6.
  • Tool does not mangle .gitignore when that file lacks a trailing newline.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bento-cli-0.9.1.tar.gz (98.2 kB view details)

Uploaded Source

Built Distribution

bento_cli-0.9.1-py3-none-any.whl (117.0 kB view details)

Uploaded Python 3

File details

Details for the file bento-cli-0.9.1.tar.gz.

File metadata

  • Download URL: bento-cli-0.9.1.tar.gz
  • Upload date:
  • Size: 98.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.0.0b5 CPython/3.7.2 Darwin/19.3.0

File hashes

Hashes for bento-cli-0.9.1.tar.gz
Algorithm Hash digest
SHA256 e74e8687e21dc1f886f071ed66c38cc634f219a97efd87c832a056d842e68b4e
MD5 b7d23d686c9aa566ef675dbfa78b9703
BLAKE2b-256 7a16365fc81abac94e4f4a1d18a61f41e6773d7ab9960c6b633a3a9decc4194f

See more details on using hashes here.

File details

Details for the file bento_cli-0.9.1-py3-none-any.whl.

File metadata

  • Download URL: bento_cli-0.9.1-py3-none-any.whl
  • Upload date:
  • Size: 117.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.0.0b5 CPython/3.7.2 Darwin/19.3.0

File hashes

Hashes for bento_cli-0.9.1-py3-none-any.whl
Algorithm Hash digest
SHA256 cff4769fa92ccd8f8f8dd847ceff5f7112c1f54899d4b56e741347d30dda58c2
MD5 a6bbe1140ffcc0c20515f9eda02ce1b6
BLAKE2b-256 9bef2f3fd7452a23ea387290d09ed740fbbcfea51833ed779e6aab45dab935a5

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page