Fix #nosec with test ID not counted in Total lines skipped

bandit/core/tester.py

@@ -81,7 +81,8 @@ def run_tests(self, raw_context, checktype):
                         # If the set is empty then it means that nosec was
                         # used without test number -> update nosecs counter.
                         # If the test id is in the set of tests to skip,
-                        # log and increment the skip by test count.
+                        # log and increment both the nosec and
+                        # skipped_tests counters.
                         if not nosec_tests_to_skip:
                             LOG.debug("skipped, nosec without test number")
                             self.metrics.note_nosec()
@@ -90,6 +91,7 @@ def run_tests(self, raw_context, checktype):
                             LOG.debug(
                                 f"skipped, nosec for test {result.test_id}"
                             )
+                            self.metrics.note_nosec()
                             self.metrics.note_skipped_test()
                             continue
 

bandit/formatters/html.py

@@ -95,7 +95,8 @@
                 Metrics:<br>
             </div>
             Total lines of code: <span id="loc">9</span><br>
-            Total lines skipped (#nosec): <span id="nosec">0</span>
+            Total lines skipped (#nosec): <span id="nosec">0</span><br>
+            Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): <span id="skipped_tests">0</span>
         </div>
     </div>
 
@@ -316,7 +317,8 @@ def report(manager, fileobj, sev_level, conf_level, lines=-1):
             Metrics:<br>
         </div>
         Total lines of code: <span id="loc">{loc}</span><br>
-        Total lines skipped (#nosec): <span id="nosec">{nosec}</span>
+        Total lines skipped (#nosec): <span id="nosec">{nosec}</span><br>
+        Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): <span id="skipped_tests">{skipped_tests}</span>
     </div>
 </div>
 
@@ -378,6 +380,7 @@ def report(manager, fileobj, sev_level, conf_level, lines=-1):
     metrics_summary = metrics_block.format(
         loc=manager.metrics.data["_totals"]["loc"],
         nosec=manager.metrics.data["_totals"]["nosec"],
+        skipped_tests=manager.metrics.data["_totals"]["skipped_tests"],
     )
 
     # build the report and output it

bandit/formatters/screen.py

@@ -226,6 +226,11 @@ def report(manager, fileobj, sev_level, conf_level, lines=-1):
             "\tTotal lines skipped (#nosec): %i"
             % (manager.metrics.data["_totals"]["nosec"])
         )
+        bits.append(
+            "\tTotal potential issues skipped due to specifically being "
+            "disabled (e.g., #nosec BXXX): %i"
+            % (manager.metrics.data["_totals"]["skipped_tests"])
+        )
 
         bits.append(get_metrics(manager))
         skipped = manager.get_skipped()

tests/functional/test_functional.py

@@ -428,7 +428,7 @@ def test_multiline_sql_statements(self):
         example_file = "sql_multiline_statements.py"
         confidence_low_tests = 13
         severity_medium_tests = 26
-        nosec_tests = 7
+        nosec_tests = 15
         skipped_tests = 8
         expect = {
             "SEVERITY": {

tests/unit/formatters/test_html.py

@@ -43,7 +43,11 @@ def test_report_with_skipped(self):
     @mock.patch("bandit.core.issue.Issue.get_code")
     @mock.patch("bandit.core.manager.BanditManager.get_issue_list")
     def test_report_contents(self, get_issue_list, get_code):
-        self.manager.metrics.data["_totals"] = {"loc": 1000, "nosec": 50}
+        self.manager.metrics.data["_totals"] = {
+            "loc": 1000,
+            "nosec": 50,
+            "skipped_tests": 0,
+        }
 
         issue_a = _get_issue_instance(severity=bandit.LOW)
         issue_a.fname = "abc.py"
@@ -132,7 +136,11 @@ def test_report_contents(self, get_issue_list, get_code):
     @mock.patch("bandit.core.issue.Issue.get_code")
     @mock.patch("bandit.core.manager.BanditManager.get_issue_list")
     def test_escaping(self, get_issue_list, get_code):
-        self.manager.metrics.data["_totals"] = {"loc": 1000, "nosec": 50}
+        self.manager.metrics.data["_totals"] = {
+            "loc": 1000,
+            "nosec": 50,
+            "skipped_tests": 0,
+        }
         marker = "<tag in code>"
 
         issue_a = _get_issue_instance()

tests/unit/formatters/test_screen.py

@@ -121,7 +121,11 @@ def test_report_nobaseline(self, get_issue_list):
 
         get_issue_list.return_value = [issue_a, issue_b]
 
-        self.manager.metrics.data["_totals"] = {"loc": 1000, "nosec": 50}
+        self.manager.metrics.data["_totals"] = {
+            "loc": 1000,
+            "nosec": 50,
+            "skipped_tests": 0,
+        }
         for category in ["SEVERITY", "CONFIDENCE"]:
             for level in ["UNDEFINED", "LOW", "MEDIUM", "HIGH"]:
                 self.manager.metrics.data["_totals"][f"{category}.{level}"] = 1