Add numeric options for severity and confidence

[nathanstocking]

Adds two new command line arguments which allow the user to specify
severity level and confidence level with a key-value pair rather than
repeating a flag. This makes it easier to specify those values if using
an alternate interface which invokes Bandit's CLI. The previous
repeatable flags have been retained and existing workflows will not be
affected.

New arguments:

• --severity-level: Takes an integer from 1 to 4 to set the level (1
  for undefined, 2 for low, 3 for medium, 4 for high). This has the same
  effect as the existing -l/--level option. If both options are specified,
  an error will be printed.

• --confidence-level: Takes an integer from 1 to 4 to set the level (1
  for undefined, 2 for low, 3 for medium, 4 for high). This has the same
  effect as the existing -i/--confidence option. If both options are
  specified, an error will be printed.

[sigmavirus24]

Thanks so much for taking the initiative on this. The approach with using mutually exclusive groups looks right to me. I'm wondering if the numbers are the right thing to use instead of a string (text). I'm thinking that --severity-level=MEDIUM (or all lower-case) is going to be far easier on users than --severity-level=3 (what even is 3?). We can translate things on the backend to make things nicer for humans.

I'd also switch from calling 1 "UNDEFINED" to "ALL" but it would also be good to call out (if we're presenting that as an option) how it differs from low.

[nathanstocking]

Thanks so much for taking the initiative on this. The approach with using mutually exclusive groups looks right to me. I'm wondering if the numbers are the right thing to use instead of a string (text). I'm thinking that --severity-level=MEDIUM (or all lower-case) is going to be far easier on users than --severity-level=3 (what even is 3?). We can translate things on the backend to make things nicer for humans.
Good idea. I will modify it to do that instead. At the moment, I'm planning to use lowercase options only since argparse doesn't make it easy to allow case-insensitive options in the choices.
I'd also switch from calling 1 "UNDEFINED" to "ALL" but it would also be good to call out (if we're presenting that as an option) how it differs from low.
We could just remove it since undefined is the default option, but since it's theoretically possible for a finding to be sorted as undefined, I'm inclined to keep the option. I'll use "all" as the name and attempt to clarify what this means.

[nathanstocking]

The latest commit implements the string options as suggested.

Thanks so much for taking the initiative on this. The approach with using mutually exclusive groups looks right to me. I'm wondering if the numbers are the right thing to use instead of a string (text). I'm thinking that --severity-level=MEDIUM (or all lower-case) is going to be far easier on users than --severity-level=3 (what even is 3?). We can translate things on the backend to make things nicer for humans.
Good idea. I will modify it to do that instead. At the moment, I'm planning to use lowercase options only since argparse doesn't make it easy to allow case-insensitive options in the choices.
I'd also switch from calling 1 "UNDEFINED" to "ALL" but it would also be good to call out (if we're presenting that as an option) how it differs from low.
We could just remove it since undefined is the default option, but since it's theoretically possible for a finding to be sorted as undefined, I'm inclined to keep the option. I'll use "all" as the name and attempt to clarify what this means.

[sigmavirus24]

Why did you close this?

[nathanstocking]

Why did you close this?
Sorry, I must have pressed the wrong button when posting the comment. The change has been implemented.