Comments (3)
@tylerwince @ambv I've made a further comment at PyCQA/flake8-bugbear#37. I'm quoting the salient points below:
The conflict is not with
flake8-bandit
but rather withopenstack/bandit
There are two projects that are involved here:
https://github.com/openstack/bandit
- Project started on 16 July 2014
- This is the main project, where the conflicts are arising
https://github.com/tylerwince/flake8-bandit
- Project started on 29 Oct 2017
- However, this is just a wrapper around
bandit
- They have no control over the error codes that are supplied by
bandit
The OpenStack Bandit project has been using
B30x
codes for a few years as wellTaking
B301
as the earliest example in both projects:
Bandit: openstack-archive/bandit@c364408
- This commit was made on 22 Jan 2016
Bugbear: PyCQA/flake8-bugbear@0fb7d8d
- This commit was made on 8 Jun 2016
from flake8-bandit.
Some comments I made on issue at PyCQA/flake8-bugbear#37 and reposting here to keep track of things:
We could always handle this internally in flake8-bandit. Definitely not a long term solution but a workaround until we can figure out which codes to be used by each project.
What are the thoughts around flake8-bandit changing the openstack/bandit code to be S30x for the time being? (quick look and it doesn't appear any other plugins are using S30x and S makes sense for "security")
Is anyone using flake8-bandit and comparing those results to the openstack/bandit cli output? That is the only time I could see this causing an issue as the codes won't match up
I've opened up an issue with openstack/bandit to see if we can pull them into the discussion here: https://bugs.launchpad.net/bandit/+bug/1759643
from flake8-bandit.
This have been closed. Please see the final discussion here:
PyCQA/flake8-bugbear#37
from flake8-bandit.
Related Issues (20)
- "'ExceptHandler' object has no attribute 'depth'" HOT 7
- Multiple test failures on Python 3.8
- 2.1.2 version tag doesn't exist
- Missing many vulnerabilities that bandit picks up HOT 1
- Support `nosec` comments
- Bandit 1.7.3 addition of new positional argument ``fdata`` causes ``TypeError`` HOT 21
- Bandit 1.7.3 breaks flake8-bandit 2.1.2 HOT 2
- New release on PyPI HOT 2
- Unable to find qualified name for module: file.py HOT 1
- Different results in different Python versions (S303 vs. S324) HOT 1
- flake8-bandit stopping other extension's error codes from being raised HOT 1
- ConfigFileFinder is removed from flake8 HOT 7
- What is the difference between using bandit directly and your library? HOT 1
- Crashes with flake8 5 HOT 2
- [Request] Would it be possible to make a new release to PyPI? HOT 3
- Does/Can/Will this plugin support configuration via `pyproject.toml`? HOT 4
- flake8 5 breaks plugin no attribute ConfigFileFinder HOT 1
- S601 for sanitized command
- S608: false positive HOT 1
- Meaningless error S113
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flake8-bandit.