Comments (14)
Either read .bandit
file or [bandit]
section in flake8 config. Now I can't get it to follow exclude_dirs
directive in my .bandit
file and eg. spills warnings related to use of assert
statements in tests. Moreover, recent Bandit has 2 config files, .bandit
for command line defaults and .bandit.yml
for configuration options. Oh my.
from flake8-bandit.
It looks like the latest version on pypi is before this change; the author hasn't released a new version to pypi.
https://pypi.org/project/flake8-bandit/#history
2.1.2
Oct 7, 2019
To use this feature, you'll need to pull the package from github.
from flake8-bandit.
Hey @tylerwince, glad to hear! I think my suggestion was to put some of the .bandit
options in the .flake8
file, e.g.
[flake8]
bandit-includes = *.py
bandit-exclude-dirs = /tests/, tests.py
But pulling from the bandit.yml file also seems great!
from flake8-bandit.
Update on this:
flake8-bandit will now honor a .bandit
config file which contains skips
or tests
for blacklisting or whitelisting tests.
from flake8-bandit.
@phillbaker -- I am just picking back up on this project and adding a few new features as well as cleaning up some of the codebase.
This plugin will follow your flake8 config already, are you thinking we should add support for the .bandit
config file?
from flake8-bandit.
Ah, this makes sense. I think that seems like a reasonable thing.
Maybe something like:
if bandit_config_exists:
use_bandit_config_options
elif bandit_options_in_flake8:
use_bandit_options_in_flake8
from flake8-bandit.
Does this still work? I'm trying w/ bandit==1.6.2
and flake8-bandit==2.1.2
.
I have a .bandit
:
[bandit]
exclude = /frontend,/scripts,/tests,/venv
This uses my exclude:
bandit -r -v .
But this doesn't:
$ flake8 .
./tests/apps/riskofbias/test_riskofbias_api.py:33:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:34:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:45:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:51:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:62:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:69:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:88:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:92:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:94:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:98:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:99:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:106:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code
from flake8-bandit.
If you'd accept a PR let me know and I can look into it...
from flake8-bandit.
@shapiromatron - I would definitely accept a PR! Thanks for taking a look
from flake8-bandit.
Thanks @tylerwince can you confirm that this likely is an issue for others as well? Should I use the skips
keyword above perhaps, (I tried but it didn't work) or is there some other way to get it to work?
from flake8-bandit.
It is likely a problem across the board. This was never really implemented fully and was kind of a hack when I first put it in. I think the main part of the codebase that applies is here:
flake8-bandit/flake8_bandit.py
Lines 46 to 57 in e5834e7
from flake8-bandit.
Thanks @tylerwince I'll have something soon...
from flake8-bandit.
@tylerwince PR submitted #17 ; note that this bumps python minimum version to 3.6 as currently implemented.
from flake8-bandit.
Is this remaining open because we still can't pass a configuration of whatever name we'd like? This would be useful to pass the flake8 config with a [bandit]
section in it and cleaning up my code root a bit.
from flake8-bandit.
Related Issues (20)
- "'ExceptHandler' object has no attribute 'depth'" HOT 7
- Multiple test failures on Python 3.8
- 2.1.2 version tag doesn't exist
- Missing many vulnerabilities that bandit picks up HOT 1
- Support `nosec` comments
- Bandit 1.7.3 addition of new positional argument ``fdata`` causes ``TypeError`` HOT 21
- Bandit 1.7.3 breaks flake8-bandit 2.1.2 HOT 2
- New release on PyPI HOT 2
- Unable to find qualified name for module: file.py HOT 1
- Different results in different Python versions (S303 vs. S324) HOT 1
- flake8-bandit stopping other extension's error codes from being raised HOT 1
- ConfigFileFinder is removed from flake8 HOT 7
- What is the difference between using bandit directly and your library? HOT 1
- Crashes with flake8 5 HOT 2
- [Request] Would it be possible to make a new release to PyPI? HOT 3
- Does/Can/Will this plugin support configuration via `pyproject.toml`? HOT 4
- flake8 5 breaks plugin no attribute ConfigFileFinder HOT 1
- S601 for sanitized command
- S608: false positive HOT 1
- Meaningless error S113
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flake8-bandit.