Giter Site home page Giter Site logo

Comments (14)

zgoda avatar zgoda commented on June 2, 2024 5

Either read .bandit file or [bandit] section in flake8 config. Now I can't get it to follow exclude_dirs directive in my .bandit file and eg. spills warnings related to use of assert statements in tests. Moreover, recent Bandit has 2 config files, .bandit for command line defaults and .bandit.yml for configuration options. Oh my.

from flake8-bandit.

shapiromatron avatar shapiromatron commented on June 2, 2024 2

It looks like the latest version on pypi is before this change; the author hasn't released a new version to pypi.

https://pypi.org/project/flake8-bandit/#history
2.1.2
Oct 7, 2019

To use this feature, you'll need to pull the package from github.

from flake8-bandit.

phillbaker avatar phillbaker commented on June 2, 2024 1

Hey @tylerwince, glad to hear! I think my suggestion was to put some of the .bandit options in the .flake8 file, e.g.

[flake8]
bandit-includes = *.py
bandit-exclude-dirs = /tests/, tests.py

But pulling from the bandit.yml file also seems great!

from flake8-bandit.

tylerwince avatar tylerwince commented on June 2, 2024 1

Update on this:

flake8-bandit will now honor a .bandit config file which contains skips or tests for blacklisting or whitelisting tests.

from flake8-bandit.

tylerwince avatar tylerwince commented on June 2, 2024

@phillbaker -- I am just picking back up on this project and adding a few new features as well as cleaning up some of the codebase.

This plugin will follow your flake8 config already, are you thinking we should add support for the .bandit config file?

from flake8-bandit.

tylerwince avatar tylerwince commented on June 2, 2024

Ah, this makes sense. I think that seems like a reasonable thing.

Maybe something like:

if bandit_config_exists:
    use_bandit_config_options
elif bandit_options_in_flake8:
    use_bandit_options_in_flake8

from flake8-bandit.

shapiromatron avatar shapiromatron commented on June 2, 2024

Does this still work? I'm trying w/ bandit==1.6.2 and flake8-bandit==2.1.2.

I have a .bandit:

[bandit]
exclude = /frontend,/scripts,/tests,/venv

This uses my exclude:

bandit -r -v .

But this doesn't:

$ flake8 .

./tests/apps/riskofbias/test_riskofbias_api.py:33:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:34:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:45:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:51:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:62:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:69:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:88:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:92:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:94:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:98:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:99:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
./tests/apps/riskofbias/test_riskofbias_api.py:106:1: S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code

from flake8-bandit.

shapiromatron avatar shapiromatron commented on June 2, 2024

If you'd accept a PR let me know and I can look into it...

from flake8-bandit.

tylerwince avatar tylerwince commented on June 2, 2024

@shapiromatron - I would definitely accept a PR! Thanks for taking a look

from flake8-bandit.

shapiromatron avatar shapiromatron commented on June 2, 2024

Thanks @tylerwince can you confirm that this likely is an issue for others as well? Should I use the skips keyword above perhaps, (I tried but it didn't work) or is there some other way to get it to work?

from flake8-bandit.

tylerwince avatar tylerwince commented on June 2, 2024

It is likely a problem across the board. This was never really implemented fully and was kind of a hack when I first put it in. I think the main part of the codebase that applies is here:

flake8-bandit/flake8_bandit.py

Lines 46 to 57 in e5834e7

try:
config.read(ini_file)
profile = {k: v.replace("S", "B") for k, v in config.items("bandit")}
if profile.get("skips"):
profile["exclude"] = profile.get("skips").split(",")
if profile.get("tests"):
profile["include"] = profile.get("tests").split(",")
except (configparser.Error, KeyError, TypeError) as e:
if str(e) != "No section: 'bandit'":
import sys
err = "Unable to parse config file: %s\n" % e
sys.stderr.write(err)

from flake8-bandit.

shapiromatron avatar shapiromatron commented on June 2, 2024

Thanks @tylerwince I'll have something soon...

from flake8-bandit.

shapiromatron avatar shapiromatron commented on June 2, 2024

@tylerwince PR submitted #17 ; note that this bumps python minimum version to 3.6 as currently implemented.

from flake8-bandit.

flickerfly avatar flickerfly commented on June 2, 2024

Is this remaining open because we still can't pass a configuration of whatever name we'd like? This would be useful to pass the flake8 config with a [bandit] section in it and cleaning up my code root a bit.

from flake8-bandit.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.