-
-
Notifications
You must be signed in to change notification settings - Fork 618
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using # nosec BXXX
annotation in a nested dict causes "higher" annotations to be ignored
#1003
Labels
bug
Something isn't working
Comments
@0xDEC0DE Is it regression or 1.7.4 has it as well? |
This appears to be a regression; 1.7.4 ignores them (albeit with warnings): Setup
1.7.4Note the warnings from
1.7.5
|
kfrydel
added a commit
to kfrydel/bandit
that referenced
this issue
Mar 27, 2023
Before this commit nosec was searched from the begnning of the expression's context, which may be broader than the exact piece of code that a developer wants to skip. This caused, that for the below example: 1. example = { 2. 'S3_CONFIG_PARAMS': dict( # nosec B106 3. ... 4. ), 5. 'LOCALFS_BASEDIR': '/var/tmp/herp', # nosec B108 6. } for line 5, nosec from line 2 was returned. Thus `nosec B108` was ignored. This commit changes the algorithm that search for nosec for an expression and nosec from the exact line of the expression is preferred. Resolves: PyCQA#1003
I included a test case so that you could tell me 😆 But yes, #1004 appears to report no issues, but it DOES throw warnings, same as 1.7.4:
|
rkuczer
added a commit
to rkuczer/bandit
that referenced
this issue
Apr 4, 2023
rkuczer
added a commit
to rkuczer/bandit
that referenced
this issue
Apr 4, 2023
rkuczer
added a commit
to rkuczer/bandit
that referenced
this issue
Apr 6, 2023
rkuczer
added a commit
to rkuczer/bandit
that referenced
this issue
Apr 6, 2023
…ing another test code
rkuczer
added a commit
to rkuczer/bandit
that referenced
this issue
Apr 7, 2023
rkuczer
added a commit
to rkuczer/bandit
that referenced
this issue
Apr 7, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Using a
# nosec BXXX
annotation inside a nested data structure appears to cause "higher"nosec
annotations to be ignored:Reproduction steps
Use this as a test case (save to
testcase.py
):..and run
bandit testcase.py
Expected behavior
Bandit version
1.7.5
Python version
3.11.2
Additional context
# nosec
annotations works.So the issue would appear to have something to do with ignoring individual tests, and nesting depth.
The text was updated successfully, but these errors were encountered: