-
-
Notifications
You must be signed in to change notification settings - Fork 610
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ini file settings ignored #595
Labels
bug
Something isn't working
Comments
May be caused by #508. |
ehooo
added a commit
to ehooo/bandit
that referenced
this issue
Dec 14, 2020
ehooo
added a commit
to ehooo/bandit
that referenced
this issue
Dec 14, 2020
ehooo
added a commit
to ehooo/bandit
that referenced
this issue
Dec 14, 2020
Seems to be duplicated by #657. |
ehooo
added a commit
to ehooo/bandit
that referenced
this issue
Dec 21, 2020
bittner
added a commit
to behave/behave-django
that referenced
this issue
Jan 10, 2022
Bandit UX is seriously broken, only <1.6 works predictably. Exclude/ignore of files is currently broken in Bandit: - PyCQA/bandit#693 - PyCQA/bandit#490 - PyCQA/bandit#438 (comment) Reading settings from configuration files is broken: - PyCQA/bandit#753 - PyCQA/bandit#595 Reading from pyproject.toml not yet functional: - Must install "toml" package and use "-c pyproject.toml". - PyCQA/bandit#758 INI file configuration and CLI usage is unclear: - PyCQA/bandit#603 - PyCQA/bandit#467 - PyCQA/bandit#396
bittner
added a commit
to behave/behave-django
that referenced
this issue
Jan 10, 2022
Bandit UX is seriously broken, only <1.6 works predictably. Exclude/ignore of files is currently broken in Bandit: - PyCQA/bandit#693 - PyCQA/bandit#490 - PyCQA/bandit#438 (comment) Reading settings from configuration files is broken: - PyCQA/bandit#753 - PyCQA/bandit#595 Reading from pyproject.toml not yet functional: Must install "toml" package and use "-c pyproject.toml". - PyCQA/bandit#758 INI file configuration and CLI usage is unclear: - PyCQA/bandit#603 - PyCQA/bandit#467 - PyCQA/bandit#396
bittner
added a commit
to behave/behave-django
that referenced
this issue
Jan 10, 2022
Bandit UX is seriously broken, only <1.6 works predictably. Exclude/ignore of files is currently broken in Bandit: - PyCQA/bandit#693 - PyCQA/bandit#490 - PyCQA/bandit#438 (comment) Reading settings from configuration files is broken: - PyCQA/bandit#753 - PyCQA/bandit#595 Reading from pyproject.toml not yet functional: Must install "toml" package and use "-c pyproject.toml". - PyCQA/bandit#758 INI file configuration and CLI usage is unclear: - PyCQA/bandit#603 - PyCQA/bandit#467 - PyCQA/bandit#396
It appears that this was fixed by #722 in version 1.7.1, which I can confirm based on the following test: echo 'assert 2 > 1' >assert.py
cat >.bandit <<BANDIT
[bandit]
exclude: assert.py
BANDIT
bandit -r . which fails with "Issue: [B101:assert_used]..." on 1.7.0 and passes with "No issues identified." in 1.7.1. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Adding excluded files, output format or output file in
.bandit
is ignored.To Reproduce
Steps to reproduce the behavior:
.bandit
with:bandit --ini .bandit
Expected behavior
I expected the format used to be the one from the .bandit ini file, instead of the default from the command line. Same goes for exclude and output.
Bandit version
Additional context
I think what's happening in the code is the following:
When checking if one should use the command line argument or the ini file, the code checks if the command line argument has a value. If not, it falls back to the ini file. However, arguments have defaults set in the parser, and thus some will always have a value set, and will always override the ini values. That's what I think is happening for exclude, format and output at least.
Solution is to check if the argument is passed, and if not, check for ini values, and if these are not set, fall back to a default.
The text was updated successfully, but these errors were encountered: