-
-
Notifications
You must be signed in to change notification settings - Fork 612
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ini "exclude" config is ignored #693
Comments
Yep, Line 83 in 6765a57
|
5ac8b8b is the commit that introduced this. (Looks like Bandit 1.6.3 + 1.7.0.) Though arguably it's |
From what I can understand, I'm willing to work on this but I'm also new to contribution as well so please guide me on what action I should take here. |
@RobGThai in case it helps to get started: Bandit has pretty good contribution guidelines, which might help you to get started: https://github.com/PyCQA/bandit/blob/master/CONTRIBUTING.md#your-first-code-contribution I'm not a bandit dev, but I have made some opensource contributions over the years, and CONTRIBUTING.md is usually where I start. |
Any easy workaround instead of passing all excludes as a CLI argument? |
And moreover, it seems that it's not possible to use exclude in pre-commit because there is no straightforward way to set CLI arguments in pre-commit-config.yaml 😞 |
As a workaoround I call
|
@stuertz, thank you! It's work |
This workaround appears to have been broken by #753 . Using 1.7.1, you need to remove the |
Bandit UX is seriously broken, only <1.6 works predictably. Exclude/ignore of files is currently broken in Bandit: - PyCQA/bandit#693 - PyCQA/bandit#490 - PyCQA/bandit#438 (comment) Reading settings from configuration files is broken: - PyCQA/bandit#753 - PyCQA/bandit#595 Reading from pyproject.toml not yet functional: - Must install "toml" package and use "-c pyproject.toml". - PyCQA/bandit#758 INI file configuration and CLI usage is unclear: - PyCQA/bandit#603 - PyCQA/bandit#467 - PyCQA/bandit#396
Bandit UX is seriously broken, only <1.6 works predictably. Exclude/ignore of files is currently broken in Bandit: - PyCQA/bandit#693 - PyCQA/bandit#490 - PyCQA/bandit#438 (comment) Reading settings from configuration files is broken: - PyCQA/bandit#753 - PyCQA/bandit#595 Reading from pyproject.toml not yet functional: Must install "toml" package and use "-c pyproject.toml". - PyCQA/bandit#758 INI file configuration and CLI usage is unclear: - PyCQA/bandit#603 - PyCQA/bandit#467 - PyCQA/bandit#396
Bandit UX is seriously broken, only <1.6 works predictably. Exclude/ignore of files is currently broken in Bandit: - PyCQA/bandit#693 - PyCQA/bandit#490 - PyCQA/bandit#438 (comment) Reading settings from configuration files is broken: - PyCQA/bandit#753 - PyCQA/bandit#595 Reading from pyproject.toml not yet functional: Must install "toml" package and use "-c pyproject.toml". - PyCQA/bandit#758 INI file configuration and CLI usage is unclear: - PyCQA/bandit#603 - PyCQA/bandit#467 - PyCQA/bandit#396
Is there any work around for this issue? I tried using ini, yaml etc.. but the exclude settings (also exclude_dirs in yaml) seems not to work. |
Describe the bug
exclude configuration inside .bandit ini file is always ignored due to default cli argument.
To Reproduce
Steps to reproduce the behavior:
bandit --ini .bandit -r
in a directory with .bandit file.Expected behavior
Bandit should use .bandit configuration as there's no CLI argument supplied then append default value to it as specified in
argparse
.Bandit version
Additional context
I believe this happens due to the default value for
-x
given toargparse
. This means the ini configuration is always ignored as the code take default value as supplied CLI.Workaround
Supplied exclude via CLI when running Bandit regardless of your ini.
bandit -x ./tests --ini .bandit -r .
The text was updated successfully, but these errors were encountered: