Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix nosec for nested dicts #1004

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions bandit/core/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -373,8 +373,8 @@ def check_ast_node(name):


def get_nosec(nosec_lines, context):
for lineno in context["linerange"]:
nosec = nosec_lines.get(lineno, None)
for lineno in [context["lineno"], *context["linerange"]]:
nosec = nosec_lines.get(lineno)
if nosec is not None:
return nosec
return None
11 changes: 11 additions & 0 deletions examples/nosec.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,14 @@
subprocess.Popen('/bin/ls *', shell=True) # type: ... # noqa: E501 ; pylint: disable=line-too-long # nosec
subprocess.Popen('#nosec', shell=True) # nosec B607, B101
subprocess.Popen('#nosec', shell=True) # nosec B602, subprocess_popen_with_shell_equals_true
# check that nosec in nested dict does not cause "higher" annotations to be ignored
# reproduction of https://github.com/PyCQA/bandit/issues/1003
example = {
'S3_CONFIG_PARAMS': dict( # nosec B106
aws_access_key_id='key_goes_here',
aws_secret_access_key='secret_goes_here',
endpoint_url='s3.amazonaws.com',
),
'LOCALFS_BASEDIR': '/var/tmp/herp', # nosec B108
'ALPINE_APORTS_DIR': '/tmp/derp', # nosec B108
}