Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Excluded paths from the .ini file ignored if -x flag is set #753

Open
upcFrost opened this issue Nov 12, 2021 · 0 comments
Open

Excluded paths from the .ini file ignored if -x flag is set #753

upcFrost opened this issue Nov 12, 2021 · 0 comments
Labels
bug Something isn't working

Comments

@upcFrost
Copy link

upcFrost commented Nov 12, 2021
edited
Loading

Describe the bug

Bandit 1.7.1 no longer appends CLI-provided excluded paths to those provided in the .ini file, but rather substitutes the excluded paths list, which contradicts the doc: note that these are in addition to the excluded paths provided in the config file

Reproduction steps

  1. Create .ini file with a couple of excluded paths
[bandit]
exclude = src/lib
recursive = true
targets = src
  1. Run bandit with both ini file and -x flags provided: bandit --ini .config -x 'test'

Expected behavior

Bandit will exclude both ini-provided and cli-provided paths

Bandit version

1.7.0 (Default)

Python version

3.9 (Default)

Additional context

I'm setting bandit version to 1.7.0 as 1.7.1 is not available in the GitHub dropdown (though it is available at PyPi at https://pypi.org/project/bandit/1.7.1/)
@upcFrost upcFrost added the bug Something isn't working label Nov 12, 2021
@lukegil lukegil mentioned this issue Nov 15, 2021
Open
bittner added a commit to behave/behave-django that referenced this issue Jan 10, 2022
@bittner
Restore older Bandit version for predictive setup
bbab906 
Bandit UX is seriously broken, only <1.6 works predictably.

Exclude/ignore of files is currently broken in Bandit:
- PyCQA/bandit#693
- PyCQA/bandit#490
- PyCQA/bandit#438 (comment)

Reading settings from configuration files is broken:
- PyCQA/bandit#753
- PyCQA/bandit#595

Reading from pyproject.toml not yet functional:
- Must install "toml" package and use "-c pyproject.toml".
- PyCQA/bandit#758

INI file configuration and CLI usage is unclear:
- PyCQA/bandit#603
- PyCQA/bandit#467
- PyCQA/bandit#396
bittner added a commit to behave/behave-django that referenced this issue Jan 10, 2022
@bittner
Restore older Bandit version for predictive setup
a361ac9 
Bandit UX is seriously broken, only <1.6 works predictably.

Exclude/ignore of files is currently broken in Bandit:
- PyCQA/bandit#693
- PyCQA/bandit#490
- PyCQA/bandit#438 (comment)

Reading settings from configuration files is broken:
- PyCQA/bandit#753
- PyCQA/bandit#595

Reading from pyproject.toml not yet functional:
Must install "toml" package and use "-c pyproject.toml".
- PyCQA/bandit#758

INI file configuration and CLI usage is unclear:
- PyCQA/bandit#603
- PyCQA/bandit#467
- PyCQA/bandit#396
@bittner bittner mentioned this issue Jan 10, 2022
Merged
bittner added a commit to behave/behave-django that referenced this issue Jan 10, 2022
@bittner
Restore older Bandit version for predictive setup
93f1146 
Bandit UX is seriously broken, only <1.6 works predictably.

Exclude/ignore of files is currently broken in Bandit:
- PyCQA/bandit#693
- PyCQA/bandit#490
- PyCQA/bandit#438 (comment)

Reading settings from configuration files is broken:
- PyCQA/bandit#753
- PyCQA/bandit#595

Reading from pyproject.toml not yet functional:
Must install "toml" package and use "-c pyproject.toml".
- PyCQA/bandit#758

INI file configuration and CLI usage is unclear:
- PyCQA/bandit#603
- PyCQA/bandit#467
- PyCQA/bandit#396
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@upcFrost