Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

assert_used skips change in 1.7.7 #1106

Open
jonyscathe opened this issue Jan 23, 2024 · 2 comments
Open

assert_used skips change in 1.7.7 #1106

jonyscathe opened this issue Jan 23, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@jonyscathe
Copy link

Describe the bug

Had pyproject.toml containing the following which worked fine in 1.7.6:

[tool.bandit.assert_used]
skips = [
  'src/tests/*_test.py',
]

This fails in 1.7.7 unless changed to:

[tool.bandit.assert_used]
skips = [
  './src/tests/*_test.py',
]

This new config works in 1.7.7, but not 1.7.6.

Given this was only a subminor release, I am assuming that this behaviour change was unintentional as I wouldn't think a subminor release should require a change to config files.

Reproduction steps

1. Have some test file located at src/tests/my_test.py with an assert
2. Have code snippet from above in pyproject.toml
3. Run bandit with 1.7.6 and 1.7.7

Expected behavior

Expect that config files shouldn't require modification on a subminor release.

Bandit version

1.7.6 (Default)

Python version

3.12 (Default)

Additional context

For some reason I cannot report a bandit verison of 1.7.7 in the bandit version dropdown box so have left that at 1.7.6.
@jonyscathe jonyscathe added the bug Something isn't working label Jan 23, 2024
PGijsbers added a commit to openml/server-api that referenced this issue Feb 21, 2024
@PGijsbers
Specify directory to skip assert_used for Bandit differently
aed0ea8 
See PyCQA/bandit#1106
@PGijsbers
Copy link

PGijsbers commented Feb 21, 2024
edited
Loading

I also ran into this, given its context I would assume it's related to this change: #1094

PGijsbers added a commit to openml/server-api that referenced this issue Feb 21, 2024
@pre-commit-ci @PGijsbers
[pre-commit.ci] pre-commit autoupdate (#147)
b65096a 
* [pre-commit.ci] pre-commit autoupdate

updates:
- [github.com/PyCQA/bandit: 1.7.6 → 1.7.7](PyCQA/bandit@1.7.6...1.7.7)
- [github.com/astral-sh/ruff-pre-commit: v0.1.14 → v0.2.2](astral-sh/ruff-pre-commit@v0.1.14...v0.2.2)
- [github.com/psf/black: 23.12.1 → 24.2.0](psf/black@23.12.1...24.2.0)

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* Specify directory to skip assert_used for Bandit differently

See PyCQA/bandit#1106

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Pieter Gijsbers <[email protected]>
@mportesdev
Copy link
Contributor

I am only able to reproduce this issue when running bandit as a pre-commit hook.

Having the following config:

[tool.bandit.assert_used]
skips = ["tests/*"]

both bandit 1.7.6 and 1.7.7 (and also 1.7.8) executed manually from the command line will succeed. Changing the config to the following:

[tool.bandit.assert_used]
skips = ["./tests/*"]

both bandit 1.7.6 and 1.7.7 (and also 1.7.8) executed manually from the command line will fail.

mportesdev added a commit to mportesdev/pictureshow that referenced this issue Jul 16, 2024
@mportesdev
Skip bandit in pre-commit-ci updates
5438494 
This is a temporary fix due to the known issue in bandit>=1.7.7, see PyCQA/bandit#1106
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jonyscathe @PGijsbers @mportesdev