You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, currently flake8-bugbear seems to primarily (only?) contain errors/warnings either inherent to python code or constructs from the python stdlib, but there are some popular third party libraries, such as MarkupSafe which also have very common usage mistakes, that are almost certainly bugs.
For MarkupSafe there is an existing flake8-plugin, however it hasn't been updated in three years and isn't published on pypi, so I'd feel a little bit better if it was part of a larger, actively maintained project.
So for now I'd just like to get a feel what the maintainers stance on this is, and if detecting such errors are welcome additions, I would be happy to submit a PR for this MarkupSafe specific issue to begin with. It would also be nice to have a contribution policy alongside the development instructions, so it's easier to gauge if it's worth opening a pull request for new errors/warnings or it'd be better suited as a standalone plugin.
The text was updated successfully, but these errors were encountered:
Thanks for the interest here. I don't feel we should add specific checks for specific third party libraries to flake8-bugbear. I'm all about avoiding polices where we can, but we could add this decision to the README. I'd still life to hear others opinions here as I could be swayed.
The dedicated plugin seems a much better route. Have you tried contacting the author? They seem to list a twitter/X on their GitHub profile. If so and you've got no response, want to fork it and I can help you add CI + push to PyPI?
The dedicated plugin seems a much better route. Have you tried contacting the author? They seem to list a twitter/X on their GitHub profile. If so and you've got no response, want to fork it and I can help you add CI + push to PyPI?
I haven't tried to reach out to them yet, no. I haven't taken a close look at the code or tried to see how robust their detection of bad Markup usage was yet.
It might make more sense to try to get this added to bandit anyways, considering how this more of a security issue, rather than just a regular bug, and there's plenty of precedent for rules that are specific to third party packages, such as Jinja, which depends on MarkupSafe. There is an older open pull request for flask.Markup which is an alias for markupsafe.Markup so I'll see if I can get something going there as well.
Hi, currently flake8-bugbear seems to primarily (only?) contain errors/warnings either inherent to python code or constructs from the python stdlib, but there are some popular third party libraries, such as MarkupSafe which also have very common usage mistakes, that are almost certainly bugs.
For MarkupSafe there is an existing flake8-plugin, however it hasn't been updated in three years and isn't published on pypi, so I'd feel a little bit better if it was part of a larger, actively maintained project.
So for now I'd just like to get a feel what the maintainers stance on this is, and if detecting such errors are welcome additions, I would be happy to submit a PR for this MarkupSafe specific issue to begin with. It would also be nice to have a contribution policy alongside the development instructions, so it's easier to gauge if it's worth opening a pull request for new errors/warnings or it'd be better suited as a standalone plugin.
The text was updated successfully, but these errors were encountered: