Skip to content

Dev/add bandit linter support #204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
mshafer-NI wants to merge 12 commits into
base: main
Choose a base branch
from
Draft

Dev/add bandit linter support #204

mshafer-NI wants to merge 12 commits into from

Conversation

@mshafer-NI
Copy link
Collaborator

@mshafer-NI mshafer-NI commented Nov 7, 2024

Add bandit as a provided tool.

While bandit takes multiple "-c file" parameters, it only uses the latter...
So, to provide a global default (that says it's ok to assert in tests, and to skip a lot of non-python folders), AND support for a using project to provide config in their pyproject.toml, this is setup to load the vendored-config file, and merge in data from pyproject.toml and store the result in a temp file.

@github-actions
Copy link
Contributor

github-actions bot commented Nov 7, 2024

Thank you for contributing! 👋

@bkeryan bkeryan mentioned this pull request Jun 24, 2025
Merged
@mshafer-NI mshafer-NI mentioned this pull request Sep 15, 2025
Merged
bkeryan
bkeryan reviewed Sep 15, 2025
View reviewed changes
pyproject.toml
black = ">=23.1"
bandit = [
{version=">=1.5,<1.7", extras=["toml"], python="^3.7,<3.8"},
{version=">=1.7.9", extras=["toml"], python="^3.8"},
Copy link
Contributor

@bkeryan bkeryan Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bandit 1.8.6 requires Python >= 3.9

bkeryan
bkeryan approved these changes Sep 15, 2025
View reviewed changes
ni_python_styleguide/_lint.py
Comment on lines +73 to +75
if key in target and isinstance(value, list):
_logger.debug("Merging %s: %s", key, value)
target[key].extend(value)
Copy link
Contributor

@bkeryan bkeryan Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good, this allows projects to extend exclude_dirs.

ni_python_styleguide/_cli.py
_lint.lint_bandit(
qs_or_vs=_qs_or_vs(obj["VERBOSITY"]),
pyproject_config=pyproj_bandit_config,
file_or_dir=file_or_dir or [pathlib.Path.cwd()],
Copy link
Contributor

@bkeryan bkeryan Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI, there is an optional targets key in the config file.

I think defaulting to . and supporting excludes is probably enough for most projects, though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@irwand irwand irwand approved these changes

@neilvana neilvana Awaiting requested review from neilvana neilvana will be requested when the pull request is marked ready for review neilvana is a code owner

+1 more reviewer

@bkeryan bkeryan bkeryan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mshafer-NI @irwand @bkeryan