Add documentation for the "nosec" comment #553
Assignees
Labels
enhancement
New feature or request
Comments
|
do you plan on putting a PR together for this @exhuma ? |
|
Done 😄 Note that I did not see a really good place to add it so I added it as a suggestion into the "config" section. I did not see a point creating a whole new document for this small section. Let me know if that works for you. I was also probably a bit verbose with the text. I am open for any suggestion if you want me to change something. I'm also fine with squashing any future commits on the branch to keep the history clean for this small change. |
ericwb
pushed a commit
that referenced
this issue
Jan 7, 2020
* Add a section explaining "nosec" References #553 * Remove duplicated "in your code"
|
Fixed with #554 |
Glyphack
pushed a commit
to Glyphack/bandit
that referenced
this issue
Feb 27, 2020
Resolves PyCQA#548 Add code of conduct. Add links to contributing.md file. Fix typo. Fix docs for B610,B611,B703 (PyCQA#555) * Fix docs for B610,B611,B703 * Address flake8 notice by adding blank line * Fix long lines Use SPDX license identifier instead of bulky headers (PyCQA#530) * Use SPDX license identifier instead of bulky headers There exists a nice, consistent way to denote licenses in source files. It's called SPDX and further information is here [1]. This commit migrates the bulky apache-2 license headers with the SPDX short identifier equivalent. [1] https://spdx.org/ids-how Signed-off-by: Eric Brown <browne@vmware.com> * Update test-requirements.txt Add a section explaining "nosec" (PyCQA#554) * Add a section explaining "nosec" References PyCQA#553 * Remove duplicated "in your code" replace 'then' with 'than' Signed-off-by: Pablo Woolvett <pablo.wooveltt@iconstruye.onmicrosoft.com> Add sha1 to the list of insecure hashes The hashlib.new test plugin was only checking for MD4 and MD5. This patch extends the list of insecure hashes to include SHA1, which has known exploits. Fixes PyCQA#560 Signed-off-by: Eric Brown <browne@vmware.com> Use GitHub Actions to run CI (PyCQA#565) * Use GitHub Actions to run CI This change utilizes GitHub Actions to run the CI for our unit tests instead of the current Travis-CI. * Delete .travis.yml Ignore common directories by default This fix follows the example of flake8 in that it sets a default list of common directories and filename patterns to exclude. Fixes PyCQA#543 Signed-off-by: Eric Brown <browne@vmware.com> Add push and pull request to GH Action trigger It appears that Actions are not triggered for all pull requests. I suspect the Actions need to register for event push and pull_request in order to run CI on commits. Signed-off-by: Eric Brown <browne@vmware.com> Fix grammar issues and typos. Fix more grammar issues Added @lukehinds text about commit messages and squash commits from https://gist.githubusercontent.com/lukehinds/3337941149fc25ed91567037a0ebf026/raw/c1db6186c7e14ff316db2fe61fa046ab07251275/gistfile1.txt Remove extra parentheses
Glyphack
pushed a commit
to Glyphack/bandit
that referenced
this issue
Feb 27, 2020
Resolves PyCQA#548 Add code of conduct. Add links to contributing.md file. Fix typo. Fix docs for B610,B611,B703 (PyCQA#555) * Fix docs for B610,B611,B703 * Address flake8 notice by adding blank line * Fix long lines Use SPDX license identifier instead of bulky headers (PyCQA#530) * Use SPDX license identifier instead of bulky headers There exists a nice, consistent way to denote licenses in source files. It's called SPDX and further information is here [1]. This commit migrates the bulky apache-2 license headers with the SPDX short identifier equivalent. [1] https://spdx.org/ids-how Signed-off-by: Eric Brown <browne@vmware.com> * Update test-requirements.txt Add a section explaining "nosec" (PyCQA#554) * Add a section explaining "nosec" References PyCQA#553 * Remove duplicated "in your code" replace 'then' with 'than' Signed-off-by: Pablo Woolvett <pablo.wooveltt@iconstruye.onmicrosoft.com> Add sha1 to the list of insecure hashes The hashlib.new test plugin was only checking for MD4 and MD5. This patch extends the list of insecure hashes to include SHA1, which has known exploits. Fixes PyCQA#560 Signed-off-by: Eric Brown <browne@vmware.com> Use GitHub Actions to run CI (PyCQA#565) * Use GitHub Actions to run CI This change utilizes GitHub Actions to run the CI for our unit tests instead of the current Travis-CI. * Delete .travis.yml Ignore common directories by default This fix follows the example of flake8 in that it sets a default list of common directories and filename patterns to exclude. Fixes PyCQA#543 Signed-off-by: Eric Brown <browne@vmware.com> Add push and pull request to GH Action trigger It appears that Actions are not triggered for all pull requests. I suspect the Actions need to register for event push and pull_request in order to run CI on commits. Signed-off-by: Eric Brown <browne@vmware.com> Fix grammar issues and typos. Fix more grammar issues Added @lukehinds text about commit messages and squash commits from https://gist.githubusercontent.com/lukehinds/3337941149fc25ed91567037a0ebf026/raw/c1db6186c7e14ff316db2fe61fa046ab07251275/gistfile1.txt Remove extra parentheses
mikespallino
pushed a commit
to mikespallino/bandit
that referenced
this issue
Aug 25, 2021
Resolves PyCQA#548 Add code of conduct. Add links to contributing.md file. Fix typo. Fix docs for B610,B611,B703 (PyCQA#555) * Fix docs for B610,B611,B703 * Address flake8 notice by adding blank line * Fix long lines Use SPDX license identifier instead of bulky headers (PyCQA#530) * Use SPDX license identifier instead of bulky headers There exists a nice, consistent way to denote licenses in source files. It's called SPDX and further information is here [1]. This commit migrates the bulky apache-2 license headers with the SPDX short identifier equivalent. [1] https://spdx.org/ids-how Signed-off-by: Eric Brown <browne@vmware.com> * Update test-requirements.txt Add a section explaining "nosec" (PyCQA#554) * Add a section explaining "nosec" References PyCQA#553 * Remove duplicated "in your code" replace 'then' with 'than' Signed-off-by: Pablo Woolvett <pablo.wooveltt@iconstruye.onmicrosoft.com> Add sha1 to the list of insecure hashes The hashlib.new test plugin was only checking for MD4 and MD5. This patch extends the list of insecure hashes to include SHA1, which has known exploits. Fixes PyCQA#560 Signed-off-by: Eric Brown <browne@vmware.com> Use GitHub Actions to run CI (PyCQA#565) * Use GitHub Actions to run CI This change utilizes GitHub Actions to run the CI for our unit tests instead of the current Travis-CI. * Delete .travis.yml Ignore common directories by default This fix follows the example of flake8 in that it sets a default list of common directories and filename patterns to exclude. Fixes PyCQA#543 Signed-off-by: Eric Brown <browne@vmware.com> Add push and pull request to GH Action trigger It appears that Actions are not triggered for all pull requests. I suspect the Actions need to register for event push and pull_request in order to run CI on commits. Signed-off-by: Eric Brown <browne@vmware.com> Fix grammar issues and typos. Fix more grammar issues Added @lukehinds text about commit messages and squash commits from https://gist.githubusercontent.com/lukehinds/3337941149fc25ed91567037a0ebf026/raw/c1db6186c7e14ff316db2fe61fa046ab07251275/gistfile1.txt Remove extra parentheses
mikespallino
pushed a commit
to mikespallino/bandit
that referenced
this issue
Jan 7, 2022
Resolves PyCQA#548 Add code of conduct. Add links to contributing.md file. Fix typo. Fix docs for B610,B611,B703 (PyCQA#555) * Fix docs for B610,B611,B703 * Address flake8 notice by adding blank line * Fix long lines Use SPDX license identifier instead of bulky headers (PyCQA#530) * Use SPDX license identifier instead of bulky headers There exists a nice, consistent way to denote licenses in source files. It's called SPDX and further information is here [1]. This commit migrates the bulky apache-2 license headers with the SPDX short identifier equivalent. [1] https://spdx.org/ids-how Signed-off-by: Eric Brown <browne@vmware.com> * Update test-requirements.txt Add a section explaining "nosec" (PyCQA#554) * Add a section explaining "nosec" References PyCQA#553 * Remove duplicated "in your code" replace 'then' with 'than' Signed-off-by: Pablo Woolvett <pablo.wooveltt@iconstruye.onmicrosoft.com> Add sha1 to the list of insecure hashes The hashlib.new test plugin was only checking for MD4 and MD5. This patch extends the list of insecure hashes to include SHA1, which has known exploits. Fixes PyCQA#560 Signed-off-by: Eric Brown <browne@vmware.com> Use GitHub Actions to run CI (PyCQA#565) * Use GitHub Actions to run CI This change utilizes GitHub Actions to run the CI for our unit tests instead of the current Travis-CI. * Delete .travis.yml Ignore common directories by default This fix follows the example of flake8 in that it sets a default list of common directories and filename patterns to exclude. Fixes PyCQA#543 Signed-off-by: Eric Brown <browne@vmware.com> Add push and pull request to GH Action trigger It appears that Actions are not triggered for all pull requests. I suspect the Actions need to register for event push and pull_request in order to run CI on commits. Signed-off-by: Eric Brown <browne@vmware.com> Fix grammar issues and typos. Fix more grammar issues Added @lukehinds text about commit messages and squash commits from https://gist.githubusercontent.com/lukehinds/3337941149fc25ed91567037a0ebf026/raw/c1db6186c7e14ff316db2fe61fa046ab07251275/gistfile1.txt Remove extra parentheses
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently the
# noseccomment is only visible in the--helpoutput and is really easy to miss.Adding a small section in the documentation on how to suppress single lines would make this easier to find.
The text was updated successfully, but these errors were encountered: