#nosec is not working for multiline assert.

[nachiketrss]

Describe the bug
#nosec is not working for multiline assert.

To Reproduce
I have a multiline assert like the following:

assert 10<20, 'display a very' \
            'long multiline message' \
            'for this assert' #nosec

I have added #nosec to the above assert. When I run bandit -r, it does not exclude the error.

Expected behavior
Adding #nosec should exclude the error

Bandit version

bandit 1.6.2
  python version = 3.6.5 |Anaconda, Inc.| (default, Mar 29 2018, 13:32:41) [MSC v.1900 64 bit (AMD64)]

[dave-shawley]

For posterity, I ran into this on the SQL injection check for calculated SQL and I could # nosec the multi-line string literal.

[GliderGeek]

im having a similiar problem where i cannot use nosec on the following code:

1 query = """
2 <my manual query>
3 """

• i cannot put the comment on line 1 or line 2
• putting it on line3 does not work

context:

• bandit 1.7.0
• linux

[GliderGeek]

i found a workaround: tuple (un)packing

query = (  # nosec
"""
<my manual query>
""")

[GliderGeek]

might be dup of #658

[bguggs]

i found a workaround: tuple (un)packing

query = (  # nosec
"""
<my manual query>
""")

This workaround can still be a problem if using black, as it will try to be helpful and reformat the multiline with parens back to the following which still breaks:

query = """
<my manual query>
""" # nosec