New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add skip configuration to assert_used #633
Add skip configuration to assert_used #633
Conversation
Fixing the failed checks now. |
@azrdev sorry for the late reply. I completely missed this notification. I would like to edit this PR to use assert_used:
skips: ['*_test.py', 'test_*.py'] I was not aware of this module when I wrote this PR. |
887a76b
to
1bdd08e
Compare
OK, the checks are passing. As I said, I would prefer using Is there a way to run the unit/functional tests locally? I'm trying with pytest but a lot seem to be failing. Do we have docs on doing that? I would like to implement the same thing for |
@wilbertom see CI for how to run tests (we use tox): bandit/.github/workflows/pythonpackage.yml Lines 117 to 124 in 539da77
|
@lukehinds perfect. Thank you. |
Adding this configuration allows the user to skip the assert_used against some files. This is useful because asserts are very common in test files when using pytest. Specifying this configuration: ``` assert_used: skips: ['*_test.py', 'test_*.py'] ``` would skip all asserts against a test file. Resolves PyCQA#346
b9efd37
to
d76f506
Compare
This is ready for a review to be merged. I replaced |
@wilbertom assert_used:
skips: ['*_test.py', 'test_*.py'] |
I find the solution, the skips is applied on the file path not the file name |
Ok I figured it out... You need both an # .bandit
[bandit]
targets: src,tests # bandit.yaml
assert_used:
skips: ['tests/**'] Then: $ bandit --ini .bandit -c bandit.yaml -r
[main] INFO Using command line arg for excluded paths
[main] INFO Using ini file for selected targets
[main] INFO Using command line arg for recursive scan
[main] INFO Using command line arg for aggregate output type
[main] INFO Using command line arg for max code lines output for issue
[main] INFO Using command line arg for severity level
[main] INFO Using command line arg for confidence level
[main] INFO Using command line arg for output format
[main] INFO Using command line arg for output file
[main] INFO profile include tests: None
[main] INFO profile exclude tests: None
[main] INFO cli include tests: None
[main] INFO cli exclude tests: None
[main] INFO using config: bandit.yaml
[main] INFO running on Python 3.9.1
Run started:2021-05-26 06:12:07.353758
Test results:
No issues identified.
Code scanned:
Total lines of code: 70
Total lines skipped (#nosec): 8
Run metrics:
Total issues (by severity):
Undefined: 0.0
Low: 0.0
Medium: 0.0
High: 0.0
Total issues (by confidence):
Undefined: 0.0
Low: 0.0
Medium: 0.0
High: 0.0
Files skipped (0): |
* Add skip configuration to assert_used Adding this configuration allows the user to skip the assert_used against some files. This is useful because asserts are very common in test files when using pytest. Specifying this configuration: ``` assert_used: skips: ['*_test.py', 'test_*.py'] ``` would skip all asserts against a test file. Resolves PyCQA#346 * Document assert test skipping Co-authored-by: Luke Hinds <7058938+lukehinds@users.noreply.github.com>
* Add skip configuration to assert_used Adding this configuration allows the user to skip the assert_used against some files. This is useful because asserts are very common in test files when using pytest. Specifying this configuration: ``` assert_used: skips: ['*_test.py', 'test_*.py'] ``` would skip all asserts against a test file. Resolves PyCQA#346 * Document assert test skipping Co-authored-by: Luke Hinds <7058938+lukehinds@users.noreply.github.com>
How to put everything inside on |
Adding this configuration allows the user to skip the assert_used check
against some files. This is useful because asserts are very common
in test files when using pytest.
Specifying this configuration:
would skip all asserts against a test file.
Resolves #346
Thank you for the awesome project and your time!