-
-
Notifications
You must be signed in to change notification settings - Fork 585
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Undetected issues B104, B608 #656
Comments
Can you please share some example code you ran to test 1.6.2 versus 1.6.3? Without that, its hard to state what could be the cause for the difference you're seeing. |
Do you mean share the lines that failed? Or the lines of code that orchestrates the test? For the lines that failed: If it’s the second option (orchestration code) I’ll have to look for it later. |
Afaik this is caused by deprecation of In Python 3.7, bandit version 1.6.2 reports both issues as expected. |
While I can't explain exactly why these two issues are suddenly being found and not before, I can say we have tests for each plugin that are passing. And finding more issues is a good thing in my opinion, assuming they are not false positives. Closing for now, but if you have example snippets of code we can use to further debug, feel free to reopen with that snippet. |
Describe the bug
Issues B104, B608 were not detected on 1.6.2 and suddenly detected on 1.6.3.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Issues detected on both versions.
Bandit version
Additional context
I am using bandit with Python 3.8.6 for a few months now. Running bandit today using the newly released version 1.6.3 (thanks!), I found out about new issues (B104, B608) that were not visible before (job completed successfully).
Initially, I suspected that the CLI tool on version 1.6.2 didn't parse some args properly until the update today (I noticed several new lines on today's run: "Using command line arg for ..." which were missing before). However, I am not really sure that's really the reason - other issues did appear in the past using the exact same test job.
Implementation suggestion for 2 - modify 'python_requires)' on setup.py to have an upper limit as well, thus making installations fail on supported versions.
Thanks,
Adi
The text was updated successfully, but these errors were encountered: