Make Bandit suspicious import rules into a single configurable rule

[inoa-jboliveira]

Remove all rules from S401 to S415 (suspicious imports) and create a single S400 rule that says

"Possibly insecure import {import_name}: {reason}"

Allow the imports being configured via command line

[tool.ruff.lint.flake8_bandit]
suspicious_import = {"marshal" = "Deserialization is possibly dangerous"}

suspicious_import_include = {foobar = "I dont like this one"}

suspicious_import_exclude = [
  subprocess
]

To be honest, I just dont think these rules should exist since we have the TID253 configurable via banned-module-level-imports.

My issue is with these rules existing and not being in a good range that they can be ignored in bulk. I don't know if on next version we will get S416 or S420 (another range -- maybe I need to ignore the whole S4?) with more of these "unsafe" modules. In theory there could be thousands of unsafe modules and having multiple rules is just bad IMO.

[augustelalande]

If your goal is just to ignore them, you should be good to just ignore S4

[charliermarsh]

Yeah, S4 is exactly the "suspicious" import rules.