You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So I checked, see #2384 (comment), and bandit doesn't ignore empty string.
While I was being thorough, I checked what happens if we have a byte string, e.g. password = b"shh, don't tell anyone!" and neither ruff, nor bandit complain. Wondering if they should? 🤔
Using
v0.0.237
I get:S105 Possible hardcoded password: ""
This was in some code that was checking whether a password/secret matched the empty string, i.e.
if secret == ""
.I think we want to ignore any comparisons to
""
(orNone
if that's not already handled) forS105
,S106
, andS107
.The text was updated successfully, but these errors were encountered: