New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential conflicted rules between S602 and S603 #4045
Comments
Happy to look into this! I'm not able to find any S602/S603 rule, though - here are the |
Gotcha - I can submit a fix to make these mutually exclusive if that makes sense? Seems like they only differ on shell truthiness, so I think that's the easiest way to go |
I'm confused between these two as they're the exact opposite of each other. If we try to make them mutually exclusive, then which one to detect first? I think we should actually look into why these two rules exists in the first place and then decide what the fix should be. Relevant docs:
(A bit late here so calling it a day :)) |
I think this Issue on bandit might be related to the behaviour we’re seeing here with ruff? |
It think B603 is a lower priority than B602:
If that's the case, in the case where both are enabled we could defer to checking S602 first - if it's triggered, we could short-circuit the S603 check |
Huh, interesting. So I guess we're consistent with Bandit here? And the only workaround within Bandit is to add a I suppose we could consider removing |
I think that |
I vote for removal or opt-in since even non-literal statics trigger: [sys.executable, '-m', 'ruff', 'rule', '--all'] |
Yes, this rule (S602) seems completely useless right now. It triggers on a simple |
It's causing a lot of false positives, complaining about perfectly safe usages of the subprocess module. See also astral-sh/ruff#4045.
After bumping ruff from 0.0.261 to 0.0.262, I'm getting conflicted errors from the rules S602 and S603. See below for the minimal code snippet:
I have been setting
shell=False
as per the S602 rule. However, running this snippet with ruff 0.0.262 errors with the S603 rule, which suggests to setshell=True
. And if I do that, then the code is failing the S602 rule. Would you be able to check and see if this is intentional?You can find the GitHub Action logs here with the above error introduced in 0.0.262.
And you can find my ruff config here.
The text was updated successfully, but these errors were encountered: