Skip to content

Commit

Permalink
Restore older Bandit version for predictive setup
Browse files Browse the repository at this point in the history
Bandit UX is seriously broken, only <1.6 works predictably.

Exclude/ignore of files is currently broken in Bandit:
- PyCQA/bandit#693
- PyCQA/bandit#490
- PyCQA/bandit#438 (comment)

Reading settings from configuration files is broken:
- PyCQA/bandit#753
- PyCQA/bandit#595

Reading from pyproject.toml not yet functional:
Must install "toml" package and use "-c pyproject.toml".
- PyCQA/bandit#758

INI file configuration and CLI usage is unclear:
- PyCQA/bandit#603
- PyCQA/bandit#467
- PyCQA/bandit#396
  • Loading branch information
bittner committed Jan 10, 2022
1 parent a314a5b commit 93f1146
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 12 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: '3.8'
python-version: '3.7'
- name: Install prerequisites
run: python -m pip install --upgrade setuptools pip wheel tox
- name: Run ${{ matrix.env }}
Expand Down
10 changes: 1 addition & 9 deletions pyproject.toml
Original file line number Diff line number Diff line change
@@ -1,13 +1,5 @@
[tool.bandit]
exclude = [
".git",
".idea",
".tox",
"build",
"dist",
"docs",
"tests",
]
# Exclude/ignore of files is currently broken in Bandit.

[tool.black]
color = true
Expand Down
7 changes: 5 additions & 2 deletions tox.ini
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,8 @@ commands =

[testenv:bandit]
description = PyCQA security linter
deps = bandit
commands = bandit {posargs:-r behave_django setup}
deps = bandit<1.6
commands = bandit --ini tox.ini {posargs:-r .}

[testenv:black]
description = Ensure consistent code style
Expand Down Expand Up @@ -85,6 +85,9 @@ paths = tests/acceptance
tests/test_app
show_skipped = no

[bandit]
exclude = .git,.github,.tox,py2clean.py,py3clean.py,pypyclean.py,tests

[flake8]
exclude = docs,.cache,.tox,*.egg-info,.ropeproject

Expand Down

0 comments on commit 93f1146

Please sign in to comment.