fix: pass --excludes to bandit

Until PyCQA/bandit#657 is fixed, specify --excludes when invoking bandit. Remove version exclusion for bandit 1.6.3 since 1.7.0 has the same issue. Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
kevinoid · Mar 31, 2021 · 11affe1 · 11affe1
1 parent 18958d0
commit 11affe1
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/.bandit b/.bandit
@@ -1,4 +1,6 @@
 [bandit]
+# Note: exclude is ignored by bandit 1.6.3 and later.
+# See https://github.com/PyCQA/bandit/issues/657
 exclude = /.tox/,/.venv/
 # B101 assert_used (needed for pytest, arguably useful outside)
 # B321 ftplib (not actionable)

diff --git a/requirements/dev.in b/requirements/dev.in
@@ -1,5 +1,5 @@
 # Abstract top-level development dependencies (e.g. linters and other tools)
-bandit!=1.6.3
+bandit
 black; python_version >= '3.6'
 blacken-docs; python_version >= '3.6'
 flake8

diff --git a/tox.ini b/tox.ini
@@ -29,7 +29,7 @@ commands_pre =
 commands =
     flake8
     pylint_runner
-    bandit -f txt -r .
+    bandit -f txt --exclude /.git/,/.tox/,/.venv/,/__pycache__/ -r .
     pyroma .
     vulture --exclude */docs/*,*/tests/*,*/.tox/*,*/.venv*/* .
     black --check --diff .