Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Bandit can't read config file when run in pre-commit
See original GitHub issueDescribe the bug
When running bandit as a pre-commit hooks on pre-commit.ci or locally I am getting an error that says the Bandit hook can’t read the pyproject.toml file. I’ve also tried this with other bandit config file approaches (bandit.yaml) and received the same error message.
Specifically, I’m getting an error message that says: [main] ERROR pyproject.toml : Could not read config file.
However, when I run bandit from the command line it appears to work (e.g. bandit . -r -c pyproject.toml).
Also note that I’ll cross-post this on the pre-commit repository so they are aware too.
Reproduction steps
1. Install pre-commmit using .pre-commit-config.yaml file pasted below
2. Add pyproject.toml section that looks like
[tool.bandit]
exclude_dirs = ["*/tests/*"]
3. Commit a changed Python file so the pre-commit hooks run on it
Settings in .pre-commit-config.yaml:
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.1.0
hooks:
- id: check-added-large-files
args: ['--maxkb=1000']
- id: check-ast
- id: check-case-conflict
- id: check-merge-conflict
- id: check-symlinks
- id: check-yaml
- id: check-toml
- id: debug-statements
- id: end-of-file-fixer
- id: fix-encoding-pragma
- id: requirements-txt-fixer
- id: trailing-whitespace
- id: check-docstring-first
- id: name-tests-test
args: ['--django']
- id: no-commit-to-branch
- repo: https://github.com/pycqa/isort
rev: 5.10.1
hooks:
- id: isort
name: isort
- repo: https://github.com/psf/black
rev: 22.3.0
hooks:
- id: black
language_version: python3
- repo: https://github.com/pycqa/flake8
rev: 4.0.1
hooks:
- id: flake8
exclude: docs/source/conf.py, __pycache__
additional_dependencies: [flake8-bugbear, flake8-builtins, flake8-quotes, flake8-comprehensions, pandas-vet, flake8-print, pep8-naming, doc8]
- repo: https://github.com/pycqa/pydocstyle
rev: 6.1.1
hooks:
- id: pydocstyle
additional_dependencies: ["toml"]
- repo: https://github.com/nbQA-dev/nbQA
rev: 1.3.1
hooks:
- id: nbqa-isort
args: [--nbqa-mutate, --nbqa-dont-skip-bad-cells]
additional_dependencies: [isort==5.6.4]
- id: nbqa-black
args: [--nbqa-mutate, --nbqa-dont-skip-bad-cells]
additional_dependencies: [black==20.8b1]
- id: nbqa-flake8
args: [--nbqa-dont-skip-bad-cells, "--extend-ignore=E402,E203"]
additional_dependencies: [flake8==3.8.3]
- repo: https://github.com/PyCQA/bandit
rev: 1.7.4
hooks:
- id: bandit
args: ["-c pyproject.toml"]
- repo: https://github.com/PyCQA/doc8
rev: 0.11.2
hooks:
- id: doc8
args: ["--max-line-length=88", "--config=pyproject.toml", "docs"]
additional_dependencies: ["tomli"]
Expected behavior
Bandit should be able to find its configuration files within a pre-commit environment.
Ideally you would not need to tell Bandit where to look for the config file. Instead Bandit would just look in areas (from preferred files down to less preferred ones) like many linters do.
Bandit version
1.7.4 (Default)
Python version
3.9
Additional context
No response
Issue Analytics
- State:
- Created a year ago
- Reactions:4
- Comments:7 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@RNKuhns Sorted it! Make this your entry to
.pre-commit-config.yaml@matroscoe I confirmed this works. Maybe the bandit docs could be updated with the information?