Bandit can't read config file when run in pre-commit
See original GitHub issueDescribe the bug
When running bandit as a pre-commit hooks on pre-commit.ci or locally I am getting an error that says the Bandit hook can’t read the pyproject.toml file. I’ve also tried this with other bandit config file approaches (bandit.yaml) and received the same error message.
Specifically, I’m getting an error message that says: [main] ERROR pyproject.toml : Could not read config file.
However, when I run bandit from the command line it appears to work (e.g. bandit . -r -c pyproject.toml).
Also note that I’ll cross-post this on the pre-commit repository so they are aware too.
Reproduction steps
1. Install pre-commmit using .pre-commit-config.yaml file pasted below
2. Add pyproject.toml section that looks like
[tool.bandit]
exclude_dirs = ["*/tests/*"]
3. Commit a changed Python file so the pre-commit hooks run on it
Settings in .pre-commit-config.yaml:
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.1.0
hooks:
- id: check-added-large-files
args: ['--maxkb=1000']
- id: check-ast
- id: check-case-conflict
- id: check-merge-conflict
- id: check-symlinks
- id: check-yaml
- id: check-toml
- id: debug-statements
- id: end-of-file-fixer
- id: fix-encoding-pragma
- id: requirements-txt-fixer
- id: trailing-whitespace
- id: check-docstring-first
- id: name-tests-test
args: ['--django']
- id: no-commit-to-branch
- repo: https://github.com/pycqa/isort
rev: 5.10.1
hooks:
- id: isort
name: isort
- repo: https://github.com/psf/black
rev: 22.3.0
hooks:
- id: black
language_version: python3
- repo: https://github.com/pycqa/flake8
rev: 4.0.1
hooks:
- id: flake8
exclude: docs/source/conf.py, __pycache__
additional_dependencies: [flake8-bugbear, flake8-builtins, flake8-quotes, flake8-comprehensions, pandas-vet, flake8-print, pep8-naming, doc8]
- repo: https://github.com/pycqa/pydocstyle
rev: 6.1.1
hooks:
- id: pydocstyle
additional_dependencies: ["toml"]
- repo: https://github.com/nbQA-dev/nbQA
rev: 1.3.1
hooks:
- id: nbqa-isort
args: [--nbqa-mutate, --nbqa-dont-skip-bad-cells]
additional_dependencies: [isort==5.6.4]
- id: nbqa-black
args: [--nbqa-mutate, --nbqa-dont-skip-bad-cells]
additional_dependencies: [black==20.8b1]
- id: nbqa-flake8
args: [--nbqa-dont-skip-bad-cells, "--extend-ignore=E402,E203"]
additional_dependencies: [flake8==3.8.3]
- repo: https://github.com/PyCQA/bandit
rev: 1.7.4
hooks:
- id: bandit
args: ["-c pyproject.toml"]
- repo: https://github.com/PyCQA/doc8
rev: 0.11.2
hooks:
- id: doc8
args: ["--max-line-length=88", "--config=pyproject.toml", "docs"]
additional_dependencies: ["tomli"]
Expected behavior
Bandit should be able to find its configuration files within a pre-commit environment.
Ideally you would not need to tell Bandit where to look for the config file. Instead Bandit would just look in areas (from preferred files down to less preferred ones) like many linters do.
Bandit version
1.7.4 (Default)
Python version
3.9
Additional context
No response
Issue Analytics
- State:
- Created a year ago
- Reactions:4
- Comments:7 (1 by maintainers)
@RNKuhns Sorted it! Make this your entry to
.pre-commit-config.yaml
@matroscoe I confirmed this works. Maybe the bandit docs could be updated with the information?