Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Exclude paths in config file ignored if passing specific files to Bandit CLI
See original GitHub issueUPDATE: please see my below comment for an updated description of the problem.
Describe the bug When using the pre-commit hook, my excluded paths listed in .bandit are still processed by bandit.
To Reproduce Steps to reproduce the behavior:
- Create a .bandit config file with exclusions. For example:
[bandit] exclude: ./node_modules/*,./tests/* - Run bandit via command line (
bandit -r .), verify exclusions ignored. - Run bandit on all files via pre-commit hook:
pre-commit run --all-files bandit - See that excluded files are processed by bandit
Expected behavior I expect the excluded paths to be ignored.
Bandit version
bandit 1.6.0
python version = 3.7.3 (default, May 27 2019, 05:16:50) [Clang 10.0.0 (clang-1000.10.44.4)]
Issue Analytics
- State:
- Created 4 years ago
- Reactions:8
- Comments:18 (7 by maintainers)
Top Results From Across the Web
Configuration — Bandit documentation - Read the Docs
Bandit Settings ¶. Projects may include an INI file named .bandit , which specifies command line arguments that should be supplied for that...
Read more >bandit - Adding command line option to exclude paths
This commit adds a command line option '--exclude' where comma separated paths to exclude can be provided. These will be excluded in addition...
Read more >Bandit Documentation - Read the Docs
Projects may include an INI file named .bandit, which specifies command line arguments that should be supplied for that project.
Read more >Global options - Pants build
--pants-config-files ; it will be ignored if in a config file like pants.toml . ... Use pantsrc files located at the paths specified...
Read more >Ignore a Manifest File During Deployment - Harness.io Docs
Instead, you can tell Harness to ignore these files and then apply them separately using the Harness Apply step.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I just ran into the same issue. Which makes this pretty bad for me right now is that bandit is executed via a CI-pipeline defined by a centrally configured GitLab instance. This always runs bandit using
bandit -r <package_name>and I don’t have direct control over this in the project.In my project I have some files that I want to exclude and wrote them into
.banditYet, the pipeline still fails because of this issue.
So now I’m forced to write
# noseccomments into all files in a given subfolder even though that particular subfolder only contains utilities which never receive end-user input and could be ignored alltogether.ini file for dir exclusion doesn’t work with
-roption. It’s super confusing.My
.banditRunning with
bandit -r .Tests dirs and files are not ignored but everything works fine with
bandit -x "test_*.py,./venv/,./env/,./node_modules/,./cacheback/,./.env,./.venv,migrations,tests" -r .I am confused.