Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ini "exclude" config is ignored

See original GitHub issue

Describe the bug exclude configuration inside .bandit ini file is always ignored due to default cli argument.

To Reproduce Steps to reproduce the behavior:

Create . bandit file with the following.

[bandit]
targets: .
exclude: ./tests

Run CLI with bandit --ini .bandit -r in a directory with .bandit file.
You should now see that Bandit is prefer CLI argument for exclude over ini.

[main]	INFO	Using command line arg for excluded paths
[main]	INFO	Using ini file for selected targets

Expected behavior Bandit should use .bandit configuration as there’s no CLI argument supplied then append default value to it as specified in argparse.

  -x EXCLUDED_PATHS, --exclude EXCLUDED_PATHS
                        comma-separated list of paths (glob patterns supported) to exclude
                        from scan (note that these are in addition to the excluded paths
                        provided in the config file) (default:
                        .svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg)

Bandit version

bandit 1.7.0
  python version = 3.8.0 (default, Sep  3 2020, 18:08:13) [Clang 11.0.3 (clang-1103.0.32.62)]

Additional context I believe this happens due to the default value for -x given to argparse. This means the ini configuration is always ignored as the code take default value as supplied CLI.

Workaround Supplied exclude via CLI when running Bandit regardless of your ini. bandit -x ./tests --ini .bandit -r .

Issue Analytics

State:
Created 3 years ago
Reactions:19
Comments:11

Top GitHub Comments

7reactions

bsolomon1124commented, Mar 1, 2021

Coupled with https://github.com/PyCQA/bandit/issues/595, https://github.com/PyCQA/bandit/issues/657, and https://github.com/PyCQA/bandit/issues/488 (unceremoniously closed for no reason), I’d venture to say ‘exclude’ is pretty much nonfunctional at this point.

4reactions

stuertzcommented, Aug 11, 2021

As a workaoround I call bandit -x "" So that _log_option_source doesn’t get the defaults. Or for .pre-commit-config.yaml:

    - repo: https://github.com/PyCQA/bandit
      rev: 1.7.0
      hooks:
          - id: bandit
            args: ['--ini', '.bandit', '-x', '']

Top Results From Across the Web

Exclude tests in pytest configuration file - Stack Overflow

As has been noted in the comments, --ignore takes a path (relative or absolute), not just a module name. From the output of...

The mypy configuration file - mypy 0.991 documentation

The configuration file format is the usual ini file format. ... names and paths which mypy should ignore while recursively discovering files to...

Configuring Flake8 — flake8 6.0.0 documentation

In our case, we keep our Flake8 configuration in tox.ini . ... flake8 --extend-ignore E203 \ --exclude .git,__pycache__,docs/source/conf.py,old,build,dist ...

Ignoring Files And Directories – TortoiseGit – Documentation

More examples include user-specific workspace settings *.suo, *.user (Visual ... Write the ignore entries in .git/info/exclude in repository metadata.

[Gerrit] flake8/pep8 should ignore *.egg in root directory

pywikibot/date.py +exclude = .tox,.git,./*.egg,ez_setup.py,externals,user-config.py,./scripts/i18n/*,./pywikibot/date.py max_line_length = 256 [pep8] ignore ...