Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

#nosec is not working for multiline assert.

See original GitHub issue

Describe the bug #nosec is not working for multiline assert.

To Reproduce I have a multiline assert like the following:

assert 10<20, 'display a very' \
            'long multiline message' \
            'for this assert' #nosec

I have added #nosec to the above assert. When I run bandit -r, it does not exclude the error.

Expected behavior Adding #nosec should exclude the error

Bandit version

bandit 1.6.2
  python version = 3.6.5 |Anaconda, Inc.| (default, Mar 29 2018, 13:32:41) [MSC v.1900 64 bit (AMD64)]

Issue Analytics

State:
Created 3 years ago
Reactions:2
Comments:5

Top GitHub Comments

2reactions

GliderGeekcommented, Nov 10, 2021

i found a workaround: tuple (un)packing

query = (  # nosec
"""
<my manual query>
""")

0reactions

bguggscommented, Dec 28, 2021

i found a workaround: tuple (un)packing
query = (  # nosec
"""
<my manual query>
""")

This workaround can still be a problem if using black, as it will try to be helpful and reformat the multiline with parens back to the following which still breaks:

query = """
<my manual query>
""" # nosec

Top Results From Across the Web

What is the way to ignore/skip some issues from python bandit ...

You can either proactively break up the line and position # nosec at the first one. Or you can just wait out black...

pytest Documentation - Read the Docs

The first test passed and the second failed. You can easily see the intermediate values in the assertion to help you under-.

PEP 679 – Allow parentheses in assert statements

When teaching the form with error message of the assert statement to users, now it can be noted that adding parentheses also work...

What's new — nose 1.3.7 documentation - Nosetests

Fix #771: attr plugin is broken when parent and child share same method name with different attributes Patch by John Szakmeister. Test case...

Linters | golangci-lint

Name Description Presets Since asasalint ⚙️ check for pass any as any in variadic func(...any) bugs 1.47.0 bidichk ⚙️ Checks for dangerous unicode character sequences...