Simplify bandit config and allow `assert`

author: Anthony Sottile <asottile@umich.edu> 2019-09-07 23:42:33 -0700
committer: Anthony Sottile <asottile@umich.edu> 2019-09-07 23:42:33 -0700
commit: f0cd1537acbe2a737e2d5b111c5ee7a05e07c0a2 (patch)
tree: c371034f267f5c3472f3909cf595c0c4765ada23
parent: a13f02a386c63f307e5d48fbccd9ccea8dd6fa9f (diff)
download: flake8-f0cd1537acbe2a737e2d5b111c5ee7a05e07c0a2.tar.gz
2 files changed, 4 insertions, 83 deletions
diff --git a/.bandit.yml b/.bandit.yml
index ea868e2..759a506 100644
--- a/.bandit.yml
+++ b/.bandit.yml
@@ -1,84 +1,5 @@
-tests:
 skips:
+- B101  # Ignore defensive `assert`s (especially useful for mypy)
 - B404  # Ignore warnings about importing subprocess
 - B603  # Ignore warnings about calling subprocess.Popen without shell=True
 - B607  # Ignore warnings about calling subprocess.Popen without a full path to executable
-
-### (optional) plugin settings - some test plugins require configuration data
-### that may be given here, per-plugin. All bandit test plugins have a built in
-### set of sensible defaults and these will be used if no configuration is
-### provided. It is not necessary to provide settings for every (or any) plugin
-### if the defaults are acceptable.
-
-any_other_function_with_shell_equals_true:
-  no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
-    os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
-    os.spawnvp, os.spawnvpe, os.startfile]
-  shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
-    popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
-  subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
-    utils.execute, utils.execute_with_timeout]
-execute_with_run_as_root_equals_true:
-  function_names: [ceilometer.utils.execute, cinder.utils.execute, neutron.agent.linux.utils.execute,
-    nova.utils.execute, nova.utils.trycmd]
-hardcoded_tmp_directory:
-  tmp_dirs: [/tmp, /var/tmp, /dev/shm]
-linux_commands_wildcard_injection:
-  no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
-    os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
-    os.spawnvp, os.spawnvpe, os.startfile]
-  shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
-    popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
-  subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
-    utils.execute, utils.execute_with_timeout]
-password_config_option_not_marked_secret:
-  function_names: [oslo.config.cfg.StrOpt, oslo_config.cfg.StrOpt]
-ssl_with_bad_defaults:
-  bad_protocol_versions: [PROTOCOL_SSLv2, SSLv2_METHOD, SSLv23_METHOD, PROTOCOL_SSLv3,
-    PROTOCOL_TLSv1, SSLv3_METHOD, TLSv1_METHOD]
-ssl_with_bad_version:
-  bad_protocol_versions: [PROTOCOL_SSLv2, SSLv2_METHOD, SSLv23_METHOD, PROTOCOL_SSLv3,
-    PROTOCOL_TLSv1, SSLv3_METHOD, TLSv1_METHOD]
-start_process_with_a_shell:
-  no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
-    os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
-    os.spawnvp, os.spawnvpe, os.startfile]
-  shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
-    popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
-  subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
-    utils.execute, utils.execute_with_timeout]
-start_process_with_no_shell:
-  no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
-    os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
-    os.spawnvp, os.spawnvpe, os.startfile]
-  shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
-    popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
-  subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
-    utils.execute, utils.execute_with_timeout]
-start_process_with_partial_path:
-  no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
-    os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
-    os.spawnvp, os.spawnvpe, os.startfile]
-  shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
-    popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
-  subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
-    utils.execute, utils.execute_with_timeout]
-subprocess_popen_with_shell_equals_true:
-  no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
-    os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
-    os.spawnvp, os.spawnvpe, os.startfile]
-  shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
-    popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
-  subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
-    utils.execute, utils.execute_with_timeout]
-subprocess_without_shell_equals_true:
-  no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
-    os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
-    os.spawnvp, os.spawnvpe, os.startfile]
-  shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
-    popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
-  subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
-    utils.execute, utils.execute_with_timeout]
-try_except_continue: {check_typed_exception: false}
-try_except_pass: {check_typed_exception: false}
-
diff --git a/src/flake8/utils.py b/src/flake8/utils.py
index 92fec71..68eff98 100644
--- a/src/flake8/utils.py
+++ b/src/flake8/utils.py
@@ -39,7 +39,7 @@ def parse_comma_separated_list(value, regexp=COMMA_SEPARATED_LIST_RE):
     :rtype:
         list
     """
-    assert isinstance(value, string_types), value  # nosec (for bandit)
+    assert isinstance(value, string_types), value
 
     separated = regexp.split(value)
     item_gen = (item.strip() for item in separated)
@@ -163,7 +163,7 @@ def normalize_paths(paths, parent=os.curdir):
     :rtype:
         [str]
     """
-    assert isinstance(paths, list), paths  # nosec (for bandit)
+    assert isinstance(paths, list), paths
     return [normalize_path(p, parent) for p in paths]
 
 
@@ -276,7 +276,7 @@ def parse_unified_diff(diff=None):
                 1 if not group else int(group)
                 for group in hunk_match.groups()
             ]
-            assert current_path is not None  # nosec (for mypy)
+            assert current_path is not None
             parsed_paths[current_path].update(
                 range(row, row + number_of_rows)
             )
author	Anthony Sottile <asottile@umich.edu>	2019-09-07 23:42:33 -0700
committer	Anthony Sottile <asottile@umich.edu>	2019-09-07 23:42:33 -0700
commit	f0cd1537acbe2a737e2d5b111c5ee7a05e07c0a2 (patch)
tree	c371034f267f5c3472f3909cf595c0c4765ada23
parent	a13f02a386c63f307e5d48fbccd9ccea8dd6fa9f (diff)
download	flake8-f0cd1537acbe2a737e2d5b111c5ee7a05e07c0a2.tar.gz