From 691f465b4bac758ea1d6dfa9b57d3881a12954fd Mon Sep 17 00:00:00 2001
From: bersbersbers <12128514+bersbersbers@users.noreply.github.com>
Date: Thu, 13 Jun 2024 00:17:21 +0200
Subject: [PATCH] Support `configfile` in `.bandit` file (#1052)

* Support `(--)config` in `.bandit` file

* Use `configfile` instead of `config`

---------

Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>
---
 bandit/cli/main.py | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/bandit/cli/main.py b/bandit/cli/main.py
index 119380b28..0cb0f8d5f 100644
--- a/bandit/cli/main.py
+++ b/bandit/cli/main.py
@@ -450,16 +450,17 @@ def main():
             args.confidence = 4
         # Other strings will be blocked by argparse
 
-    try:
-        b_conf = b_config.BanditConfig(config_file=args.config_file)
-    except utils.ConfigError as e:
-        LOG.error(e)
-        sys.exit(2)
-
     # Handle .bandit files in projects to pass cmdline args from file
     ini_options = _get_options_from_ini(args.ini_path, args.targets)
     if ini_options:
         # prefer command line, then ini file
+        args.config_file = _log_option_source(
+            parser.get_default("configfile"),
+            args.config_file,
+            ini_options.get("configfile"),
+            "config file",
+        )
+
         args.excluded_paths = _log_option_source(
             parser.get_default("excluded_paths"),
             args.excluded_paths,
@@ -592,6 +593,12 @@ def main():
             "path of a baseline report",
         )
 
+    try:
+        b_conf = b_config.BanditConfig(config_file=args.config_file)
+    except utils.ConfigError as e:
+        LOG.error(e)
+        sys.exit(2)
+
     if not args.targets:
         parser.print_usage()
         sys.exit(2)