Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#nosec string outside of a comment is treated as a comment #383

Closed
posita opened this issue Sep 12, 2018 · 1 comment
Closed

#nosec string outside of a comment is treated as a comment #383

posita opened this issue Sep 12, 2018 · 1 comment
Assignees
@ericwb
Labels
bug Something isn't working

Comments

@posita
Copy link

posita commented Sep 12, 2018
edited
Loading

From @ehooo in #211 (comment):

Hi I found a bug related with the way that "nosec " comment is checked.
For example vulnerable_call(param="#nosec") this line will be scaped

When fixing this, please do not introduce a regression that prevents use of in-line # nosec comments alongside other source code analyzers' line comment directives? Consider someone who uses Mypy notations, pyflakes, pylint, and bandit:

… # type: … # nosec # noqa: E501 ; pylint: disable=line-too-long
@posita posita mentioned this issue Sep 12, 2018
Closed
@ericwb
Copy link
Member

ericwb commented Sep 18, 2018
edited
Loading

Here is the culprit:
https://github.com/PyCQA/bandit/blob/master/bandit/core/manager.py#L277

To fix this might require use of Python's tokenize module since the AST doesn't provide info on comments. But using tokenize could result in a performance penalty.

@ericwb ericwb added the bug Something isn't working label Sep 20, 2018
@ericwb ericwb self-assigned this Sep 21, 2018
@ericwb ericwb mentioned this issue Sep 21, 2018
Merged
@ehooo ehooo mentioned this issue Jul 8, 2019
Closed
This was referenced Feb 27, 2020
Closed
Closed
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ericwb ericwb

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@posita @ericwb