-
-
Notifications
You must be signed in to change notification settings - Fork 616
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
INI file format is not obviously documented anywhere #396
Comments
Why did you close this issue, @darakian? The documentation for configuring the execution of Bandit is indeed sparse.
Can we reopen the issue? |
You're welcome to reopen the issue, but solved my issue by using some bash to replace the include/exclude logic. |
I can't reopen it. Only you and project maintainers can. Thanks in advance! 👍 |
@bittner Whoops. Reopened for ya. If it helps the conversation here's the bash/git logic I ended up with
or in English
It's a bit of a hack, but it's been solid for build system. The static file is used to prevent bandit from failing in the event that the branch has no files which differ. |
Awesome hack! Yeah, it's reeeeaally a hack! The I have also solved "my" problem, which was finding out how to tell the bandit to steal all options from my [tox]
envlist = bandit
[testenv:bandit]
deps = bandit
commands = bandit --ini tox.ini
[bandit]
exclude = .tox,build,dist,tests
recursive = true
targets = . ... which allows me to run simply But that was all guesswork and reading from the source code (bandit.cli and bandit.core.utils). For the |
Looks like I overlooked the WARNING: Running Bandit with just the $ bandit --ini tox.ini
[main] INFO Using ini file for excluded paths
[main] INFO Using ini file for selected targets
[main] INFO profile include tests: None
[main] INFO profile exclude tests: None
[main] INFO cli include tests: None
[main] INFO cli exclude tests: None
[main] INFO running on Python 3.6.6
[manager] WARNING Skipping directory (behave_django), use -r flag to scan contents
Run started:2019-03-21 08:48:49.567794
... At least the A successful call must look like this: $ bandit -r --ini tox.ini
[main] INFO Using ini file for excluded paths
[main] INFO Using ini file for selected targets
[main] INFO profile include tests: None
[main] INFO profile exclude tests: None
[main] INFO cli include tests: None
[main] INFO cli exclude tests: None
[main] INFO running on Python 3.6.6
Run started:2019-03-21 08:54:10.220742
... ... or with a $ bandit -r .
[main] INFO Found project level .bandit file: ./.bandit
[main] INFO Using ini file for excluded paths
[main] INFO Using command line arg for selected targets
[main] INFO profile include tests: None
[main] INFO profile exclude tests: None
[main] INFO cli include tests: None
[main] INFO cli exclude tests: None
[main] INFO running on Python 3.6.6
Run started:2019-03-21 08:53:40.683285
... |
Hi, the following may be helpful to configure |
Bandit UX is seriously broken, only <1.6 works predictably. Exclude/ignore of files is currently broken in Bandit: - PyCQA/bandit#693 - PyCQA/bandit#490 - PyCQA/bandit#438 (comment) Reading settings from configuration files is broken: - PyCQA/bandit#753 - PyCQA/bandit#595 Reading from pyproject.toml not yet functional: - Must install "toml" package and use "-c pyproject.toml". - PyCQA/bandit#758 INI file configuration and CLI usage is unclear: - PyCQA/bandit#603 - PyCQA/bandit#467 - PyCQA/bandit#396
Bandit UX is seriously broken, only <1.6 works predictably. Exclude/ignore of files is currently broken in Bandit: - PyCQA/bandit#693 - PyCQA/bandit#490 - PyCQA/bandit#438 (comment) Reading settings from configuration files is broken: - PyCQA/bandit#753 - PyCQA/bandit#595 Reading from pyproject.toml not yet functional: Must install "toml" package and use "-c pyproject.toml". - PyCQA/bandit#758 INI file configuration and CLI usage is unclear: - PyCQA/bandit#603 - PyCQA/bandit#467 - PyCQA/bandit#396
Bandit UX is seriously broken, only <1.6 works predictably. Exclude/ignore of files is currently broken in Bandit: - PyCQA/bandit#693 - PyCQA/bandit#490 - PyCQA/bandit#438 (comment) Reading settings from configuration files is broken: - PyCQA/bandit#753 - PyCQA/bandit#595 Reading from pyproject.toml not yet functional: Must install "toml" package and use "-c pyproject.toml". - PyCQA/bandit#758 INI file configuration and CLI usage is unclear: - PyCQA/bandit#603 - PyCQA/bandit#467 - PyCQA/bandit#396
Hey, I have the same question of @bittner. Why are there two different configuration files? |
True, it might make sense to consolidate configuration settings in a single place. Whatever file format is used, users should be able to configure everything there, not one thing here and other things in a second place. The current state is confusing. The INI file format and options are now explained in the documentation along with YAML and TOML. We can probably close this issue now. |
Why closing the issue before a decision about it? There's still an undocumented |
INI is also used by Python's |
PEP-621 obliterates the setup.py/setup.py and I very happy about it. It is true that INI files have no standard at all, they should be avoided like plague. Based on this, I would say that the only think needed be done is to add a statement to the docs that this format is deprecated/discouraged in favour of either YAML or TOML, or both. |
The docs mention exclude flags, but where can I find a complete list of the available flags?
The text was updated successfully, but these errors were encountered: