Use current directory unless explicitly specified #467
Labels
enhancement
New feature or request
Comments
|
I do agree. And it shouldn't cause any backwards capability issue that I can think of. It would make the |
bittner
added a commit
to behave/behave-django
that referenced
this issue
Jan 10, 2022
Bandit UX is seriously broken, only <1.6 works predictably. Exclude/ignore of files is currently broken in Bandit: - PyCQA/bandit#693 - PyCQA/bandit#490 - PyCQA/bandit#438 (comment) Reading settings from configuration files is broken: - PyCQA/bandit#753 - PyCQA/bandit#595 Reading from pyproject.toml not yet functional: - Must install "toml" package and use "-c pyproject.toml". - PyCQA/bandit#758 INI file configuration and CLI usage is unclear: - PyCQA/bandit#603 - PyCQA/bandit#467 - PyCQA/bandit#396
bittner
added a commit
to behave/behave-django
that referenced
this issue
Jan 10, 2022
Bandit UX is seriously broken, only <1.6 works predictably. Exclude/ignore of files is currently broken in Bandit: - PyCQA/bandit#693 - PyCQA/bandit#490 - PyCQA/bandit#438 (comment) Reading settings from configuration files is broken: - PyCQA/bandit#753 - PyCQA/bandit#595 Reading from pyproject.toml not yet functional: Must install "toml" package and use "-c pyproject.toml". - PyCQA/bandit#758 INI file configuration and CLI usage is unclear: - PyCQA/bandit#603 - PyCQA/bandit#467 - PyCQA/bandit#396
bittner
added a commit
to behave/behave-django
that referenced
this issue
Jan 10, 2022
Bandit UX is seriously broken, only <1.6 works predictably. Exclude/ignore of files is currently broken in Bandit: - PyCQA/bandit#693 - PyCQA/bandit#490 - PyCQA/bandit#438 (comment) Reading settings from configuration files is broken: - PyCQA/bandit#753 - PyCQA/bandit#595 Reading from pyproject.toml not yet functional: Must install "toml" package and use "-c pyproject.toml". - PyCQA/bandit#758 INI file configuration and CLI usage is unclear: - PyCQA/bandit#603 - PyCQA/bandit#467 - PyCQA/bandit#396
|
Rethinking my opinion on this one... I think we should try to conform to CLI standards as much as possible. After reading (https://clig.dev/#help), it states only if your program is very simple should you automatically run an action. A non-simple command should output the help, as Bandit does today. And I would argue that a Bandit run can be non-trivial and time consuming if run against many files (especially when run recursively). Therefore I feel it's better to keep the current behavior. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
A usability issue, not a technical problem. It's also about an alignment of the CLI handling with, e.g., flake8, to honor programmers' muscle memory.
Describe the solution you'd like
Bandit should assume to be meant to run against the current folder, ideally recursively. Hence, running just
banditwould try to look up a configuration file (e.g..banditet al.) and run its checks against the current working directory in a recursive manner.Currently, you have to run
bandit -r .for the same behavior.Describe alternatives you've considered
Running Bandit is non-destructive. It should be safe to assume sane defaults to make our lives easier. There are no real alternatives w.r.t. the CLI and the .bandit configuration file.
Just running
banditshould do something meaningful (to get the job done, including saving time).The actual alternative is having a tool that is more cumbersome to use than it could be. We don't want this, do we?
Additional context
See also: #274, #396
The text was updated successfully, but these errors were encountered: