Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--config pyproject.toml gives "expected '<document start>', but found '<scalar>'" #768

Closed
Torxed opened this issue Jan 4, 2022 · 4 comments
Closed

--config pyproject.toml gives "expected '<document start>', but found '<scalar>'" #768

Torxed opened this issue Jan 4, 2022 · 4 comments
Labels
bug Something isn't working

Comments

@Torxed
Copy link

Torxed commented Jan 4, 2022
edited
Loading

Describe the bug

I've got the following pyproject.toml file:

[build-system]
requires = ["flit_core >=2,<4"]
build-backend = "flit_core.buildapi"

....

[tool.bandit]
targets = ["ourkvm"]
exclude = ["/tests"]

Which errors out when running bandit:

[Torxed@Laptop Project]$ bandit --config pyproject.toml -r src/
[config]	ERROR	expected '<document start>', but found '<scalar>'
  in "pyproject.toml", line 2, column 1
[main]	ERROR	pyproject.toml : Error parsing file.

And if I read the config parser code correctly, this should trigger this block: https://github.com/orsinium-forks/bandit/blob/d8fce0dcd84b2b1aca7d2be8d469458ea83c0bbe/bandit/core/config.py#L39-L46

If I put a comment on line 2, it complains on line 3, and so on.
And I can't say it's a problem with toml reading the file either:

Python 3.10.1 (main, Dec 18 2021, 23:53:45) [GCC 11.1.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import toml
>>> with open('pyproject.toml', 'r') as fh:
...     data = toml.load(fh)
...
>>> data['tool']['bandit']
{'targets': ['src'], 'exclude': ['/tests']}

Is this a Python 3.10 issue?

Bandit version

1.7.0 (Default)

Python version

3.9 (Default)

Additional context

Python 3.10, not python 3.9
@Torxed Torxed added the bug Something isn't working label Jan 4, 2022
@mrkovalchuk
Copy link

mrkovalchuk commented Jan 6, 2022
edited
Loading

Hi! As I can see, pyproject.toml support was not included in 1.7.0 version. Relevant MR was merged last year august: #401

@Torxed
Copy link
Author

Torxed commented Jan 6, 2022

Hi! As I can see, pyproject.toml support was not included in 1.7.0 version. Relevant MR was merged last year august: #401

Ah, I just took for granted that Bandit was updated at least within a year or so.
But I now see that the latest stable release was Dec 13, 2020.

Looks like the latest changes in master is becoming pretty big, is there any plans on releasing v1.7.1 ish soon? Would be nice to include bandit in some projects but I'd like to avoid having different .ini files.

@Torxed Torxed closed this as completed Jan 6, 2022
@mrkovalchuk
Copy link

mrkovalchuk commented Jan 6, 2022
edited
Loading

I am so sorry! 1.7.1 has been released! #758 Try to upgrade.

It was as a surprise to me =)

@Torxed Torxed reopened this Jan 6, 2022
@Torxed
Copy link
Author

Torxed commented Jan 6, 2022

Ah, yesterday as well heh.
I'm sure that solves it otherwise I'll re-open this. (accidental re-open)

@Torxed Torxed closed this as completed Jan 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Torxed @mrkovalchuk