Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New exclude_regex Filter to Address False Positives on Password Tests #973

Open
comc opened this issue Dec 13, 2022 · 0 comments
Open

New exclude_regex Filter to Address False Positives on Password Tests #973

comc opened this issue Dec 13, 2022 · 0 comments
Labels
enhancement New feature or request

Comments

@comc
Copy link

comc commented Dec 13, 2022

Is your feature request related to a problem? Please describe.
Consistent issues arise on false positives of "token"-matched variable names in tests B105 and B106.

See: #498, #842, #843, #211

Describe the solution you'd like
It would be useful to have an exclude_regex field available to filter variable names, and not just excludes at the files and tests level.

Describe alternatives you've considered

  • exclude and exclude_dirs skips entire files/folders and are too permissive
  • skips completely skips entire tests and are too permissive
  • # nosec entries clutter source code when there are excessive false positives

Additional context
Ideally, coupling an exclude_regex with exclude would be ideal granularity.

Example pyproject.toml to exclude "token" variable name filtering only in files under "tests/" folders for B106:

[tool.bandit.hardcoded_password_funcarg]
exclude_dirs = ["tests"]
exclude_regex = ["token"]

👍?
@comc comc added the enhancement New feature or request label Dec 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@comc