https://pantsbuild.org/ logo
r

refined-addition-53644

04/22/2022, 3:00 PM
Another question, it seems bandit isn't using the config file I am using. This is how I have configured bandit using pants/flake8. Is there something I am missing?
Copy code
[bandit]
config = ".bandit.yml"
args = ["--quiet"]
lockfile = "build-support/bandit.txt"

[flake8]
config = ".flake8"
extra_requirements.add = [
  "flake8-black==0.3.2",
  "flake8-bandit==3.0.0",
  "setuptools==62.1.0",
]
lockfile = "build-support/flake8.txt"
āœ… 1
āœ… 1
This is
.bandit.yml
Copy code
tests: ["B201", "B301", "S101"]
skips: ["B101", "B601", "B104"]

try_except_continue:
  check_typed_exception: false
try_except_pass:
  check_typed_exception: false
The issue seems to be because of
flake8-bandit
plugin not able to read from this config file šŸ˜ž
b

bitter-ability-32190

04/22/2022, 3:30 PM
Pants doesn't know it needs to carry along that config file when making the sandbox, as it isn't necessarily related to
flake8
I'm not sure the best way to solve this either. Mind making an issue?
šŸ‘ 1
I'll comment on the issue, but TL;DR there's 2 ways to solve this: ā€¢ Have all pluggable lint tools allow for N config files being specified ā€¢ Add support for bandit as a first class tool (my preference)
r

refined-addition-53644

04/22/2022, 3:43 PM
Please have a look at the issue. I was bit unsure how to frame it. https://github.com/pantsbuild/pants/issues/15225
āœ… 1
b

bitter-ability-32190

04/22/2022, 4:01 PM
In the meantime, would you be comfortable hacking something in an in-repo Pants plugin to unblock yourself?
You could make a first-class
bandit
plugin. (And then upstream it šŸ˜‰ )
r

refined-addition-53644

04/22/2022, 4:09 PM
I deactivated the flake8-bandit plugin but bandit itself is running as part of CI.
n

narrow-vegetable-37489

04/22/2022, 11:49 PM
Bandit is already supported by Pants though, so not sure there's really any benefit to using
flake8-bandit
when using Pants :)
šŸ‘ 3
4 Views