Properly handle nosec strings in code #388

ericwb · 2018-09-21T00:38:22Z

The string "# nosec" has a chance (albeit remote) that it can be
part of the code on the line not just within the comment. Bandit
currently checks the entire line for that string.

This patch tokenizes the line of input to figure out what piece
is a comment, then compares whether that comment contains "# nosec".

Fixes #383

Signed-off-by: Eric Brown browne@vmware.com

The string "# nosec" has a chance (albeit remote) that it can be part of the code on the line not just within the comment. Bandit currently checks the entire line for that string. This patch tokenizes the line of input to figure out what piece is a comment, then compares whether that comment contains "# nosec". Fixes #383 Signed-off-by: Eric Brown <browne@vmware.com>

lukehinds · 2018-12-19T19:28:14Z

LGTM, happy to merge once CI passes, unless @sigmavirus24 or @ghugo have concerns?

lukehinds

shipit

ericwb requested review from ghugo, sigmavirus24 and lukehinds September 21, 2018 02:45

ericwb and others added 2 commits November 27, 2018 08:02

Merge branch 'master' into nosec

85b55b1

Merge branch 'master' into nosec

bd7d674

lukehinds approved these changes Dec 19, 2018

View reviewed changes

lukehinds merged commit ed79150 into PyCQA:master Dec 19, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Properly handle nosec strings in code #388

Properly handle nosec strings in code #388

ericwb commented Sep 21, 2018

lukehinds commented Dec 19, 2018

lukehinds left a comment

Properly handle nosec strings in code #388

Properly handle nosec strings in code #388

Conversation

ericwb commented Sep 21, 2018

lukehinds commented Dec 19, 2018

lukehinds left a comment

Choose a reason for hiding this comment