Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation of configuration is confusing / misleading regarding exclude vs exclude_dirs #528

Open
sirosen opened this issue Aug 14, 2019 · 2 comments
Open

Documentation of configuration is confusing / misleading regarding exclude vs exclude_dirs #528

sirosen opened this issue Aug 14, 2019 · 2 comments
Labels
bug Something isn't working

Comments

@sirosen
Copy link

sirosen commented Aug 14, 2019

Reading the docs for the first time, I struggled to correctly formulate my desired .bandit.yaml.

The readme doc shows the use of exclude: /test , but the readthedocs site does not mention exclude or exclude_dirs.
I was writing a yaml doc with

exclude: ["/tests", "_build"]

and finding that files in my various _build/ directories (a project-specific packaging process) were still being scanned.

Essential

It should be obvious that I needed to write

exclude_dirs: ["/tests", "_build"]

based on the readme.

Ideal

I'd like to see:

  • the readme contains only a very simple example modern config file, i.e. yaml format
    (this is based on my understanding, after only a few minutes reading, that bandit is transitioning from "legacy" ini config to yaml?)
  • refers explicitly to the docs site for full config documentation
  • config documentation lists all available options and what they do
  • example usages for the most common options with explanations, noting particular nuances -- e.g. that exclude_dirs: ["foo"] will capture foo/, bar/foo/, etc.
@ericwb ericwb added the bug Something isn't working label Aug 14, 2019
@bittner bittner mentioned this issue Apr 22, 2020
Closed
@diegovalenzuelaiturra
Copy link

diegovalenzuelaiturra commented Nov 17, 2021
edited

Hi, the following may be helpful to configure bandit, for example, to avoid raising B101 assert_used warnings on python tests

@JRemitz
Copy link

JRemitz commented Nov 30, 2021

I had no idea that we could use exclude_dirs. We've been incorrectly using exclude within our yaml file for ages. Just noticed given our tests in CI were taking a fairly long amount of time.

This was referenced Apr 3, 2022
Closed
Merged
sigmavirus24 pushed a commit that referenced this issue Aug 11, 2022
@bittner
[docs] Mention exclude_dirs option available in TOML and YAML (#876)
ebd168a 
* [docs] Use code-blocks for syntax highighting, un-inline hyperlinks

* [docs] Mention `exclude_dirs` option available in TOML and YAML

Make configuration examples easier to understand and use

Explain how to install TOML support

As discovered in #488 and reported in #528.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sirosen @ericwb @JRemitz @diegovalenzuelaiturra