Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add default ini file + enable recursive option in ini #503

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add default ini file + enable recursive option in ini #503

wants to merge 2 commits into from

Conversation

Babarberousse
Copy link

See: #467

I think making recursive a default would make sense. However it could break some ci pipelines so maybe in a future PR.

Also, I made .bandit the default ini file, which means users who do not specify an ini file and don't have a .bandit file will now get a warning. Not sure we should keep it.

@Babarberousse Babarberousse force-pushed the add_recursivity branch 5 times, most recently from de54e38 to ccb9da0 Compare June 9, 2019 01:56
ericwb
ericwb requested changes Aug 18, 2019
View reviewed changes
Copy link
Member

@ericwb ericwb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change results in an warning message every time for the typical case where bandit is run with no .bandit file, yet does provide a target.

[utils]	WARNING	Unable to parse config file .bandit or missing [bandit] section

I'd rather not see warning messages when the arguments given to the CLI are correct and complete.

@bittner
Copy link
Contributor

bittner commented Oct 10, 2019

@Babarberousse Can you rebase your PR to make it ready for merging?

Also, you may address @ericwb's concern and remove the chatty warning. We may still have that, but maybe show it only with --verbose or --debug or so.

bittner
bittner reviewed Oct 10, 2019
View reviewed changes
bandit/cli/main.py Outdated
@@ -246,7 +246,7 @@ def main():
'(only JSON-formatted files are accepted)'
)
parser.add_argument(
'--ini', dest='ini_path', action='store', default=None,
'--ini', dest='ini_path', action='store', default='.bandit',
Copy link
Contributor

@bittner bittner Oct 10, 2019
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This limits the default to just a single possibility.

Other popular tools, such as flake8, behave, etc., allow the configuration to be discovered from various popular configuration files (to save the project home directory from being polluted with numerous configuration files).

I tend to place all configuration into a tox.ini file, for example. This makes sense as Tox is my main driver and single point of entry for running all tests and checks on Python projects.

@Babarberousse Babarberousse force-pushed the add_recursivity branch 5 times, most recently from 4bf77d6 to e61f86c Compare October 15, 2019 21:14
bittner
bittner reviewed Oct 16, 2019
View reviewed changes
bandit/cli/main.py Outdated

:return: the filename as a string or `None` if no ini file found
"""
for filename in [".bandit", "setup.cfg", "tox.ini"]:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are awesome! 🥇

@bittner
Copy link
Contributor

bittner commented Oct 16, 2019

This change results in an warning message every time for the typical case where bandit is run with no .bandit file, yet does provide a target.

[utils]	WARNING	Unable to parse config file .bandit or missing [bandit] section

I'd rather not see warning messages when the arguments given to the CLI are correct and complete.

@ericwb This seems fixed now.

@Babarberousse
Copy link
Author

I think there are still a few problems, although not related to this pull request. The recursive parameter is set to False by default when parsing empty CLI args. Given that CLI args prevail over ini files, this means recursivity cannot be set through ini file. I think recursivity argument could be a store_const=True instead of a store_true so it is set to None without CLI args.

Also, there's a bit of redundancy between my find_ini_files function and the _get_options_from_ini function.

I'll try to look at these issues this week-end and try to make it a bit cleaner.

@Babarberousse Babarberousse force-pushed the add_recursivity branch 4 times, most recently from b2f927d to 8256521 Compare October 20, 2019 22:16
@Babarberousse
Copy link
Author

Babarberousse commented Oct 20, 2019
edited

I went a bit further than what my initial PR was supposed to be and:

  • Made recursivity true as a default
  • fixed the issue with the broken bool params in the ini files. The default values for bool params are not set with argparse anymore as it would have prevented the ini file from overriding these default values. I suspect some non-bool params still don't work although I haven't tested them (aggregates, level, confidence,...)
  • Abstracted some existing argparse logic into new functions.
  • Added support for setup.cfg and tox.ini
  • Removed parser.set_defaults lines as I couldn't figure out what they were meant to do. Please confirm you are ok with this removal.

@bittner
Copy link
Contributor

bittner commented Jan 10, 2022

@Babarberousse could you rebase this PR and try to get it merged? 🎸 🚀

This still seems like a desperately needed UX improvement to me.

@bittner
Copy link
Contributor

bittner commented Apr 3, 2022

Note to self: This PR would address issues #318 and #736.

@Babarberousse
Copy link
Author

I don't have much time at the moment but I'll try to get it done in the next few weeks.

@Babarberousse
Copy link
Author

I went a bit further than what my initial PR was supposed to be and:

  • Made recursivity true as a default
  • fixed the issue with the broken bool params in the ini files. The default values for bool params are not set with argparse anymore as it would have prevented the ini file from overriding these default values. I suspect some non-bool params still don't work although I haven't tested them (aggregates, level, confidence,...)
  • Abstracted some existing argparse logic into new functions.
  • Added support for setup.cfg and tox.ini
  • Removed parser.set_defaults lines as I couldn't figure out what they were meant to do. Please confirm you are ok with this removal.

I kept recursivity as false as a default and kept the parser.set_defaults() lines to reduce the scope of this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bittner bittner bittner approved these changes

@ericwb ericwb Awaiting requested review from ericwb ericwb is a code owner

@lukehinds lukehinds Awaiting requested review from lukehinds lukehinds is a code owner

@sigmavirus24 sigmavirus24 Awaiting requested review from sigmavirus24 sigmavirus24 is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Babarberousse @bittner @ericwb