From 2468b695bb7a9c574f37e9e36af9c5d670dd5e8f Mon Sep 17 00:00:00 2001 From: Kevin Locke Date: Fri, 17 Mar 2023 14:31:08 -0600 Subject: [PATCH] move bandit excludes to pyproject.toml Move the list of excluded files from --exclude in tox.ini to exclude_dirs in pyproject.toml to centralize configuration in pyproject.toml and make it accessible to tools and bandit invocations outside of tox. - Remove the comment that exclude is ignored by bandit 1.6.3+, which was fixed by https://github.com/PyCQA/bandit/pull/722 in bandit 1.7.1. - Change exclude (which only works for INI files) to exclude_dirs (which only works for TOML and YAML files), as described in https://github.com/PyCQA/bandit/pull/876 - Add /.git/ and /__pycache__/ to exclude_dirs to match --exclude. - Remove --exclude from invocation in tox.ini Signed-off-by: Kevin Locke --- pyproject.toml | 6 +++--- tox.ini | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 8d94aa6..8f32b2d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -18,11 +18,11 @@ requires = [ build-backend = 'setuptools.build_meta' [tool.bandit] -# Note: exclude is ignored by bandit 1.6.3 and later. -# See https://github.com/PyCQA/bandit/issues/657 -exclude = [ +exclude_dirs = [ + '/.git/', '/.tox/', '/.venv/', + '/__pycache__/', ] skips = [ 'B101', # assert_used (needed for pytest, arguably useful outside) diff --git a/tox.ini b/tox.ini index 4ecdd64..494e422 100644 --- a/tox.ini +++ b/tox.ini @@ -44,7 +44,7 @@ commands = # List files and top-level packages/directories explicitly for now. pylint docs setup.py src/packagename tests isort --check --diff . - bandit -c pyproject.toml -f txt --exclude /.git/,/.tox/,/.venv/,/__pycache__/ -r . + bandit -c pyproject.toml -f txt -r . pyroma . vulture --exclude */docs/*,*/tests/*,*/.tox/*,*/.venv*/* . black --check --diff .