diff --git a/.prospector.yml b/.prospector.yml index 8a768836..b828777b 100644 --- a/.prospector.yml +++ b/.prospector.yml @@ -60,3 +60,8 @@ pydocstyle: - D205 - D400 - D401 + +bandit: + run: true + disable: + - B101 # Use of assert detected. diff --git a/docs/profiles.rst b/docs/profiles.rst index c947b7db..2007c1b9 100644 --- a/docs/profiles.rst +++ b/docs/profiles.rst @@ -398,6 +398,8 @@ The available options are: +----------------+------------------------+----------------------------------------------+ | bandit | confidence | report only issues of a given confidence | +----------------+------------------------+----------------------------------------------+ +| bandit | -anything-other- | Options pass to Bandit directly | ++----------------+------------------------+----------------------------------------------+ | pyright | level | Minimum diagnostic level (error or warning) | +----------------+------------------------+----------------------------------------------+ | pyright | project | Path to location of configuration file | diff --git a/prospector/config/__init__.py b/prospector/config/__init__.py index f47386ab..50804ea6 100644 --- a/prospector/config/__init__.py +++ b/prospector/config/__init__.py @@ -317,7 +317,7 @@ def use_external_config(self, _: Any) -> bool: # global config, but this could be extended in the future return not self.config.no_external_config - def tool_options(self, tool_name: str) -> dict[str, str]: + def tool_options(self, tool_name: str) -> dict[str, Any]: tool = getattr(self.profile, tool_name, None) if tool is None: return {} diff --git a/prospector/formatters/xunit.py b/prospector/formatters/xunit.py index 3724b0c4..8608322f 100644 --- a/prospector/formatters/xunit.py +++ b/prospector/formatters/xunit.py @@ -1,4 +1,4 @@ -from xml.dom.minidom import Document +from xml.dom.minidom import Document # nosec from prospector.formatters.base import Formatter diff --git a/prospector/tools/bandit/__init__.py b/prospector/tools/bandit/__init__.py index 930ee45a..d302cc90 100644 --- a/prospector/tools/bandit/__init__.py +++ b/prospector/tools/bandit/__init__.py @@ -1,4 +1,4 @@ -from typing import TYPE_CHECKING, Any +from typing import TYPE_CHECKING, Any, Optional from bandit.cli.main import _get_profile, _init_extensions from bandit.core.config import BanditConfig @@ -14,35 +14,39 @@ class BanditTool(ToolBase): - def __init__(self, *args: Any, **kwargs: Any) -> None: - super().__init__(*args, **kwargs) - self.manager = None - self.profile = None - self.config_file = None - self.agg_type = "file" - self.severity = 0 - self.confidence = 0 + manager: Optional[BanditManager] = None + profile: Optional[str] = None + config_file: Optional[str] = None + agg_type = "file" + severity = 0 + confidence = 0 def configure(self, prospector_config: "ProspectorConfig", _: Any) -> None: options = prospector_config.tool_options("bandit") if "profile" in options: - self.profile = options["profile"] # type: ignore[assignment] + self.profile = options.pop("profile") if "config" in options: - self.config_file = options["config"] # type: ignore[assignment] + self.config_file = options.pop("config") if "severity" in options: - self.severity = options["severity"] # type: ignore[assignment] + self.severity = options.pop("severity") if not 0 <= self.severity <= 2: raise ValueError(f"severity {self.severity!r} must be between 0 and 2") if "confidence" in options: - self.confidence = options["confidence"] # type: ignore[assignment] + self.confidence = options.pop("confidence") if not 0 <= self.confidence <= 2: raise ValueError(f"confidence {self.confidence!r} must be between 0 and 2") b_conf = BanditConfig(config_file=self.config_file) + disabled_messages = prospector_config.get_disabled_messages("bandit") + if disabled_messages: + b_conf.config.setdefault("skips", []).extend(disabled_messages) + if options: + b_conf.config.update(options) + b_conf.validate(path="") profile = _get_profile(b_conf, self.profile, self.config_file) extension_mgr = _init_extensions() extension_mgr.validate_profile(profile) diff --git a/prospector/tools/mccabe/__init__.py b/prospector/tools/mccabe/__init__.py index 6d4dde77..902fee06 100644 --- a/prospector/tools/mccabe/__init__.py +++ b/prospector/tools/mccabe/__init__.py @@ -25,7 +25,7 @@ def configure(self, prospector_config: "ProspectorConfig", _: Any) -> None: options = prospector_config.tool_options("mccabe") if "max-complexity" in options: - self.max_complexity = options["max-complexity"] # type: ignore[assignment] + self.max_complexity = options["max-complexity"] def run(self, found_files: FileFinder) -> list[Message]: messages = [] diff --git a/prospector/tools/mypy/__init__.py b/prospector/tools/mypy/__init__.py index 1832a849..a897383b 100644 --- a/prospector/tools/mypy/__init__.py +++ b/prospector/tools/mypy/__init__.py @@ -65,7 +65,7 @@ def __init__(self, *args: Any, **kwargs: Any) -> None: def configure(self, prospector_config: "ProspectorConfig", _: Any) -> None: options = prospector_config.tool_options("mypy") - self.use_dmypy = options.pop("use-dmypy", False) # type: ignore[assignment] + self.use_dmypy = options.pop("use-dmypy", False) # For backward compatibility if "follow-imports" not in options: diff --git a/prospector/tools/pyright/__init__.py b/prospector/tools/pyright/__init__.py index 89896d01..002883da 100644 --- a/prospector/tools/pyright/__init__.py +++ b/prospector/tools/pyright/__init__.py @@ -1,5 +1,5 @@ import json -import subprocess +import subprocess # nosec from collections.abc import Iterable from typing import TYPE_CHECKING, Any, Optional