bandit Excluded paths from the .ini file ignored if -x flag is set

Excluded paths from the .ini file ignored if -x flag is set

Open upcFrost opened this issue 3 years ago • 0 comments

Describe the bug

Bandit 1.7.1 no longer appends CLI-provided excluded paths to those provided in the .ini file, but rather substitutes the excluded paths list, which contradicts the doc: note that these are in addition to the excluded paths provided in the config file

Reproduction steps

Create .ini file with a couple of excluded paths

[bandit]
exclude = src/lib
recursive = true
targets = src

Run bandit with both ini file and -x flags provided: bandit --ini .config -x 'test'

Expected behavior

Bandit will exclude both ini-provided and cli-provided paths

Bandit version

1.7.0 (Default)

Python version

3.9 (Default)

Additional context

I'm setting bandit version to 1.7.0 as 1.7.1 is not available in the GitHub dropdown (though it is available at PyPi at https://pypi.org/project/bandit/1.7.1/)

Nov 12 '21 16:11 upcFrost

bandit bandit copied to clipboard

Excluded paths from the .ini file ignored if -x flag is set

Describe the bug

Reproduction steps

Expected behavior

Bandit version

Python version

Additional context

bandit
bandit copied to clipboard