Eric Brown
Eric Brown
No one is currently looking at it, but we welcome contributions! To get started, would this link on a generic issue import format be suitable for your use case? https://docs.sonarqube.org/latest/analysis/generic-issue/
`.bandit` is for command line options. It is a INI file format, not YAML. `bandit.yml` or whatever `*.yml` a user passes to `-c` is for more extensive customization of test...
Since Microsoft has already created a Bandit formatter and sarif library, I don't think there's any reason for Bandit duplicate the effort. Instead, maybe we can look at an easier...
Note: Python 3.8 `ast` module added a `end_lineno` of a node in addition to the existing `lineno`. https://docs.python.org/3.8/library/ast.html#ast.AST.end_lineno
> I changed the order because currently "--ini INI_PATH" option is not working anymore with your latest change. > https://github.com/PyCQA/bandit/blob/master/bandit/cli/main.py#L225 (takes default values) > https://github.com/PyCQA/bandit/blob/master/bandit/cli/main.py#L311 (passes default values) > https://github.com/PyCQA/bandit/blob/master/bandit/cli/main.py#L82...
Can you please share some example code you ran to test 1.6.2 versus 1.6.3? Without that, its hard to state what could be the cause for the difference you're seeing.
The pyCrytodome library chose to reuse the same namespace as pyCrypto. As a result, I don't know of a way to distinguish the two using static analysis. Bandit is only...
Another workaround is to use `pip install pycryptodomex` as suggested: https://pycryptodome.readthedocs.io/en/latest/src/introduction.html As a result, the namespaces will be Cryptodome and not Crypto.
Here's a couple examples where Bandit would not find anything wrong: ``` os.chmod( '~/hidden_exec', stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR | stat.S_IRGRP | stat.S_IWGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IWOTH |...