Eric Brown
Eric Brown
@e0ne Can you please open a bug on this issue and include how to recreate? Thanks
Unfortunately this is a difficult issue to resolve. The problem lies in the fact that Python is a dynamically typed language and you really don't have much information about type...
We will need the python code Bandit was run against in order to duplicate and resolve. At this point, I can't reproduce.
In my case, the function field is a computed value of several sources. So I can choose a source, but it only partially represent the data of the overall value....
I don't think this is something Bandit can reliably test for. It would be extensive work to track subclasses of things like SafeLoader. Also, it might not be very accurate...
Currently `constants.EXCLUDE` is used in https://github.com/PyCQA/bandit/blob/main/bandit/cli/main.py#L339 as the default for excluded files. However, if files are given to the exclude CLI argument, then `constants.EXCLUDE` is overridden. One solution might be...
@Jeeppler we're definitely open to the creation of a new formatter that supports SARIF.
There's no good way to fix this from Bandit. However, there is a workaround, so closing for now.
While I can't explain exactly why these two issues are suddenly being found and not before, I can say we have tests for each plugin that are passing. And finding...
Agree with @mportesdev here. Encoding should be declared in header if not utf-8.