False nosec encountered warning

costaparas commented 1 year ago

Describe the bug

The warning text "WARNING nosec encountered (X), but no failed test on line Y" incorrectly appears in some cases. It may also appear more than once for the same line number and test under specific circumstances.

Reproduction steps

Consider this base code:

import shlex
import subprocess
proc = subprocess.Popen(args=shlex.split("ffmpeg -i file.mp3"))

Since there are 2 function calls on this line of code, there are 2 calls to run_tests in bandit/core/issue.py.

If we include a nosec comment specifying the correct test to ignore (i.e. B603):

import shlex
import subprocess
proc = subprocess.Popen(args=shlex.split("ffmpeg -i file.mp3"))  # nosec: B603

the following warning text displays:

WARNING nosec encountered (B603), but no failed test on line 3

If we include a nosec comment specifying something else (e.g. B602):

import shlex
import subprocess
proc = subprocess.Popen(args=shlex.split("ffmpeg -i file.mp3"))  # nosec: B602

the following warning text displays:

WARNING nosec encountered (B602), but no failed test on line 3
WARNING nosec encountered (B602), but no failed test on line 3

Expected behavior

The warning text should not appear more than once for the same line number and test.
The warning should only appear if there is no failed test on the line for the specified test only.

Bandit version

1.7.5 (Default)

Python version

3.10

Additional context

No response

drammock commented 1 year ago

possible duplicate of #942 ?

costaparas commented 1 year ago

possible duplicate of #942 ?

Partially, yes. But #942 does not explicitly mention the case where you may get duplicate warning text. They are closely related issues.

PyCQA / bandit