When running bandit against code using f-strings that are marked with # nosec BXXX a warning appears when there should not be one. This happens for both single-line and multi-line f-strings. The behaviour is not present when using blanket nosec or when using template strings.
Works:
table = "my_table"
query = f"SELECT * FROM {table} WHERE True" # nosec
[tester] WARNING nosec encountered (B608), but no failed test on line 2
table = "my_table"
query = f"SELECT * FROM {table} WHERE True" # nosec B608
Reproduction steps
1. Create a file foo.py with the following code:
table = "my_table"
query = f"SELECT * FROM {table} WHERE True" # nosec B608
2. Run `bandit foo.py`
3. Notice that in the run info there is a warning:
`[tester] WARNING nosec encountered (B608), but no failed test on line 2`
Expected behavior
No warning appears when the a nosec correctly applies to a failed test.
Bandit version
1.7.10 (Default)
Python version
3.12
Additional context
This seems related to #942, #1003, #1041 and #1092
While playing around I applied the patch from #1004 but that did not resolve this issue.
Describe the bug
When running bandit against code using f-strings that are marked with
# nosec BXXXa warning appears when there should not be one. This happens for both single-line and multi-line f-strings. The behaviour is not present when using blanketnosecor when using template strings.Works:
Incorrect Warning:
[tester] WARNING nosec encountered (B608), but no failed test on line 3[tester] WARNING nosec encountered (B608), but no failed test on line 2Reproduction steps
Expected behavior
No warning appears when the a
noseccorrectly applies to a failed test.Bandit version
1.7.10 (Default)
Python version
3.12
Additional context
This seems related to #942, #1003, #1041 and #1092
While playing around I applied the patch from #1004 but that did not resolve this issue.