search

PyCQA / bandit

Bandit is a tool designed to find common security issues in Python code.
https://bandit.readthedocs.io
Apache License 2.0
6.5k stars 610 forks source link

#nosec BXXX does not contribute to `Total lines skipped (#nosec)` #1205

Open Cabalist opened 14 hours ago

Cabalist commented 14 hours ago

Describe the bug

When running code that has a nosec line that specifes a test these lines are not counted in the "Total lines skipped" metric in the summary

Reproduction steps

1. Create foo.py with this content:

table = "my_table"
query = "SELECT * FROM {} WHERE True".format(table)  # nosec B608

2. Run `bandit foo.py` from the shell
3. At the end of the run observe the summary and notice the `Total lines skipped` is 0

❯ bandit blah.py
[main]  INFO    profile include tests: None
[main]  INFO    profile exclude tests: None
[main]  INFO    cli include tests: None
[main]  INFO    cli exclude tests: None
[main]  INFO    running on Python 3.12.7
Run started:2024-11-21 17:22:51.993562

Test results:
        No issues identified.

Code scanned:
        Total lines of code: 2
        Total lines skipped (#nosec): 0

Run metrics:
        Total issues (by severity):
                Undefined: 0
                Low: 0
                Medium: 0
                High: 0
        Total issues (by confidence):
                Undefined: 0
                Low: 0
                Medium: 0
                High: 0
Files skipped (0):

Expected behavior

The Total lines skipped should be 1 just like when you use a bare #nosec

Bandit version

1.7.10 (Default)

Python version

3.12

Additional context

No response

Cabalist commented 10 hours ago

It looks like this was an issue with duplicate code not being updated between txt.py and screen.py. PR is here: #1206