search

PyCQA / bandit

Bandit is a tool designed to find common security issues in Python code.
https://bandit.readthedocs.io
Apache License 2.0
6.45k stars 606 forks source link

Error parsing pyproject.tml #733

Open edgarriba opened 3 years ago

edgarriba commented 3 years ago

Describe the bug

Hi ! I'm following the documentation** to provide a custom setup for bandit to exclude some tests (B101) in our testing framework but I get the following error:

[config]        ERROR   expected '<document start>', but found '<scalar>'
  in "pyproject.toml", line 2, column 1
[main]  ERROR   pyproject.toml : Error parsing file

Where the ppyproject.toml is the following

[tool.black]
line-length = 120
skip-string-normalization = true
skip-magic-trailing-comma = true

[tool.bandit.assert_used]
exclude = ["*_test.py", "test_*.py"]

**https://bandit.readthedocs.io/en/latest/config.html

Reproduction steps

1. bandit --recursive -c pyproject.toml test

Expected behavior

Not crash

Bandit version

1.7.0 (Default)

Python version

3.8

Additional context

No response

amrishparmar commented 3 years ago

I had the same problem when I was attempting to implement Bandit recently, but it's due to the fact that the latest docs are actually what's currently on master. The docs for the current 1.7.0 release are more in line with stable, i.e. https://bandit.readthedocs.io/en/stable/config.html

Until Bandit gets a new release you'll have to use a .bandit.yml file to configure it.

edgarriba commented 3 years ago

@amrishparmar thanks so much , I’ll keep in mind

staticdev commented 2 years ago

@adambenali regarding release, even now at release 1.7.4 the mentioned configuration is not working.

RoelAdriaans commented 11 months ago

When using the config:

[tool.bandit.assert_used]
skips = ["*/*_test.py", "*/test_*.py"]

skipping works without any issue on bandit 1.7.5