search

PyCQA / bandit

Bandit is a tool designed to find common security issues in Python code.
https://bandit.readthedocs.io
Apache License 2.0
6.52k stars 612 forks source link

Can't set (severity) level through `.bandit` ini file #938

Open ap-- opened 2 years ago

ap-- commented 2 years ago

Describe the bug

With a simple .bandit ini file like this:

[bandit]
level = 1

bandit crashes with:

[main]  INFO    Using command line arg for selected targets
[main]  INFO    profile include tests: None
[main]  INFO    profile exclude tests: None
[main]  INFO    cli include tests: None
[main]  INFO    cli exclude tests: None
[main]  INFO    running on Python 3.9.13
[manager]       WARNING Skipping directory (.), use -r flag to scan contents
Traceback (most recent call last):
  File "/Users/poehlmann/Development/bandit/venv/bin/bandit", line 10, in <module>
    sys.exit(main())
  File "/Users/poehlmann/Development/bandit/bandit/cli/main.py", line 670, in main
    sev_level = constants.RANKING[args.severity - 1]
TypeError: unsupported operand type(s) for -: 'str' and 'int'

Reproduction steps

1. create `.bandit` ini from description
2. run `bandit --ini .bandit .`

Expected behavior

bandit should allow configuration of available settings through the ini file.

Bandit version

1.7.4 (Default)

Python version

3.9

Additional context

No response