Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bandit can't read config file when run in pre-commit #902

Closed
RNKuhns opened this issue May 19, 2022 · 7 comments · Fixed by #968
Closed

Bandit can't read config file when run in pre-commit #902

RNKuhns opened this issue May 19, 2022 · 7 comments · Fixed by #968
Labels
bug Something isn't working

Comments

@RNKuhns
Copy link

RNKuhns commented May 19, 2022

Describe the bug

When running bandit as a pre-commit hooks on pre-commit.ci or locally I am getting an error that says the Bandit hook can't read the pyproject.toml file. I've also tried this with other bandit config file approaches (bandit.yaml) and received the same error message.

Specifically, I'm getting an error message that says: [main] ERROR pyproject.toml : Could not read config file.

However, when I run bandit from the command line it appears to work (e.g. bandit . -r -c pyproject.toml).

Also note that I'll cross-post this on the pre-commit repository so they are aware too.

Reproduction steps

1. Install pre-commmit using .pre-commit-config.yaml file pasted below
2. Add pyproject.toml section that looks like 
[tool.bandit]
exclude_dirs = ["*/tests/*"]
3. Commit a changed Python file so the pre-commit hooks run on it

Settings in .pre-commit-config.yaml:

repos:

- repo: https://github.com/pre-commit/pre-commit-hooks
  rev: v4.1.0
  hooks:
  - id: check-added-large-files
    args: ['--maxkb=1000']
  - id: check-ast
  - id: check-case-conflict
  - id: check-merge-conflict
  - id: check-symlinks
  - id: check-yaml
  - id: check-toml
  - id: debug-statements
  - id: end-of-file-fixer
  - id: fix-encoding-pragma
  - id: requirements-txt-fixer
  - id: trailing-whitespace
  - id: check-docstring-first
  - id: name-tests-test
    args: ['--django']
  - id: no-commit-to-branch

- repo: https://github.com/pycqa/isort
  rev: 5.10.1
  hooks:
    - id: isort
      name: isort

- repo: https://github.com/psf/black
  rev: 22.3.0
  hooks:
  - id: black
    language_version: python3

- repo: https://github.com/pycqa/flake8
  rev: 4.0.1
  hooks:
  - id: flake8
    exclude: docs/source/conf.py, __pycache__
    additional_dependencies: [flake8-bugbear, flake8-builtins, flake8-quotes, flake8-comprehensions, pandas-vet, flake8-print, pep8-naming, doc8]

- repo: https://github.com/pycqa/pydocstyle
  rev: 6.1.1
  hooks:
  - id: pydocstyle
    additional_dependencies: ["toml"]

- repo: https://github.com/nbQA-dev/nbQA
  rev: 1.3.1
  hooks:
  - id: nbqa-isort
    args: [--nbqa-mutate, --nbqa-dont-skip-bad-cells]
    additional_dependencies: [isort==5.6.4]
  - id: nbqa-black
    args: [--nbqa-mutate, --nbqa-dont-skip-bad-cells]
    additional_dependencies: [black==20.8b1]
  - id: nbqa-flake8
    args: [--nbqa-dont-skip-bad-cells, "--extend-ignore=E402,E203"]
    additional_dependencies: [flake8==3.8.3]

- repo:  https://github.com/PyCQA/bandit
  rev: 1.7.4
  hooks:
  - id: bandit
    args: ["-c pyproject.toml"]

- repo: https://github.com/PyCQA/doc8
  rev: 0.11.2
  hooks:
    - id: doc8
      args: ["--max-line-length=88", "--config=pyproject.toml", "docs"]
      additional_dependencies: ["tomli"]

Expected behavior

Bandit should be able to find its configuration files within a pre-commit environment.

Ideally you would not need to tell Bandit where to look for the config file. Instead Bandit would just look in areas (from preferred files down to less preferred ones) like many linters do.

Bandit version

1.7.4 (Default)

Python version

3.9

Additional context

No response
@RNKuhns RNKuhns added the bug Something isn't working label May 19, 2022
@matroscoe
Copy link

I was able to get part of the way there.

  - repo: https://github.com/PyCQA/bandit
    rev: 1.7.4
    hooks:
      - id: bandit
        args: ["-c", "pyproject.toml"]

in my pre-commit.yaml file works and the bandit part of my pyproject.toml file looks like:

[tool.bandit]
exclude_dirs = ["tests"]

but when I run pre-commit using:

$ pre-commit run -a

I get the following output:

bandit...................................................................Failed
- hook id: bandit
- exit code: 2

[main]  ERROR   pyproject.toml : toml parser not available, reinstall with toml extra
[main]  ERROR   pyproject.toml : toml parser not available, reinstall with toml extra

I checked my venv and my standard python install (running on Ubuntu 20.04) and I get this:

$ pip install toml

Requirement already satisfied: toml in <various-locations-tried>/site-packages (0.10.2)

The problem is pre-commit is handling the installation of bandit by going to the git site and doing a pull. I cannot do pip install bandit[toml] to make this work. Even when I do this it doesn't fix the problem.

@matroscoe
Copy link

@RNKuhns Sorted it! Make this your entry to .pre-commit-config.yaml

  - repo: https://github.com/PyCQA/bandit
    rev: 1.7.4
    hooks:
      - id: bandit
        args: ["-c", "pyproject.toml"]
        additional_dependencies: [ "bandit[toml]" ]

@RNKuhns
Copy link
Author

RNKuhns commented May 20, 2022
edited
Loading

Awesome! Sorry for omitting the optional dependency part. But since I had switched to trying a different confit file type, i forgot to add it back.

I had been just specifying to toml (and then tomli) in my additional dependencies as opposed to bandit[toml].

@RNKuhns
Copy link
Author

RNKuhns commented May 20, 2022

@matroscoe I confirmed this works. Maybe the bandit docs could be updated with the information?

@RNKuhns RNKuhns mentioned this issue May 20, 2022
Closed
@travisjungroth travisjungroth mentioned this issue Jun 11, 2022
Merged
@jenstroeger jenstroeger mentioned this issue Jun 14, 2022
Merged
@slidenerd
Copy link

slidenerd commented Jul 20, 2022
edited
Loading

And what about the .bandit file? It cant read the configuration from that either inside .pre-commit-config.yaml

It gives this error

[config]        ERROR   expected '<document start>', but found '<block mapping start>'
  in ".bandit", line 3, column 1
[main]  ERROR   .bandit : Error parsing file.
[config]        ERROR   expected '<document start>', but found '<block mapping start>'
  in ".bandit", line 3, column 1
[main]  ERROR   .bandit : Error parsing file.

for this .bandit file

[bandit]
# https://bandit.readthedocs.io/en/latest/man/bandit.html?highlight=exclude#options
exclude: /tests

@mportesdev
Copy link
Contributor

@slidenerd afaik the --configfile (or -c) option only supports TOML and YAML files. If you want to use a .bandit file in INI format, you should use the --ini option instead.

@jneuendorf
Copy link

jneuendorf commented Oct 20, 2022
edited
Loading

@RNKuhns Sorted it! Make this your entry to .pre-commit-config.yaml

  - repo: https://github.com/PyCQA/bandit
    rev: 1.7.4
    hooks:
      - id: bandit
        args: ["-c", "pyproject.toml"]
        additional_dependencies: [ "bandit[toml]" ]

For me this does not work unfortunately. 😕
I get

bandit...................................................................Failed
- hook id: bandit
- exit code: 2

[main]	ERROR	pyproject.toml : Could not read config file.

Is there anything, I could be missing? E.g.

  • Do I need to install the dependency manually?
  • Could a reinstall help?

@akx akx mentioned this issue Nov 21, 2022
Merged
@phofl phofl mentioned this issue Nov 29, 2022
Merged
1 task
@mars-lan mars-lan mentioned this issue Jul 25, 2024
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

DOC: Add explanation on how to use pre-commit with config file phofl/bandit
5 participants
@slidenerd @jneuendorf @RNKuhns @mportesdev @matroscoe