Merge pull request #693 from prospector-dev/bandit-config

Be able to pass options to Bandit
prospector-dev · Oct 25, 2024 · 5547a6c · 5547a6c
2 parents a38e2ab + a59c82d
commit 5547a6c
Show file tree

Hide file tree

Showing 8 changed files with 29 additions and 18 deletions.
diff --git a/.prospector.yml b/.prospector.yml
@@ -60,3 +60,8 @@ pydocstyle:
     - D205
     - D400
     - D401
+
+bandit:
+  run: true
+  disable:
+  - B101 # Use of assert detected.
diff --git a/docs/profiles.rst b/docs/profiles.rst
@@ -398,6 +398,8 @@ The available options are:
 +----------------+------------------------+----------------------------------------------+
 | bandit         | confidence             | report only issues of a given confidence     |
 +----------------+------------------------+----------------------------------------------+
+| bandit         | -anything-other-       | Options pass to Bandit directly              |
++----------------+------------------------+----------------------------------------------+
 | pyright        | level                  | Minimum diagnostic level (error or warning)  |
 +----------------+------------------------+----------------------------------------------+
 | pyright        | project                | Path to location of configuration file       |

diff --git a/prospector/config/__init__.py b/prospector/config/__init__.py
@@ -317,7 +317,7 @@ def use_external_config(self, _: Any) -> bool:
         # global config, but this could be extended in the future
         return not self.config.no_external_config
 
-    def tool_options(self, tool_name: str) -> dict[str, str]:
+    def tool_options(self, tool_name: str) -> dict[str, Any]:
         tool = getattr(self.profile, tool_name, None)
         if tool is None:
             return {}

diff --git a/prospector/formatters/xunit.py b/prospector/formatters/xunit.py
@@ -1,4 +1,4 @@
-from xml.dom.minidom import Document
+from xml.dom.minidom import Document  # nosec
 
 from prospector.formatters.base import Formatter
 

diff --git a/prospector/tools/bandit/__init__.py b/prospector/tools/bandit/__init__.py
@@ -1,4 +1,4 @@
-from typing import TYPE_CHECKING, Any
+from typing import TYPE_CHECKING, Any, Optional
 
 from bandit.cli.main import _get_profile, _init_extensions
 from bandit.core.config import BanditConfig
@@ -14,35 +14,39 @@
 
 
 class BanditTool(ToolBase):
-    def __init__(self, *args: Any, **kwargs: Any) -> None:
-        super().__init__(*args, **kwargs)
-        self.manager = None
-        self.profile = None
-        self.config_file = None
-        self.agg_type = "file"
-        self.severity = 0
-        self.confidence = 0
+    manager: Optional[BanditManager] = None
+    profile: Optional[str] = None
+    config_file: Optional[str] = None
+    agg_type = "file"
+    severity = 0
+    confidence = 0
 
     def configure(self, prospector_config: "ProspectorConfig", _: Any) -> None:
         options = prospector_config.tool_options("bandit")
 
         if "profile" in options:
-            self.profile = options["profile"]  # type: ignore[assignment]
+            self.profile = options.pop("profile")
 
         if "config" in options:
-            self.config_file = options["config"]  # type: ignore[assignment]
+            self.config_file = options.pop("config")
 
         if "severity" in options:
-            self.severity = options["severity"]  # type: ignore[assignment]
+            self.severity = options.pop("severity")
             if not 0 <= self.severity <= 2:
                 raise ValueError(f"severity {self.severity!r} must be between 0 and 2")
 
         if "confidence" in options:
-            self.confidence = options["confidence"]  # type: ignore[assignment]
+            self.confidence = options.pop("confidence")
             if not 0 <= self.confidence <= 2:
                 raise ValueError(f"confidence {self.confidence!r} must be between 0 and 2")
 
         b_conf = BanditConfig(config_file=self.config_file)
+        disabled_messages = prospector_config.get_disabled_messages("bandit")
+        if disabled_messages:
+            b_conf.config.setdefault("skips", []).extend(disabled_messages)
+        if options:
+            b_conf.config.update(options)
+            b_conf.validate(path="<prospector config>")
         profile = _get_profile(b_conf, self.profile, self.config_file)
         extension_mgr = _init_extensions()
         extension_mgr.validate_profile(profile)

diff --git a/prospector/tools/mccabe/__init__.py b/prospector/tools/mccabe/__init__.py
@@ -25,7 +25,7 @@ def configure(self, prospector_config: "ProspectorConfig", _: Any) -> None:
 
         options = prospector_config.tool_options("mccabe")
         if "max-complexity" in options:
-            self.max_complexity = options["max-complexity"]  # type: ignore[assignment]
+            self.max_complexity = options["max-complexity"]
 
     def run(self, found_files: FileFinder) -> list[Message]:
         messages = []

diff --git a/prospector/tools/mypy/__init__.py b/prospector/tools/mypy/__init__.py
@@ -65,7 +65,7 @@ def __init__(self, *args: Any, **kwargs: Any) -> None:
     def configure(self, prospector_config: "ProspectorConfig", _: Any) -> None:
         options = prospector_config.tool_options("mypy")
 
-        self.use_dmypy = options.pop("use-dmypy", False)  # type: ignore[assignment]
+        self.use_dmypy = options.pop("use-dmypy", False)
 
         # For backward compatibility
         if "follow-imports" not in options:

diff --git a/prospector/tools/pyright/__init__.py b/prospector/tools/pyright/__init__.py
@@ -1,5 +1,5 @@
 import json
-import subprocess
+import subprocess  # nosec
 from collections.abc import Iterable
 from typing import TYPE_CHECKING, Any, Optional