JSON report ignores #nosec and severity
Bug #1432012 reported by
David Wyde
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Bandit |
Fix Released
|
High
|
Dave Belcher |
Bug Description
Bandit's JSON report doesn't exclude lines marked #nosec. The JSON report also doesn't respect the `-l` CLI flag, which only shows higher-severity issues in the text report. The command `bandit -f json -lll examples/skip.py` demonstrates both issues.
As an aside, perhaps #nosec lines shouldn't be scored at all. Right now it's up to the individual reports to filter out these lines. That's the reason `tests/
Changed in bandit: | |
importance: | Undecided → High |
assignee: | nobody → Travis McPeak (travis-mcpeak) |
Changed in bandit: | |
assignee: | Travis McPeak (travis-mcpeak) → Dave Belcher (ukbelch) |
Changed in bandit: | |
status: | Fix Committed → In Progress |
Changed in bandit: | |
status: | In Progress → Fix Released |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/164808
Review: https:/