After excluding plugin from the bandit.yaml it still was used during the scaning
Bug #1554112 reported by
Egor Kotko
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Bandit |
Fix Released
|
Critical
|
Tim Kelsey |
Bug Description
Steps to reproduce:
1. Create virtual environment #virtualenv venv
2. Activate it #. venv/bin/activate
3. Change bandit.yaml section "exclude" http://
4. Start bandit on any code:
#bandit -c my-bandit.yaml -r /web_test/ >> qwe
Actual result:
The result contains report from test "assert_used":
Issue: [assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Severity: Low Confidence: High
Location: /home/ykotko/
1877 else:
1878 assert 'No cluster_deletion task found!'
1879
Changed in bandit: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
So the bandit.yaml has a profile called "All", but to use it you need to specify "-p All". In your example, a profile was not specified, meaning it will by default run using all plugins.