B404-B603- Categorisation as warnings
Bug #1755419 reported by
javi
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Bandit |
New
|
Undecided
|
Unassigned | ||
Bug Description
Hi
Im running bandit against my python project (its a great tool, i love it!) but there are some things that could be improved
Im using subprocess.call, but with shell set to False, so im not vulnerable to command injection there. However, i have two errors in my build.
B404 - as im using subprocess
B607 - as, despite not being vulnerable to command injection, i need to be careful
Those recommendations are great, but in my opinion should be categorised as warnings rather than vulnerabilities. I have been reading and most of the people ignore those rules by default
Would be possible to have this amended?
Thanks
To post a comment you must log in.
