Skip to content

Commit

Permalink
checks: Disable Bandit B603 check for untrusted input (#3839)
Browse files Browse the repository at this point in the history 
The message 'check for execution of untrusted input' is triggered by any use of subprocess regardless of the actual input, so even fixed input triggers it. Bandit issue PyCQA/bandit#333 discusses that this is a common false positive triggered by any usage.

The pattern is common enough in our code to ignore this to avoid clutter and warning fatigue. We already ignore B404 mentioned in the issue above.
  • Loading branch information
@wenzeslaus
wenzeslaus authored Jun 16, 2024
1 parent 1a12a70 commit e07a289
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,4 @@ timeout = 300

[tool.bandit]
exclude_dirs = ["./testsuite", "*/tests/*", "*/testsuite/*", "utils/test_generate_last_commit_file.py"]
skips = ["B324","B110", "B101", "B112", "B311", "B404"]
skips = ["B324","B110", "B101", "B112", "B311", "B404", "B603"]

0 comments on commit e07a289

Please sign in to comment.