From e07a2894ef1016b5588b49a80bfa8b0a36eb4a8d Mon Sep 17 00:00:00 2001 From: Vaclav Petras Date: Sun, 16 Jun 2024 01:47:06 -0400 Subject: [PATCH] checks: Disable Bandit B603 check for untrusted input (#3839) The message 'check for execution of untrusted input' is triggered by any use of subprocess regardless of the actual input, so even fixed input triggers it. Bandit issue https://github.com/PyCQA/bandit/issues/333 discusses that this is a common false positive triggered by any usage. The pattern is common enough in our code to ignore this to avoid clutter and warning fatigue. We already ignore B404 mentioned in the issue above. --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index c99b85ab4dc..2781e6f140b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -25,4 +25,4 @@ timeout = 300 [tool.bandit] exclude_dirs = ["./testsuite", "*/tests/*", "*/testsuite/*", "utils/test_generate_last_commit_file.py"] -skips = ["B324","B110", "B101", "B112", "B311", "B404"] +skips = ["B324","B110", "B101", "B112", "B311", "B404", "B603"]