-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[flake8-bandit
] Check S105
for annotated assignment
#15059
[flake8-bandit
] Check S105
for annotated assignment
#15059
Conversation
|
code | total | + violation | - violation | + fix | - fix |
---|---|---|---|---|---|
S105 | 4 | 4 | 0 | 0 | 0 |
Linter (preview)
ℹ️ ecosystem check detected linter changes. (+4 -0 violations, +0 -0 fixes in 2 projects; 53 projects unchanged)
latchbio/latch (+2 -0 violations, +0 -0 fixes)
ruff check --no-cache --exit-zero --ignore RUF9 --output-format concise --preview
+ src/latch_sdk_config/latch.py:64:23: S105 Possible hardcoded password assigned to: "get_secret" + src/latch_sdk_config/latch.py:65:29: S105 Possible hardcoded password assigned to: "get_secret_local"
zulip/zulip (+2 -0 violations, +0 -0 fixes)
ruff check --no-cache --exit-zero --ignore RUF9 --output-format concise --preview --select ALL
+ zerver/migrations/0209_user_profile_no_empty_password.py:69:44: S105 Possible hardcoded password assigned to: "USER_PASSWORD_CHANGED" + zerver/tests/test_signup.py:934:32: S105 Possible hardcoded password assigned to: "password"
Changes by rule (1 rules affected)
code | total | + violation | - violation | + fix | - fix |
---|---|---|---|---|---|
S105 | 4 | 4 | 0 | 0 | 0 |
if let Some(value) = value.as_deref() { | ||
if checker.enabled(Rule::HardcodedPasswordString) { | ||
flake8_bandit::rules::assign_hardcoded_password_string( | ||
checker, | ||
value, | ||
std::slice::from_ref(target), | ||
); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should switch the condition so that we only check when the rule is enabled
if let Some(value) = value.as_deref() { | |
if checker.enabled(Rule::HardcodedPasswordString) { | |
flake8_bandit::rules::assign_hardcoded_password_string( | |
checker, | |
value, | |
std::slice::from_ref(target), | |
); | |
} | |
} | |
if checker.enabled(Rule::HardcodedPasswordString) { | |
if let Some(value) = value.as_deref() { | |
flake8_bandit::rules::assign_hardcoded_password_string( | |
checker, | |
value, | |
std::slice::from_ref(target), | |
); | |
} | |
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done,
I was using Rule::LambdaAssignment
as an example:
https://github.com/astral-sh/ruff/blob/main/crates/ruff_linter/src/checkers/ast/analyze/statement.rs#L1633
flake8-bandit
] Check S105
for annotated assignment
Summary
A follow up PR on #14991
Ruff ignores hardcoded passwords for typed variables. Add a rule to catch passwords in typed code bases
Test Plan
Includes 2 more test typed variables