diff options
author | Diego Russo <diego.russo@arm.com> | 2022-07-29 22:16:46 +0100 |
---|---|---|
committer | Diego Russo <diego.russo@arm.com> | 2022-08-03 12:30:25 +0100 |
commit | 35e42b1d223066e475a6588ec9b5ee37cb2c52b9 (patch) | |
tree | 8c2caf1588406851bdb517b43ea888a8255174fa /.pre-commit-config.yaml | |
parent | 5d81f37de09efe10f90512e50252be9c36925fcf (diff) | |
download | mlia-35e42b1d223066e475a6588ec9b5ee37cb2c52b9.tar.gz |
MLIA-389 Enable bandit check in pre-commit
Add bandit to pre-commit and fix some bandit errors.
We use the default security level (low) with few exceptions:
* B101 assert_use: apart of tests, we use assert in our codebase
hence we globally ignore error B101.
* B404/B603: these are errors related to subprocesse and they are
being ignored locally when used.
* B604 Test for any function with shell equals true: we have disabled
this locally because of its safe use in the tests.
Change-Id: If654e5e92285f7c86ac210a6f1373dbab6be17c9
Diffstat (limited to '.pre-commit-config.yaml')
-rw-r--r-- | .pre-commit-config.yaml | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7033a29..08f5f7e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -81,6 +81,12 @@ repos: - id: blocklint exclude: setup.cfg +- repo: https://github.com/PyCQA/bandit + rev: '1.7.4' + hooks: + - id: bandit + args: ["--skip", "B101"] + - repo: local hooks: - id: mypy |