Add skip configuration to assert_used (#633)

* Add skip configuration to assert_used Adding this configuration allows the user to skip the assert_used against some files. This is useful because asserts are very common in test files when using pytest. Specifying this configuration: ``` assert_used: skips: ['*_test.py', 'test_*.py'] ``` would skip all asserts against a test file. Resolves #346 * Document assert test skipping Co-authored-by: Luke Hinds <7058938+lukehinds@users.noreply.github.com>
PyCQA · Nov 30, 2020 · 24db07e · 24db07e
1 parent 5d88156
commit 24db07e
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 1 deletion.
diff --git a/bandit/core/context.py b/bandit/core/context.py
@@ -314,3 +314,7 @@ def is_module_imported_like(self, module):
                 if module in imp:
                     return True
         return False
+
+    @property
+    def filename(self):
+        return self._context.get('filename')
diff --git a/bandit/plugins/asserts.py b/bandit/plugins/asserts.py
@@ -19,6 +19,16 @@
 https://docs.python.org/3/reference/simple_stmts.html#the-assert-statement for
 more info on ``assert``
 
+**Config Options:**
+
+You can configure files that skip this check. This is often useful when you
+use assert statements in test cases.
+
+.. code-block:: yaml
+
+    assert_used:
+      skips: ['*_test.py', 'test_*.py']
+
 :Example:
 
 .. code-block:: none
@@ -39,14 +49,25 @@
 .. versionadded:: 0.11.0
 
 """
+import fnmatch
 
 import bandit
 from bandit.core import test_properties as test
 
 
+def gen_config(name):
+    if name == 'assert_used':
+        return {'skips': []}
+
+
+@test.takes_config
 @test.test_id('B101')
 @test.checks('Assert')
-def assert_used(context):
+def assert_used(context, config):
+    for skip in config.get('skips', []):
+        if fnmatch.fnmatch(context.filename, skip):
+            return None
+
     return bandit.Issue(
         severity=bandit.LOW,
         confidence=bandit.HIGH,

diff --git a/tests/functional/test_functional.py b/tests/functional/test_functional.py
@@ -601,6 +601,24 @@ def test_httpoxy(self):
 
     def test_asserts(self):
         '''Test catching the use of assert.'''
+        test = next((x for x in self.b_mgr.b_ts.tests['Assert']
+                     if x.__name__ == 'assert_used'))
+
+        test._config = {'skips': []}
+        expect = {
+            'SEVERITY': {'UNDEFINED': 0, 'LOW': 1, 'MEDIUM': 0, 'HIGH': 0},
+            'CONFIDENCE': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 1}
+        }
+        self.check_example('assert.py', expect)
+
+        test._config = {'skips': ['*assert.py']}
+        expect = {
+            'SEVERITY': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 0},
+            'CONFIDENCE': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 0}
+        }
+        self.check_example('assert.py', expect)
+
+        test._config = {}
         expect = {
             'SEVERITY': {'UNDEFINED': 0, 'LOW': 1, 'MEDIUM': 0, 'HIGH': 0},
             'CONFIDENCE': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 1}

diff --git a/tests/unit/core/test_context.py b/tests/unit/core/test_context.py
@@ -254,3 +254,12 @@ def test_is_module_imported_like(self):
 
         new_context = context.Context()
         self.assertFalse(new_context.is_module_imported_like('spam'))
+
+    def test_filename(self):
+        ref_context = dict(filename='spam.py')
+        new_context = context.Context(context_object=ref_context)
+
+        self.assertEqual(new_context.filename, 'spam.py')
+
+        new_context = context.Context()
+        self.assertIsNone(new_context.filename)