Improve handling nosec for multi-line strings #915
Merged
Commits on Feb 27, 2023
-
Improve handling nosec for multi-line strings
This commit improves handling nosecs in multi-line strings, like: 1. nosec_not_working = f""" 2. SELECT * FROM {table} 3. """ # nosec Before this change, bandit was checking if there is a nosec in line 1. Now, it searches for nosec in all lines of the expression. In python 3.7, linerange for a multiline expression is sqeezed to first line. Thus, if nosec is set in the second or further line then it is not taken into account by bandit. This commit also moves detecting nosec without test number to test phase from "pre-visit" phase. It may increase the time of performing checks but avoids counting the same nosec mark multiple times. "pre-visit" phase is run separately for each part of multi-line string split by FormattedValue items. Thus for the above example, it would be run twice, the first time for "\n SELECT * FROM " and the second time for "\n" making the nosec being counted twice. Resolves: PyCQA#880
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.