Hello Maxim and Ian,

There is an issue on github #214 in order to allow external plugins on Bandit, however it is not included on the master branch.
You have a small "manual" on the README about how to extend Bandit.

If you want to create a new rule for Bandit i think you should create an issue on Github and then create a Pull Request, however there are a lot of PR pending.

Ian, I'll be happy to help all of you with the PR pending if you want to give me access.

Kind regards



El vie, 14 may 2021 a las 13:36, Ian Stapleton Cordasco (<graffatcolmingov@gmail.com>) escribió:
I think part of the confusion is that those docs seem to be geared towards including your test upstream, not keeping it private in a separate project

Sent from my phone with my typo-happy thumbs. Please excuse my brevity

On Fri, May 14, 2021, 06:16 Maxim Mosharov via code-quality <code-quality@python.org> wrote:
Hi team!
Our clients really need to understand how to customize bandit easily.
We made some videos for them to understand how to work with ast. But all of us don't even understand how to include our tests to bandit plugins.
 
Let's imagine we have the same plugin as it is here https://bandit.readthedocs.io/en/latest/_modules/bandit/plugins/django_sql_injection.html#django_rawsql_used.
Can you just make any step-by-step guide?
 
PS. It's not step-by-step
 
Maxim Mosharov | CEO
Email: mmosharov@whitespots.io
Site: https://whitespots.io
 
_______________________________________________
code-quality mailing list -- code-quality@python.org
To unsubscribe send an email to code-quality-leave@python.org
https://mail.python.org/mailman3/lists/code-quality.python.org/
Member address: graffatcolmingov@gmail.com
_______________________________________________
code-quality mailing list -- code-quality@python.org
To unsubscribe send an email to code-quality-leave@python.org
https://mail.python.org/mailman3/lists/code-quality.python.org/
Member address: web.ehooo@gmail.com