Bandit customization
I think part of the confusion is that those docs seem to be geared towards including your test upstream, not keeping it private in a separate project Sent from my phone with my typo-happy thumbs. Please excuse my brevity On Fri, May 14, 2021, 06:16 Maxim Mosharov via code-quality < code-quality@python.org> wrote:
Hi team! Our clients really need to understand how to customize bandit easily. We made some videos for them to understand how to work with ast. But all of us don't even understand how to include our tests to bandit plugins.
Let's imagine we have the same plugin as it is here https://bandit.readthedocs.io/en/latest/_modules/bandit/plugins/django_sql_i... . Can you just make any step-by-step guide?
PS. It's not step-by-step https://bandit.readthedocs.io/en/latest/plugins/index.html#writing-tests
*Maxim Mosharov | CEO* Email: mmosharov@whitespots.io Site: https://whitespots.io
_______________________________________________ code-quality mailing list -- code-quality@python.org To unsubscribe send an email to code-quality-leave@python.org https://mail.python.org/mailman3/lists/code-quality.python.org/ Member address: graffatcolmingov@gmail.com
Hello Maxim and Ian, There is an issue on github #214 https://github.com/PyCQA/bandit/issues/214 in order to allow external plugins on Bandit, however it is not included on the master branch. You have a small "manual" on the README https://github.com/PyCQA/bandit#extending-bandit about how to extend Bandit. If you want to create a new rule for Bandit i think you should create an issue on Github and then create a Pull Request, however there are a lot of PR pending. Ian, I'll be happy to help all of you with the PR pending if you want to give me access. Kind regards El vie, 14 may 2021 a las 13:36, Ian Stapleton Cordasco (< graffatcolmingov@gmail.com>) escribió:
I think part of the confusion is that those docs seem to be geared towards including your test upstream, not keeping it private in a separate project
Sent from my phone with my typo-happy thumbs. Please excuse my brevity
On Fri, May 14, 2021, 06:16 Maxim Mosharov via code-quality < code-quality@python.org> wrote:
Hi team! Our clients really need to understand how to customize bandit easily. We made some videos for them to understand how to work with ast. But all of us don't even understand how to include our tests to bandit plugins.
Let's imagine we have the same plugin as it is here https://bandit.readthedocs.io/en/latest/_modules/bandit/plugins/django_sql_i... . Can you just make any step-by-step guide?
PS. It's not step-by-step https://bandit.readthedocs.io/en/latest/plugins/index.html#writing-tests
*Maxim Mosharov | CEO* Email: mmosharov@whitespots.io Site: https://whitespots.io
_______________________________________________ code-quality mailing list -- code-quality@python.org To unsubscribe send an email to code-quality-leave@python.org https://mail.python.org/mailman3/lists/code-quality.python.org/ Member address: graffatcolmingov@gmail.com
_______________________________________________ code-quality mailing list -- code-quality@python.org To unsubscribe send an email to code-quality-leave@python.org https://mail.python.org/mailman3/lists/code-quality.python.org/ Member address: web.ehooo@gmail.com
Hello Maxim
The only way to extend bandit with your own custom rules is building your
own version.
Or if in some future the issue #214 is on a stable version with parameters
you will be able to set a directory with your own rules.
I know that the bandit internals don't have good documentation, however you
have the code to see how it's works.
I haven't contributed for a long time, so I'm not sure what is new inside
it.
There is a lot of PR waiting and I don't know how to push to move it into
the stable version.
Kind Regards
El sáb, 15 may 2021 a las 9:17, Maxim Mosharov (
Hello :) Will see your link.
Actually our customers want to extend bandit by their own rules, that are internal.
Some internal method names, functional code, etc.
It's also not clear, how to debug such extensions easily while development.
02:12, 15 мая 2021 г., Ehooo
: Hello Maxim and Ian,
There is an issue on github #214 https://github.com/PyCQA/bandit/issues/214 in order to allow external plugins on Bandit, however it is not included on the master branch. You have a small "manual" on the README https://github.com/PyCQA/bandit#extending-bandit about how to extend Bandit.
If you want to create a new rule for Bandit i think you should create an issue on Github and then create a Pull Request, however there are a lot of PR pending.
Ian, I'll be happy to help all of you with the PR pending if you want to give me access.
Kind regards
El vie, 14 may 2021 a las 13:36, Ian Stapleton Cordasco (< graffatcolmingov@gmail.com>) escribió:
I think part of the confusion is that those docs seem to be geared towards including your test upstream, not keeping it private in a separate project
Sent from my phone with my typo-happy thumbs. Please excuse my brevity
On Fri, May 14, 2021, 06:16 Maxim Mosharov via code-quality < code-quality@python.org> wrote:
Hi team! Our clients really need to understand how to customize bandit easily. We made some videos for them to understand how to work with ast. But all of us don't even understand how to include our tests to bandit plugins.
Let's imagine we have the same plugin as it is here https://bandit.readthedocs.io/en/latest/_modules/bandit/plugins/django_sql_i... . Can you just make any step-by-step guide?
PS. It's not step-by-step https://bandit.readthedocs.io/en/latest/plugins/index.html#writing-tests
*Maxim Mosharov | CEO* Email: mmosharov@whitespots.io Site: https://whitespots.io
_______________________________________________ code-quality mailing list -- code-quality@python.org To unsubscribe send an email to code-quality-leave@python.org https://mail.python.org/mailman3/lists/code-quality.python.org/ Member address: graffatcolmingov@gmail.com
_______________________________________________ code-quality mailing list -- code-quality@python.org To unsubscribe send an email to code-quality-leave@python.org https://mail.python.org/mailman3/lists/code-quality.python.org/ Member address: web.ehooo@gmail.com
-- Отправлено из мобильного приложения Яндекс.Почты
participants (3)
-
Ehooo
-
Ian Stapleton Cordasco
-
Maxim Mosharov