summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKevin Locke <kevin@kevinlocke.name>2019-02-17 14:11:56 -0700
committerKevin Locke <kevin@kevinlocke.name>2019-02-17 14:24:18 -0700
commit52c24007860b1e29c2e2cb318f29aff9889cb3c0 (patch)
treefc24fd3dc06eaad3d613619eef1efe6c9b7009e9
parentc3d4e0983b4b08e61692cdd88990a79525a78707 (diff)
downloadale-52c24007860b1e29c2e2cb318f29aff9889cb3c0.zip
python/bandit: Use .bandit configuration file
Bandit automatically [uses any .bandit file] within the directories on which it is invoked. Since ALE invokes bandit on stdin, it does not load a .bandit file automatically. Add support for automatically finding a .bandit file and passing it to bandit via the --ini option along with a variable to disable this behavior if desired. Note: This is useful for the skips and tests configuration options, but not exclude which would require invoking bandit using a file name, which may or may not be a good trade-off. [uses any .bandit file]: https://github.com/PyCQA/bandit/blob/1.5.1/bandit/cli/main.py#L70-L73 Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
-rw-r--r--ale_linters/python/bandit.vim9
-rw-r--r--doc/ale-python.txt11
-rw-r--r--test/command_callback/python_paths/with_bandit/.bandit0
-rw-r--r--test/command_callback/python_paths/with_bandit/namespace/foo/__init__.py0
-rw-r--r--test/command_callback/python_paths/with_bandit/namespace/foo/bar.py0
-rw-r--r--test/command_callback/test_bandit_command_callback.vader22
6 files changed, 42 insertions, 0 deletions
diff --git a/ale_linters/python/bandit.vim b/ale_linters/python/bandit.vim
index 819c83aa..5c9500a6 100644
--- a/ale_linters/python/bandit.vim
+++ b/ale_linters/python/bandit.vim
@@ -3,6 +3,7 @@
call ale#Set('python_bandit_executable', 'bandit')
call ale#Set('python_bandit_options', '')
+call ale#Set('python_bandit_use_config', 1)
call ale#Set('python_bandit_use_global', get(g:, 'ale_use_global_executables', 0))
call ale#Set('python_bandit_auto_pipenv', 0)
@@ -22,6 +23,14 @@ function! ale_linters#python#bandit#GetCommand(buffer) abort
let l:flags = ' --format custom'
\ . ' --msg-template "{line}:{test_id}:{severity}:{msg}" '
+ if ale#Var(a:buffer, 'python_bandit_use_config')
+ let l:config_path = ale#path#FindNearestFile(a:buffer, '.bandit')
+
+ if !empty(l:config_path)
+ let l:flags = ' --ini ' . ale#Escape(l:config_path) . l:flags
+ endif
+ endif
+
let l:exec_args = l:executable =~? 'pipenv$'
\ ? ' run bandit'
\ : ''
diff --git a/doc/ale-python.txt b/doc/ale-python.txt
index f74e4e83..9326d6d5 100644
--- a/doc/ale-python.txt
+++ b/doc/ale-python.txt
@@ -88,6 +88,17 @@ g:ale_python_bandit_options *g:ale_python_bandit_options*
bandit invocation.
+g:ale_python_bandit_use_config *g:ale_python_bandit_use_config*
+ *b:ale_python_bandit_use_config*
+ Type: |Number|
+ Default: `1`
+
+ If this variable is true and a `.bandit` file exists in the directory of the
+ file being checked or a parent directory, an `--ini` option is added to the
+ `bandit` command for the nearest `.bandit` file. Set this variable false to
+ disable adding the `--ini` option automatically.
+
+
g:ale_python_bandit_use_global *g:ale_python_bandit_use_global*
*b:ale_python_bandit_use_global*
Type: |Number|
diff --git a/test/command_callback/python_paths/with_bandit/.bandit b/test/command_callback/python_paths/with_bandit/.bandit
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/test/command_callback/python_paths/with_bandit/.bandit
diff --git a/test/command_callback/python_paths/with_bandit/namespace/foo/__init__.py b/test/command_callback/python_paths/with_bandit/namespace/foo/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/test/command_callback/python_paths/with_bandit/namespace/foo/__init__.py
diff --git a/test/command_callback/python_paths/with_bandit/namespace/foo/bar.py b/test/command_callback/python_paths/with_bandit/namespace/foo/bar.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/test/command_callback/python_paths/with_bandit/namespace/foo/bar.py
diff --git a/test/command_callback/test_bandit_command_callback.vader b/test/command_callback/test_bandit_command_callback.vader
index 5d1e6fd3..274ce901 100644
--- a/test/command_callback/test_bandit_command_callback.vader
+++ b/test/command_callback/test_bandit_command_callback.vader
@@ -47,3 +47,25 @@ Execute(Pipenv is detected when python_bandit_auto_pipenv is set):
\ . ' run bandit'
\ . b:bandit_flags
\ . ' -'
+
+Execute(The bandit command callback should add .bandit by default):
+ silent execute 'file ' . fnameescape(g:dir . '/python_paths/with_bandit/namespace/foo/bar.py')
+
+ let b:config_path = ale#path#Simplify(
+ \ g:dir . '/python_paths/with_bandit/.bandit'
+ \)
+
+ AssertLinter 'bandit',
+ \ ale#Escape('bandit')
+ \ . ' --ini ' . ale#Escape(b:config_path)
+ \ . b:bandit_flags
+ \ . ' -'
+
+Execute(The bandit command callback should support not using .bandit):
+ silent execute 'file ' . fnameescape(g:dir . '/python_paths/with_bandit/subdir/foo/bar.py')
+ let g:ale_python_bandit_use_config = 0
+
+ AssertLinter 'bandit',
+ \ ale#Escape('bandit')
+ \ . b:bandit_flags
+ \ . ' -'