You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are some valid use cases for shell=True in subprocess calls. In such cases, a developer may annotate this code with # noqa: S602 in order to indicate to bandit and other tools that this code should not be considered insecure.
We should also honor this annotation when processing this codemod and we should not make changes to lines where this annotation is present.
Implementation
We need to generalize the existing annotation detector in remove-unused-imports so that it can be used in multiple codemods
Make this particular codemod sensitive to the aforementioned annotation
Description
There are some valid use cases for
shell=True
in subprocess calls. In such cases, a developer may annotate this code with# noqa: S602
in order to indicate tobandit
and other tools that this code should not be considered insecure.We should also honor this annotation when processing this codemod and we should not make changes to lines where this annotation is present.
Implementation
remove-unused-imports
so that it can be used in multiple codemodsResources:
https://docs.astral.sh/ruff/rules/subprocess-popen-with-shell-equals-true/
The text was updated successfully, but these errors were encountered: