Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

subprocess-shell-false should honor # noqa: S602 #249

Closed
drdavella opened this issue Feb 12, 2024 · 0 comments · Fixed by #259
Closed

subprocess-shell-false should honor # noqa: S602 #249

drdavella opened this issue Feb 12, 2024 · 0 comments · Fixed by #259
Assignees
Labels
enhancement New feature or request

Comments

@drdavella
Copy link
Member

Description

There are some valid use cases for shell=True in subprocess calls. In such cases, a developer may annotate this code with # noqa: S602 in order to indicate to bandit and other tools that this code should not be considered insecure.

We should also honor this annotation when processing this codemod and we should not make changes to lines where this annotation is present.

Implementation

  • We need to generalize the existing annotation detector in remove-unused-imports so that it can be used in multiple codemods
  • Make this particular codemod sensitive to the aforementioned annotation
  • Add some good unit tests

Resources:

https://docs.astral.sh/ruff/rules/subprocess-popen-with-shell-equals-true/

@drdavella drdavella added the enhancement New feature or request label Feb 12, 2024
@drdavella drdavella self-assigned this Feb 12, 2024
@drdavella drdavella linked a pull request Feb 13, 2024 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant