Fix failing bandit target

Update the excluded list (the previous one was for hacking) to disable the failing test. Also migrate bandit options to pyproject.toml so that these options are consistently used by bandit regardless of caller (tox or pre-commit). Change-Id: I8dacc877c049e1d90aa550378626b06be84406a3 Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
2025-10-03 00:24:19 +09:00
parent efc7696d21
commit 5870b798c8
3 changed files with 6 additions and 11 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -19,13 +19,7 @@ repos:
    rev: 1.8.3
    hooks:
      - id: bandit
-        # E005 file does not begin with #! or have a .sh prefix
-        # E006 check for lines longer than 79 columns
-        # E042 local declaration hides errors
-        # E043 Arithmetic compound has inconsistent return semantics
-        args: ['-n5', '-sE006,E005,E042,E043']
-        files: 'neutron_taas/'
-        exclude: 'neutron_taas/tests'
+        args: ['-n', '5', '-c', 'pyproject.toml']
  - repo: https://github.com/lucas-c/pre-commit-hooks
    rev: v1.5.4
    hooks:
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -2,3 +2,7 @@
 requires = ["pbr>=5.7.0", "setuptools>=64.0.0", "wheel"]
 build-backend = "pbr.build"

+[tool.bandit]
+exclude_dirs = ['neutron_taas/tests']
+# B110 Try, Except, Pass detected
+skips = ['B110']
--- a/tox.ini
+++ b/tox.ini
@@ -106,10 +106,7 @@ import_exceptions = neutron_taas._i18n

 [testenv:bandit]
 deps = {[testenv:pep8]deps}
-# B104: Possible binding to all interfaces
-# B604: any_other_function_with_shell_equals_true
-commands = bandit -r neutron -x tests -n5
-#-s B104,B604
+commands = bandit -n 5 -c pyproject.toml -r neutron_taas

 [testenv:bashate]
 deps = {[testenv:pep8]deps}