19000741080

Committed 01 Nov 2025 06:16PM UTC coverage: 80.3% (+0.3%) from 80.004%

Build # 19000741080

Build Type

Pull #22837

github

Committed by

web-flow

Commit Message

Merge 51f49bc90 into da3fb359e

Pull Request Pull Request #22837: Updated Treesitter dependencies

Run Details

77994 of 97128 relevant lines covered (80.3%)

3.35 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

94.44

/src/python/pants/backend/python/lint/bandit/subsystem.py

# Copyright 2020 Pants project contributors (see CONTRIBUTORS.md).
# Licensed under the Apache License, Version 2.0 (see LICENSE).

from __future__ import annotations

from dataclasses import dataclass

from pants.backend.python.goals import lockfile
from pants.backend.python.lint.bandit.skip_field import SkipBanditField
from pants.backend.python.subsystems.python_tool_base import PythonToolBase
from pants.backend.python.target_types import (
    ConsoleScript,
    InterpreterConstraintsField,
    PythonResolveField,
    PythonSourceField,
)
from pants.core.goals.resolves import ExportableTool
from pants.core.util_rules.config_files import ConfigFilesRequest
from pants.engine.rules import collect_rules
from pants.engine.target import FieldSet, Target
from pants.engine.unions import UnionRule
from pants.option.option_types import ArgsListOption, FileOption, SkipOption


@dataclass(frozen=True)
class BanditFieldSet(FieldSet):
    required_fields = (PythonSourceField,)

    source: PythonSourceField
    interpreter_constraints: InterpreterConstraintsField
    resolve: PythonResolveField

    @classmethod
    def opt_out(cls, tgt: Target) -> bool:
        return tgt.get(SkipBanditField).value


class Bandit(PythonToolBase):
    options_scope = "bandit"
    name = "Bandit"
    help_short = (
        "A tool for finding security issues in Python code (https://bandit.readthedocs.io)."
    )

    default_main = ConsoleScript("bandit")
    default_requirements = [
        "bandit>=1.7.0,<1.8",
        # When upgrading, check if Bandit has started using PEP 517 (a `pyproject.toml` file).
        # If so, remove `setuptools` here.
        "setuptools",
        # GitPython 3.1.20 was yanked because it breaks Python 3.8+, but Poetry's lockfile
        # generation still tries to use it.
        "GitPython>=3.1.24",
    ]

    default_lockfile_resource = ("pants.backend.python.lint.bandit", "bandit.lock")

    skip = SkipOption("lint")
    args = ArgsListOption(example="--skip B101,B308 --confidence")
    config = FileOption(
        default=None,
        advanced=True,
        help="Path to a Bandit YAML config file (https://bandit.readthedocs.io/en/latest/config.html).",
    )

    @property
    def config_request(self) -> ConfigFilesRequest:
        # Refer to https://bandit.readthedocs.io/en/latest/config.html. Note that there are no
        # default locations for Bandit config files.
        return ConfigFilesRequest(
            specified=self.config, specified_option_name=f"{self.options_scope}.config"
        )


def rules():
    return (
        *collect_rules(),
        *lockfile.rules(),
        UnionRule(ExportableTool, Bandit),
    )

1	# Copyright 2020 Pants project contributors (see CONTRIBUTORS.md).
2	# Licensed under the Apache License, Version 2.0 (see LICENSE).
3
4	from __future__ import annotations	3✔
5
6	from dataclasses import dataclass	3✔
7
8	from pants.backend.python.goals import lockfile	3✔
9	from pants.backend.python.lint.bandit.skip_field import SkipBanditField	3✔
10	from pants.backend.python.subsystems.python_tool_base import PythonToolBase	3✔
11	from pants.backend.python.target_types import (	3✔
12	ConsoleScript,
13	InterpreterConstraintsField,
14	PythonResolveField,
15	PythonSourceField,
16	)
17	from pants.core.goals.resolves import ExportableTool	3✔
18	from pants.core.util_rules.config_files import ConfigFilesRequest	3✔
19	from pants.engine.rules import collect_rules	3✔
20	from pants.engine.target import FieldSet, Target	3✔
21	from pants.engine.unions import UnionRule	3✔
22	from pants.option.option_types import ArgsListOption, FileOption, SkipOption	3✔
23
24
25	@dataclass(frozen=True)	3✔
26	class BanditFieldSet(FieldSet):	3✔
27	required_fields = (PythonSourceField,)	3✔
28
29	source: PythonSourceField	3✔
30	interpreter_constraints: InterpreterConstraintsField	3✔
31	resolve: PythonResolveField	3✔
32
33	@classmethod	3✔
34	def opt_out(cls, tgt: Target) -> bool:	3✔
35	return tgt.get(SkipBanditField).value	×
36
37
38	class Bandit(PythonToolBase):	3✔
39	options_scope = "bandit"	3✔
40	name = "Bandit"	3✔
41	help_short = (	3✔
42	"A tool for finding security issues in Python code (https://bandit.readthedocs.io)."
43	)
44
45	default_main = ConsoleScript("bandit")	3✔
46	default_requirements = [	3✔
47	"bandit>=1.7.0,<1.8",
48	# When upgrading, check if Bandit has started using PEP 517 (a `pyproject.toml` file).
49	# If so, remove `setuptools` here.
50	"setuptools",
51	# GitPython 3.1.20 was yanked because it breaks Python 3.8+, but Poetry's lockfile
52	# generation still tries to use it.
53	"GitPython>=3.1.24",
54	]
55
56	default_lockfile_resource = ("pants.backend.python.lint.bandit", "bandit.lock")	3✔
57
58	skip = SkipOption("lint")	3✔
59	args = ArgsListOption(example="--skip B101,B308 --confidence")	3✔
60	config = FileOption(	3✔
61	default=None,
62	advanced=True,
63	help="Path to a Bandit YAML config file (https://bandit.readthedocs.io/en/latest/config.html).",
64	)
65
66	@property	3✔
67	def config_request(self) -> ConfigFilesRequest:	3✔
68	# Refer to https://bandit.readthedocs.io/en/latest/config.html. Note that there are no
69	# default locations for Bandit config files.
70	return ConfigFilesRequest(	×
71	specified=self.config, specified_option_name=f"{self.options_scope}.config"
72	)
73
74
75	def rules():	3✔
76	return (	3✔
77	*collect_rules(),
78	*lockfile.rules(),
79	UnionRule(ExportableTool, Bandit),
80	)

pantsbuild / pants / 19000741080

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous