20328535594

Committed 18 Dec 2025 06:46AM UTC coverage: 57.969% (-22.3%) from 80.295%

Build # 20328535594

Build Type

Pull #22954

github

Committed by

web-flow

Commit Message

Merge ccc9c5409 into 407284c67

Pull Request Pull Request #22954: free up disk space in runner image

Run Details

39083 of 67421 relevant lines covered (57.97%)

0.91 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/python/pants/backend/python/lint/bandit/subsystem.py

# Copyright 2020 Pants project contributors (see CONTRIBUTORS.md).
# Licensed under the Apache License, Version 2.0 (see LICENSE).

from __future__ import annotations

from dataclasses import dataclass

from pants.backend.python.goals import lockfile
from pants.backend.python.lint.bandit.skip_field import SkipBanditField
from pants.backend.python.subsystems.python_tool_base import PythonToolBase
from pants.backend.python.target_types import (
    ConsoleScript,
    InterpreterConstraintsField,
    PythonResolveField,
    PythonSourceField,
)
from pants.core.goals.resolves import ExportableTool
from pants.core.util_rules.config_files import ConfigFilesRequest
from pants.engine.rules import collect_rules
from pants.engine.target import FieldSet, Target
from pants.engine.unions import UnionRule
from pants.option.option_types import ArgsListOption, FileOption, SkipOption


@dataclass(frozen=True)
class BanditFieldSet(FieldSet):
    required_fields = (PythonSourceField,)

    source: PythonSourceField
    interpreter_constraints: InterpreterConstraintsField
    resolve: PythonResolveField

    @classmethod
    def opt_out(cls, tgt: Target) -> bool:
        return tgt.get(SkipBanditField).value


class Bandit(PythonToolBase):
    options_scope = "bandit"
    name = "Bandit"
    help_short = (
        "A tool for finding security issues in Python code (https://bandit.readthedocs.io)."
    )

    default_main = ConsoleScript("bandit")
    default_requirements = [
        "bandit>=1.7.0,<1.8",
        # When upgrading, check if Bandit has started using PEP 517 (a `pyproject.toml` file).
        # If so, remove `setuptools` here.
        "setuptools",
        # GitPython 3.1.20 was yanked because it breaks Python 3.8+, but Poetry's lockfile
        # generation still tries to use it.
        "GitPython>=3.1.24",
    ]

    default_lockfile_resource = ("pants.backend.python.lint.bandit", "bandit.lock")

    skip = SkipOption("lint")
    args = ArgsListOption(example="--skip B101,B308 --confidence")
    config = FileOption(
        default=None,
        advanced=True,
        help="Path to a Bandit YAML config file (https://bandit.readthedocs.io/en/latest/config.html).",
    )

    @property
    def config_request(self) -> ConfigFilesRequest:
        # Refer to https://bandit.readthedocs.io/en/latest/config.html. Note that there are no
        # default locations for Bandit config files.
        return ConfigFilesRequest(
            specified=self.config, specified_option_name=f"{self.options_scope}.config"
        )


def rules():
    return (
        *collect_rules(),
        *lockfile.rules(),
        UnionRule(ExportableTool, Bandit),
    )

1	# Copyright 2020 Pants project contributors (see CONTRIBUTORS.md).
2	# Licensed under the Apache License, Version 2.0 (see LICENSE).
3
4	from __future__ import annotations	×
5
6	from dataclasses import dataclass	×
7
8	from pants.backend.python.goals import lockfile	×
9	from pants.backend.python.lint.bandit.skip_field import SkipBanditField	×
10	from pants.backend.python.subsystems.python_tool_base import PythonToolBase	×
11	from pants.backend.python.target_types import (	×
12	ConsoleScript,
13	InterpreterConstraintsField,
14	PythonResolveField,
15	PythonSourceField,
16	)
17	from pants.core.goals.resolves import ExportableTool	×
18	from pants.core.util_rules.config_files import ConfigFilesRequest	×
19	from pants.engine.rules import collect_rules	×
20	from pants.engine.target import FieldSet, Target	×
21	from pants.engine.unions import UnionRule	×
22	from pants.option.option_types import ArgsListOption, FileOption, SkipOption	×
23
24
25	@dataclass(frozen=True)	×
26	class BanditFieldSet(FieldSet):	×
27	required_fields = (PythonSourceField,)	×
28
29	source: PythonSourceField	×
30	interpreter_constraints: InterpreterConstraintsField	×
31	resolve: PythonResolveField	×
32
33	@classmethod	×
34	def opt_out(cls, tgt: Target) -> bool:	×
35	return tgt.get(SkipBanditField).value	×
36
37
38	class Bandit(PythonToolBase):	×
39	options_scope = "bandit"	×
40	name = "Bandit"	×
41	help_short = (	×
42	"A tool for finding security issues in Python code (https://bandit.readthedocs.io)."
43	)
44
45	default_main = ConsoleScript("bandit")	×
46	default_requirements = [	×
47	"bandit>=1.7.0,<1.8",
48	# When upgrading, check if Bandit has started using PEP 517 (a `pyproject.toml` file).
49	# If so, remove `setuptools` here.
50	"setuptools",
51	# GitPython 3.1.20 was yanked because it breaks Python 3.8+, but Poetry's lockfile
52	# generation still tries to use it.
53	"GitPython>=3.1.24",
54	]
55
56	default_lockfile_resource = ("pants.backend.python.lint.bandit", "bandit.lock")	×
57
58	skip = SkipOption("lint")	×
59	args = ArgsListOption(example="--skip B101,B308 --confidence")	×
60	config = FileOption(	×
61	default=None,
62	advanced=True,
63	help="Path to a Bandit YAML config file (https://bandit.readthedocs.io/en/latest/config.html).",
64	)
65
66	@property	×
67	def config_request(self) -> ConfigFilesRequest:	×
68	# Refer to https://bandit.readthedocs.io/en/latest/config.html. Note that there are no
69	# default locations for Bandit config files.
70	return ConfigFilesRequest(	×
71	specified=self.config, specified_option_name=f"{self.options_scope}.config"
72	)
73
74
75	def rules():	×
76	return (	×
77	*collect_rules(),
78	*lockfile.rules(),
79	UnionRule(ExportableTool, Bandit),
80	)

pantsbuild / pants / 20328535594

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous