Enable Ruff's flake8-bandit checks

2025-02-25 18:55:22 -06:00 · 2022-12-29 23:46:04 +00:00 · 2022-12-29 23:46:04 +00:00 · 7fb45a9058
commit 7fb45a9058
parent b5357774a7
4 changed files with 11 additions and 7 deletions
--- a/pyproject.toml
+++ b/pyproject.toml
@ -161,6 +161,9 @@ ignore = [
    "PGH003",
    # pylint
    "PLC2201",
+    # flake8-bandit
+    "S101",  # assert used
+    "S105",  # possible hardcoded password
 ]
 external = [  # Whitelist for RUF100 unkown code warnings
    "E704",
@ -179,6 +182,7 @@ select = [
    "PLE", # pylint
    "PLR", # pylint
    "PLW", # pylint
+    "S",   # flake8-bandit
    "SIM", # flake8-simplify
    "RUF100",  # yesqa
 ]
--- a/sphinx/config.py
+++ b/sphinx/config.py
@ -347,7 +347,7 @@ def eval_config_file(filename: str, tags: Optional[Tags]) -> Dict[str, Any]:
        try:
            with open(filename, 'rb') as f:
                code = compile(f.read(), filename.encode(fs_encoding), 'exec')
-                exec(code, namespace)
+                exec(code, namespace)  # NoQA: S102
        except SyntaxError as err:
            msg = __("There is a syntax error in your configuration file: %s\n")
            raise ConfigError(msg % err) from err
--- a/sphinx/ext/doctest.py
+++ b/sphinx/ext/doctest.py
@ -382,10 +382,10 @@ Doctest summary
            condition = node['skipif']
            context: Dict[str, Any] = {}
            if self.config.doctest_global_setup:
-                exec(self.config.doctest_global_setup, context)
+                exec(self.config.doctest_global_setup, context)  # NoQA: S102
            should_skip = eval(condition, context)  # NoQA: PGH001
            if self.config.doctest_global_cleanup:
-                exec(self.config.doctest_global_cleanup, context)
+                exec(self.config.doctest_global_cleanup, context)  # NoQA: S102
            return should_skip

    def test_doc(self, docname: str, doctree: Node) -> None:
--- a/tests/test_quickstart.py
+++ b/tests/test_quickstart.py
@ -100,7 +100,7 @@ def test_quickstart_defaults(tempdir):
    conffile = tempdir / 'conf.py'
    assert conffile.isfile()
    ns = {}
-    exec(conffile.read_text(encoding='utf8'), ns)
+    exec(conffile.read_text(encoding='utf8'), ns)  # NoQA: S102
    assert ns['extensions'] == []
    assert ns['templates_path'] == ['_templates']
    assert ns['project'] == 'Sphinx Test'
@ -150,7 +150,7 @@ def test_quickstart_all_answers(tempdir):
    conffile = tempdir / 'source' / 'conf.py'
    assert conffile.isfile()
    ns = {}
-    exec(conffile.read_text(encoding='utf8'), ns)
+    exec(conffile.read_text(encoding='utf8'), ns)  # NoQA: S102
    assert ns['extensions'] == [
        'sphinx.ext.autodoc', 'sphinx.ext.doctest', 'sphinx.ext.todo'
    ]
@ -231,7 +231,7 @@ def test_default_filename(tempdir):
    conffile = tempdir / 'conf.py'
    assert conffile.isfile()
    ns = {}
-    exec(conffile.read_text(encoding='utf8'), ns)
+    exec(conffile.read_text(encoding='utf8'), ns)  # NoQA: S102


 def test_extensions(tempdir):
@ -241,7 +241,7 @@ def test_extensions(tempdir):
    conffile = tempdir / 'conf.py'
    assert conffile.isfile()
    ns = {}
-    exec(conffile.read_text(encoding='utf8'), ns)
+    exec(conffile.read_text(encoding='utf8'), ns)  # NoQA: S102
    assert ns['extensions'] == ['foo', 'bar', 'baz']