Hello Maxim The only way to extend bandit with your own custom rules is building your own version.
Or if in some future the issue #214 is on a stable version with parameters you will be able to set a directory with your own rules. I know that the bandit internals don't have good documentation, however you have the code to see how it's works. I haven't contributed for a long time, so I'm not sure what is new inside it. There is a lot of PR waiting and I don't know how to push to move it into the stable version. Kind Regards El sáb, 15 may 2021 a las 9:17, Maxim Mosharov (<mmosha...@whitespots.io>) escribió: > Hello :) > Will see your link. > > Actually our customers want to extend bandit by their own rules, that are > internal. > > Some internal method names, functional code, etc. > > It's also not clear, how to debug such extensions easily while development. > > > 02:12, 15 мая 2021 г., Ehooo <web.eh...@gmail.com>: > > Hello Maxim and Ian, > > There is an issue on github #214 > <https://github.com/PyCQA/bandit/issues/214> in order to allow external > plugins on Bandit, however it is not included on the master branch. > You have a small "manual" on the README > <https://github.com/PyCQA/bandit#extending-bandit> about how to extend > Bandit. > > If you want to create a new rule for Bandit i think you should create an > issue on Github and then create a Pull Request, however there are a lot of > PR pending. > > Ian, I'll be happy to help all of you with the PR pending if you want to > give me access. > > Kind regards > > > > El vie, 14 may 2021 a las 13:36, Ian Stapleton Cordasco (< > graffatcolmin...@gmail.com>) escribió: > > I think part of the confusion is that those docs seem to be geared towards > including your test upstream, not keeping it private in a separate project > > Sent from my phone with my typo-happy thumbs. Please excuse my brevity > > On Fri, May 14, 2021, 06:16 Maxim Mosharov via code-quality < > code-quality@python.org> wrote: > > Hi team! > Our clients really need to understand how to customize bandit easily. > We made some videos for them to understand how to work with ast. But all > of us don't even understand how to include our tests to bandit plugins. > > Let's imagine we have the same plugin as it is here > https://bandit.readthedocs.io/en/latest/_modules/bandit/plugins/django_sql_injection.html#django_rawsql_used > . > Can you just make any step-by-step guide? > > PS. It's not step-by-step > https://bandit.readthedocs.io/en/latest/plugins/index.html#writing-tests > > *Maxim Mosharov | CEO* > Email: mmosha...@whitespots.io > Site: https://whitespots.io > > _______________________________________________ > code-quality mailing list -- code-quality@python.org > To unsubscribe send an email to code-quality-le...@python.org > https://mail.python.org/mailman3/lists/code-quality.python.org/ > Member address: graffatcolmin...@gmail.com > > _______________________________________________ > code-quality mailing list -- code-quality@python.org > To unsubscribe send an email to code-quality-le...@python.org > https://mail.python.org/mailman3/lists/code-quality.python.org/ > Member address: web.eh...@gmail.com > > > > -- > Отправлено из мобильного приложения Яндекс.Почты
_______________________________________________ code-quality mailing list -- code-quality@python.org To unsubscribe send an email to code-quality-le...@python.org https://mail.python.org/mailman3/lists/code-quality.python.org/ Member address: arch...@mail-archive.com
