-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please consider requiring opt-in for some of the new subprocess rules #4054
Comments
A similar |
Has there been any update on this? We're still capping the version to avoid these rules. |
Sorry @ofek, I'll make a decision on this today. |
A couple observations, to put some of my internal dialogue down on "paper":
Given these observations, I feel a bit torn. I'd probably rather remove these rules than make them opt-in via a special mechanism. Can I ask why you don't P.S. Separately, is |
I can do that but I opened this issue because I don't think it was known that such calls are effectively banned by default now. If you're now aware and okay with that then feel free to close this! |
One solution I am considering here (which goes beyond this specific case) is adding a "pedantic" or "opinionated" rule concept, for rules that require explicit opt-in via |
@charliermarsh would that be a new RuleGroup variant? |
@evanrittenhouse - Yes. The main downside though is it will be confusing and surprising to users that (e.g.) |
What's the main motivation for keeping the same name? Is it so that users can copy-paste their configuration without any changes? Or is it mainly for discoverability (which could be solved by maintaining a mapping table between rules), or are there other reasons? |
Do you mean, why keep these rules under Bandit? |
Yes, why keep the S603 name |
It may not be the correct decision, but the arguments in favor would be:
|
The ones I think should be disabled by default:
For example, the documented textbook case for S603 is
subprocess.check_output(['/bin/ls', '-l'])
. That is literally perfect usage of subprocess, it cannot be made better other than simply outright banning the use of subprocess.Pretty much all our repositories fail now with many examples but I'll just give one:
The text was updated successfully, but these errors were encountered: