f-strings marked with a # nosec BXXX show an incorrect warning about no failed tests appears #1204
Open
Description
Describe the bug
When running bandit against code using f-strings that are marked with # nosec BXXX a warning appears when there should not be one. This happens for both single-line and multi-line f-strings. The behaviour is not present when using blanket nosec or when using template strings.
Works:
table = "my_table"
query = f"SELECT * FROM {table} WHERE True" # nosectable = "my_table"
query = (f"SELECT * "
f"FROM {table} " # nosec
f"WHERE True")table = "my_table"
query = ("SELECT * "
"FROM {} " # nosec B608
"WHERE True".format(table)
)Incorrect Warning:
[tester] WARNING nosec encountered (B608), but no failed test on line 3
table = "my_table"
query = (f"SELECT * "
f"FROM {table} " # nosec B608
f"WHERE True")[tester] WARNING nosec encountered (B608), but no failed test on line 2
table = "my_table"
query = f"SELECT * FROM {table} WHERE True" # nosec B608Reproduction steps
1. Create a file foo.py with the following code:
table = "my_table"
query = f"SELECT * FROM {table} WHERE True" # nosec B608
2. Run `bandit foo.py`
3. Notice that in the run info there is a warning:
`[tester] WARNING nosec encountered (B608), but no failed test on line 2`Expected behavior
No warning appears when the a nosec correctly applies to a failed test.
Bandit version
1.7.10 (Default)
Python version
3.12
Additional context
This seems related to #942, #1003, #1041 and #1092
While playing around I applied the patch from #1004 but that did not resolve this issue.
Activity