Use `diagnostic_diff` testing for flake8-bandit preview tests (#21637)

2025-11-26 10:13:45 +01:00 · 2025-11-26 10:13:45 +01:00 · 3dbbb76654
parent b72120f7ef
commit 3dbbb76654
9 changed files with 99 additions and 524 deletions
--- a/crates/ruff_linter/src/rules/flake8_bandit/mod.rs
+++ b/crates/ruff_linter/src/rules/flake8_bandit/mod.rs
@ -10,11 +10,11 @@ mod tests {
    use anyhow::Result;
    use test_case::test_case;

-    use crate::assert_diagnostics;
    use crate::registry::Rule;
    use crate::settings::LinterSettings;
    use crate::settings::types::PreviewMode;
    use crate::test::test_path;
+    use crate::{assert_diagnostics, assert_diagnostics_diff};

    #[test_case(Rule::Assert, Path::new("S101.py"))]
    #[test_case(Rule::BadFilePermissions, Path::new("S103.py"))]
@ -112,14 +112,19 @@ mod tests {
            rule_code.noqa_code(),
            path.to_string_lossy()
        );
-        let diagnostics = test_path(
+
+        assert_diagnostics_diff!(
+            snapshot,
            Path::new("flake8_bandit").join(path).as_path(),
+            &LinterSettings {
+                preview: PreviewMode::Disabled,
+                ..LinterSettings::for_rule(rule_code)
+            },
            &LinterSettings {
                preview: PreviewMode::Enabled,
                ..LinterSettings::for_rule(rule_code)
-            },
-        )?;
-        assert_diagnostics!(snapshot, diagnostics);
+            }
+        );
        Ok(())
    }

--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestspreview__S301_S301.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestspreview__S301_S301.py.snap
@ -1,15 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
- --> S301.py:3:1
-  |
-1 | import pickle
-2 |
-3 | pickle.loads()
-  | ^^^^^^^^^^^^^^
-  |
+--- Linter settings ---
+-linter.preview = disabled
+linter.preview = enabled

+--- Summary ---
+Removed: 0
+Added: 2
+
+--- Added ---
 S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
 --> S301.py:7:5
  |
@ -19,6 +19,7 @@ S301 `pickle` and modules that wrap it can be unsafe when used to deserialize un
 8 | foo = pickle.load
  |

+
 S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
 --> S301.py:8:7
  |
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestspreview__S307_S307.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestspreview__S307_S307.py.snap
@ -1,24 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S307 Use of possibly insecure function; consider using `ast.literal_eval`
- --> S307.py:3:7
-  |
-1 | import os
-2 |
-3 | print(eval("1+1"))  # S307
-  |       ^^^^^^^^^^^
-4 | print(eval("os.getcwd()"))  # S307
-  |
+--- Linter settings ---
+-linter.preview = disabled
+linter.preview = enabled

-S307 Use of possibly insecure function; consider using `ast.literal_eval`
- --> S307.py:4:7
-  |
-3 | print(eval("1+1"))  # S307
-4 | print(eval("os.getcwd()"))  # S307
-  |       ^^^^^^^^^^^^^^^^^^^
-  |
+--- Summary ---
+Removed: 0
+Added: 2

+--- Added ---
 S307 Use of possibly insecure function; consider using `ast.literal_eval`
  --> S307.py:16:5
   |
@ -28,6 +19,7 @@ S307 Use of possibly insecure function; consider using `ast.literal_eval`
 17 | foo = eval
   |

+
 S307 Use of possibly insecure function; consider using `ast.literal_eval`
  --> S307.py:17:7
   |
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestspreview__S308_S308.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestspreview__S308_S308.py.snap
@ -1,60 +1,37 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
- --> S308.py:6:5
-  |
-4 | def bad_func():
-5 |     inject = "harmful_input"
-6 |     mark_safe(inject)
-  |     ^^^^^^^^^^^^^^^^^
-7 |     mark_safe("I will add" + inject + "to my string")
-8 |     mark_safe("I will add %s to my string" % inject)
-  |
+--- Linter settings ---
+-linter.preview = disabled
+linter.preview = enabled

-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
- --> S308.py:7:5
-  |
-5 |     inject = "harmful_input"
-6 |     mark_safe(inject)
-7 |     mark_safe("I will add" + inject + "to my string")
-  |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-8 |     mark_safe("I will add %s to my string" % inject)
-9 |     mark_safe("I will add {} to my string".format(inject))
-  |
+--- Summary ---
+Removed: 2
+Added: 4

+--- Removed ---
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:8:5
+  --> S308.py:16:1
   |
- 6 |     mark_safe(inject)
- 7 |     mark_safe("I will add" + inject + "to my string")
- 8 |     mark_safe("I will add %s to my string" % inject)
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- 9 |     mark_safe("I will add {} to my string".format(inject))
-10 |     mark_safe(f"I will add {inject} to my string")
+16 | @mark_safe
+   | ^^^^^^^^^^
+17 | def some_func():
+18 |     return '<script>alert("evil!")</script>'
   |

-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:9:5
-   |
- 7 |     mark_safe("I will add" + inject + "to my string")
- 8 |     mark_safe("I will add %s to my string" % inject)
- 9 |     mark_safe("I will add {} to my string".format(inject))
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-10 |     mark_safe(f"I will add {inject} to my string")
-   |

 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:10:5
+  --> S308.py:36:1
   |
- 8 |     mark_safe("I will add %s to my string" % inject)
- 9 |     mark_safe("I will add {} to my string".format(inject))
-10 |     mark_safe(f"I will add {inject} to my string")
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-11 |
-12 | def good_func():
+36 | @mark_safe
+   | ^^^^^^^^^^
+37 | def some_func():
+38 |     return '<script>alert("evil!")</script>'
   |

+
+
+--- Added ---
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
  --> S308.py:16:2
   |
@ -64,59 +41,6 @@ S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
 18 |     return '<script>alert("evil!")</script>'
   |

-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:26:5
-   |
-24 | def bad_func():
-25 |     inject = "harmful_input"
-26 |     mark_safe(inject)
-   |     ^^^^^^^^^^^^^^^^^
-27 |     mark_safe("I will add" + inject + "to my string")
-28 |     mark_safe("I will add %s to my string" % inject)
-   |
-
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:27:5
-   |
-25 |     inject = "harmful_input"
-26 |     mark_safe(inject)
-27 |     mark_safe("I will add" + inject + "to my string")
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-28 |     mark_safe("I will add %s to my string" % inject)
-29 |     mark_safe("I will add {} to my string".format(inject))
-   |
-
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:28:5
-   |
-26 |     mark_safe(inject)
-27 |     mark_safe("I will add" + inject + "to my string")
-28 |     mark_safe("I will add %s to my string" % inject)
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-29 |     mark_safe("I will add {} to my string".format(inject))
-30 |     mark_safe(f"I will add {inject} to my string")
-   |
-
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:29:5
-   |
-27 |     mark_safe("I will add" + inject + "to my string")
-28 |     mark_safe("I will add %s to my string" % inject)
-29 |     mark_safe("I will add {} to my string".format(inject))
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-30 |     mark_safe(f"I will add {inject} to my string")
-   |
-
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:30:5
-   |
-28 |     mark_safe("I will add %s to my string" % inject)
-29 |     mark_safe("I will add {} to my string".format(inject))
-30 |     mark_safe(f"I will add {inject} to my string")
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-31 |
-32 | def good_func():
-   |

 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
  --> S308.py:36:2
@ -127,6 +51,7 @@ S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
 38 |     return '<script>alert("evil!")</script>'
   |

+
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
  --> S308.py:42:5
   |
@ -136,6 +61,7 @@ S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
 43 | foo = mark_safe
   |

+
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
  --> S308.py:43:7
   |
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestspreview__S310_S310.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestspreview__S310_S310.py.snap
@ -1,260 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:6:1
-  |
-4 | urllib.request.urlopen(url=f'http://www.google.com')
-5 | urllib.request.urlopen(url='http://' + 'www' + '.google.com')
-6 | urllib.request.urlopen(url='http://www.google.com', **kwargs)
-  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-7 | urllib.request.urlopen(url=f'http://www.google.com', **kwargs)
-8 | urllib.request.urlopen('http://www.google.com')
-  |
+--- Linter settings ---
+-linter.preview = disabled
+linter.preview = enabled

-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:7:1
-  |
-5 | urllib.request.urlopen(url='http://' + 'www' + '.google.com')
-6 | urllib.request.urlopen(url='http://www.google.com', **kwargs)
-7 | urllib.request.urlopen(url=f'http://www.google.com', **kwargs)
-  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-8 | urllib.request.urlopen('http://www.google.com')
-9 | urllib.request.urlopen(f'http://www.google.com')
-  |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:10:1
-   |
- 8 | urllib.request.urlopen('http://www.google.com')
- 9 | urllib.request.urlopen(f'http://www.google.com')
-10 | urllib.request.urlopen('file:///foo/bar/baz')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-11 | urllib.request.urlopen(url)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:11:1
-   |
- 9 | urllib.request.urlopen(f'http://www.google.com')
-10 | urllib.request.urlopen('file:///foo/bar/baz')
-11 | urllib.request.urlopen(url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
-12 |
-13 | urllib.request.Request(url='http://www.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:16:1
-   |
-14 | urllib.request.Request(url=f'http://www.google.com')
-15 | urllib.request.Request(url='http://' + 'www' + '.google.com')
-16 | urllib.request.Request(url='http://www.google.com', **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-17 | urllib.request.Request(url=f'http://www.google.com', **kwargs)
-18 | urllib.request.Request('http://www.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:17:1
-   |
-15 | urllib.request.Request(url='http://' + 'www' + '.google.com')
-16 | urllib.request.Request(url='http://www.google.com', **kwargs)
-17 | urllib.request.Request(url=f'http://www.google.com', **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-18 | urllib.request.Request('http://www.google.com')
-19 | urllib.request.Request(f'http://www.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:20:1
-   |
-18 | urllib.request.Request('http://www.google.com')
-19 | urllib.request.Request(f'http://www.google.com')
-20 | urllib.request.Request('file:///foo/bar/baz')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-21 | urllib.request.Request(url)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:21:1
-   |
-19 | urllib.request.Request(f'http://www.google.com')
-20 | urllib.request.Request('file:///foo/bar/baz')
-21 | urllib.request.Request(url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
-22 |
-23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:23:1
-   |
-21 | urllib.request.Request(url)
-22 |
-23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:24:1
-   |
-23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
-24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:25:1
-   |
-23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
-24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:26:1
-   |
-24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-28 | urllib.request.URLopener().open('http://www.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:27:1
-   |
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-28 | urllib.request.URLopener().open('http://www.google.com')
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:28:1
-   |
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-28 | urllib.request.URLopener().open('http://www.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:29:1
-   |
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-28 | urllib.request.URLopener().open('http://www.google.com')
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-31 | urllib.request.URLopener().open('file:///foo/bar/baz')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:30:1
-   |
-28 | urllib.request.URLopener().open('http://www.google.com')
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-31 | urllib.request.URLopener().open('file:///foo/bar/baz')
-32 | urllib.request.URLopener().open(url)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:31:1
-   |
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-31 | urllib.request.URLopener().open('file:///foo/bar/baz')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-32 | urllib.request.URLopener().open(url)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:32:1
-   |
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-31 | urllib.request.URLopener().open('file:///foo/bar/baz')
-32 | urllib.request.URLopener().open(url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-33 |
-34 | urllib.request.urlopen(url=urllib.request.Request('http://www.google.com'))
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:37:1
-   |
-35 | urllib.request.urlopen(url=urllib.request.Request(f'http://www.google.com'))
-36 | urllib.request.urlopen(url=urllib.request.Request('http://' + 'www' + '.google.com'))
-37 | urllib.request.urlopen(url=urllib.request.Request('http://www.google.com'), **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-38 | urllib.request.urlopen(url=urllib.request.Request(f'http://www.google.com'), **kwargs)
-39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:38:1
-   |
-36 | urllib.request.urlopen(url=urllib.request.Request('http://' + 'www' + '.google.com'))
-37 | urllib.request.urlopen(url=urllib.request.Request('http://www.google.com'), **kwargs)
-38 | urllib.request.urlopen(url=urllib.request.Request(f'http://www.google.com'), **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:41:1
-   |
-39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-42 | urllib.request.urlopen(urllib.request.Request(url))
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:41:24
-   |
-39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
-   |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-42 | urllib.request.urlopen(urllib.request.Request(url))
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:42:1
-   |
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
-42 | urllib.request.urlopen(urllib.request.Request(url))
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:42:24
-   |
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
-42 | urllib.request.urlopen(urllib.request.Request(url))
-   |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^
-   |
+--- Summary ---
+Removed: 0
+Added: 2

+--- Added ---
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
  --> S310.py:46:5
   |
@ -264,6 +19,7 @@ S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom sch
 47 | foo = urllib.request.urlopen
   |

+
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
  --> S310.py:47:7
   |
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestspreview__S311_S311.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestspreview__S311_S311.py.snap
@ -1,103 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:10:1
-   |
- 9 | # Errors
-10 | random.Random()
-   | ^^^^^^^^^^^^^^^
-11 | random.random()
-12 | random.randrange()
-   |
+--- Linter settings ---
+-linter.preview = disabled
+linter.preview = enabled

-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:11:1
-   |
- 9 | # Errors
-10 | random.Random()
-11 | random.random()
-   | ^^^^^^^^^^^^^^^
-12 | random.randrange()
-13 | random.randint()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:12:1
-   |
-10 | random.Random()
-11 | random.random()
-12 | random.randrange()
-   | ^^^^^^^^^^^^^^^^^^
-13 | random.randint()
-14 | random.choice()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:13:1
-   |
-11 | random.random()
-12 | random.randrange()
-13 | random.randint()
-   | ^^^^^^^^^^^^^^^^
-14 | random.choice()
-15 | random.choices()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:14:1
-   |
-12 | random.randrange()
-13 | random.randint()
-14 | random.choice()
-   | ^^^^^^^^^^^^^^^
-15 | random.choices()
-16 | random.uniform()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:15:1
-   |
-13 | random.randint()
-14 | random.choice()
-15 | random.choices()
-   | ^^^^^^^^^^^^^^^^
-16 | random.uniform()
-17 | random.triangular()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:16:1
-   |
-14 | random.choice()
-15 | random.choices()
-16 | random.uniform()
-   | ^^^^^^^^^^^^^^^^
-17 | random.triangular()
-18 | random.randbytes()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:17:1
-   |
-15 | random.choices()
-16 | random.uniform()
-17 | random.triangular()
-   | ^^^^^^^^^^^^^^^^^^^
-18 | random.randbytes()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:18:1
-   |
-16 | random.uniform()
-17 | random.triangular()
-18 | random.randbytes()
-   | ^^^^^^^^^^^^^^^^^^
-19 |
-20 | # Unrelated
-   |
+--- Summary ---
+Removed: 0
+Added: 2

+--- Added ---
 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  --> S311.py:26:5
   |
@ -107,6 +19,7 @@ S311 Standard pseudo-random generators are not suitable for cryptographic purpos
 27 | foo = random.randrange
   |

+
 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  --> S311.py:27:7
   |
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestspreview__S312_S312.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestspreview__S312_S312.py.snap
@ -1,15 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
- --> S312.py:3:1
-  |
-1 | from telnetlib import Telnet
-2 |
-3 | Telnet("localhost", 23)
-  | ^^^^^^^^^^^^^^^^^^^^^^^
-  |
+--- Linter settings ---
+-linter.preview = disabled
+linter.preview = enabled

+--- Summary ---
+Removed: 0
+Added: 3
+
+--- Added ---
 S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
 --> S312.py:7:5
  |
@ -19,6 +19,7 @@ S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
 8 | foo = Telnet
  |

+
 S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
  --> S312.py:8:7
   |
@ -30,6 +31,7 @@ S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
 10 | import telnetlib
   |

+
 S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
  --> S312.py:11:5
   |
@ -39,13 +41,3 @@ S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
 12 |
 13 | from typing import Annotated
   |
-
-S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
-  --> S312.py:14:24
-   |
-13 | from typing import Annotated
-14 | foo: Annotated[Telnet, telnetlib.Telnet()]
-   |                        ^^^^^^^^^^^^^^^^^^
-15 |
-16 | def _() -> Telnet: ...
-   |
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestspreview__S508_S508.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestspreview__S508_S508.py.snap
@ -1,26 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
- --> S508.py:3:25
-  |
-1 | from pysnmp.hlapi import CommunityData
-2 |
-3 | CommunityData("public", mpModel=0)  # S508
-  |                         ^^^^^^^^^
-4 | CommunityData("public", mpModel=1)  # S508
-  |
+--- Linter settings ---
+-linter.preview = disabled
+linter.preview = enabled

-S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
- --> S508.py:4:25
-  |
-3 | CommunityData("public", mpModel=0)  # S508
-4 | CommunityData("public", mpModel=1)  # S508
-  |                         ^^^^^^^^^
-5 |
-6 | CommunityData("public", mpModel=2)  # OK
-  |
+--- Summary ---
+Removed: 0
+Added: 8

+--- Added ---
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
  --> S508.py:18:46
   |
@ -32,6 +21,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 20 | pysnmp.hlapi.v1arch.asyncio.CommunityData("public", mpModel=0)  # S508
   |

+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
  --> S508.py:19:58
   |
@ -42,6 +32,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 21 | pysnmp.hlapi.v1arch.CommunityData("public", mpModel=0)  # S508
   |

+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
  --> S508.py:20:53
   |
@ -53,6 +44,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 22 | pysnmp.hlapi.v3arch.asyncio.auth.CommunityData("public", mpModel=0)  # S508
   |

+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
  --> S508.py:21:45
   |
@ -64,6 +56,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 23 | pysnmp.hlapi.v3arch.asyncio.CommunityData("public", mpModel=0)  # S508
   |

+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
  --> S508.py:22:58
   |
@ -75,6 +68,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 24 | pysnmp.hlapi.v3arch.CommunityData("public", mpModel=0)  # S508
   |

+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
  --> S508.py:23:53
   |
@ -86,6 +80,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 25 | pysnmp.hlapi.auth.CommunityData("public", mpModel=0)  # S508
   |

+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
  --> S508.py:24:45
   |
@ -96,6 +91,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 25 | pysnmp.hlapi.auth.CommunityData("public", mpModel=0)  # S508
   |

+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
  --> S508.py:25:43
   |
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestspreview__S509_S509.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linterrulesflake8_bandittestspreview__S509_S509.py.snap
@ -1,24 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
- --> S509.py:4:12
-  |
-4 | insecure = UsmUserData("securityName")  # S509
-  |            ^^^^^^^^^^^
-5 | auth_no_priv = UsmUserData("securityName", "authName")  # S509
-  |
+--- Linter settings ---
+-linter.preview = disabled
+linter.preview = enabled

-S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
- --> S509.py:5:16
-  |
-4 | insecure = UsmUserData("securityName")  # S509
-5 | auth_no_priv = UsmUserData("securityName", "authName")  # S509
-  |                ^^^^^^^^^^^
-6 |
-7 | less_insecure = UsmUserData("securityName", "authName", "privName")  # OK
-  |
+--- Summary ---
+Removed: 0
+Added: 4

+--- Added ---
 S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
  --> S509.py:15:1
   |
@ -30,6 +21,7 @@ S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv`
 17 | pysnmp.hlapi.v3arch.asyncio.auth.UsmUserData("user")  # S509
   |

+
 S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
  --> S509.py:16:1
   |
@ -40,6 +32,7 @@ S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv`
 18 | pysnmp.hlapi.auth.UsmUserData("user")  # S509
   |

+
 S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
  --> S509.py:17:1
   |
@ -50,6 +43,7 @@ S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv`
 18 | pysnmp.hlapi.auth.UsmUserData("user")  # S509
   |

+
 S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
  --> S509.py:18:1
   |