diff --git a/crates/ruff_linter/src/rules/flake8_bandit/mod.rs b/crates/ruff_linter/src/rules/flake8_bandit/mod.rs
index 7c3bad60d1..8616052576 100644
--- a/crates/ruff_linter/src/rules/flake8_bandit/mod.rs
+++ b/crates/ruff_linter/src/rules/flake8_bandit/mod.rs
@@ -10,11 +10,11 @@ mod tests {
use anyhow::Result;
use test_case::test_case;
- use crate::assert_diagnostics;
use crate::registry::Rule;
use crate::settings::LinterSettings;
use crate::settings::types::PreviewMode;
use crate::test::test_path;
+ use crate::{assert_diagnostics, assert_diagnostics_diff};
#[test_case(Rule::Assert, Path::new("S101.py"))]
#[test_case(Rule::BadFilePermissions, Path::new("S103.py"))]
@@ -112,14 +112,19 @@ mod tests {
rule_code.noqa_code(),
path.to_string_lossy()
);
- let diagnostics = test_path(
+
+ assert_diagnostics_diff!(
+ snapshot,
Path::new("flake8_bandit").join(path).as_path(),
+ &LinterSettings {
+ preview: PreviewMode::Disabled,
+ ..LinterSettings::for_rule(rule_code)
+ },
&LinterSettings {
preview: PreviewMode::Enabled,
..LinterSettings::for_rule(rule_code)
- },
- )?;
- assert_diagnostics!(snapshot, diagnostics);
+ }
+ );
Ok(())
}
diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S301_S301.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S301_S301.py.snap
index 22be1472f5..6718083b32 100644
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S301_S301.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S301_S301.py.snap
@@ -1,15 +1,15 @@
---
source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
---
-S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
- --> S301.py:3:1
- |
-1 | import pickle
-2 |
-3 | pickle.loads()
- | ^^^^^^^^^^^^^^
- |
+--- Linter settings ---
+-linter.preview = disabled
++linter.preview = enabled
+--- Summary ---
+Removed: 0
+Added: 2
+
+--- Added ---
S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
--> S301.py:7:5
|
@@ -19,6 +19,7 @@ S301 `pickle` and modules that wrap it can be unsafe when used to deserialize un
8 | foo = pickle.load
|
+
S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
--> S301.py:8:7
|
diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S307_S307.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S307_S307.py.snap
index 370c77c3ac..3a040f9d23 100644
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S307_S307.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S307_S307.py.snap
@@ -1,24 +1,15 @@
---
source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
---
-S307 Use of possibly insecure function; consider using `ast.literal_eval`
- --> S307.py:3:7
- |
-1 | import os
-2 |
-3 | print(eval("1+1")) # S307
- | ^^^^^^^^^^^
-4 | print(eval("os.getcwd()")) # S307
- |
+--- Linter settings ---
+-linter.preview = disabled
++linter.preview = enabled
-S307 Use of possibly insecure function; consider using `ast.literal_eval`
- --> S307.py:4:7
- |
-3 | print(eval("1+1")) # S307
-4 | print(eval("os.getcwd()")) # S307
- | ^^^^^^^^^^^^^^^^^^^
- |
+--- Summary ---
+Removed: 0
+Added: 2
+--- Added ---
S307 Use of possibly insecure function; consider using `ast.literal_eval`
--> S307.py:16:5
|
@@ -28,6 +19,7 @@ S307 Use of possibly insecure function; consider using `ast.literal_eval`
17 | foo = eval
|
+
S307 Use of possibly insecure function; consider using `ast.literal_eval`
--> S307.py:17:7
|
diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S308_S308.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S308_S308.py.snap
index c2fcb4b8f1..b224ea3431 100644
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S308_S308.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S308_S308.py.snap
@@ -1,60 +1,37 @@
---
source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
---
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
- --> S308.py:6:5
- |
-4 | def bad_func():
-5 | inject = "harmful_input"
-6 | mark_safe(inject)
- | ^^^^^^^^^^^^^^^^^
-7 | mark_safe("I will add" + inject + "to my string")
-8 | mark_safe("I will add %s to my string" % inject)
- |
+--- Linter settings ---
+-linter.preview = disabled
++linter.preview = enabled
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
- --> S308.py:7:5
- |
-5 | inject = "harmful_input"
-6 | mark_safe(inject)
-7 | mark_safe("I will add" + inject + "to my string")
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-8 | mark_safe("I will add %s to my string" % inject)
-9 | mark_safe("I will add {} to my string".format(inject))
- |
+--- Summary ---
+Removed: 2
+Added: 4
+--- Removed ---
S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
- --> S308.py:8:5
+ --> S308.py:16:1
|
- 6 | mark_safe(inject)
- 7 | mark_safe("I will add" + inject + "to my string")
- 8 | mark_safe("I will add %s to my string" % inject)
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- 9 | mark_safe("I will add {} to my string".format(inject))
-10 | mark_safe(f"I will add {inject} to my string")
+16 | @mark_safe
+ | ^^^^^^^^^^
+17 | def some_func():
+18 | return ''
|
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
- --> S308.py:9:5
- |
- 7 | mark_safe("I will add" + inject + "to my string")
- 8 | mark_safe("I will add %s to my string" % inject)
- 9 | mark_safe("I will add {} to my string".format(inject))
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-10 | mark_safe(f"I will add {inject} to my string")
- |
S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
- --> S308.py:10:5
+ --> S308.py:36:1
|
- 8 | mark_safe("I will add %s to my string" % inject)
- 9 | mark_safe("I will add {} to my string".format(inject))
-10 | mark_safe(f"I will add {inject} to my string")
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-11 |
-12 | def good_func():
+36 | @mark_safe
+ | ^^^^^^^^^^
+37 | def some_func():
+38 | return ''
|
+
+
+--- Added ---
S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
--> S308.py:16:2
|
@@ -64,59 +41,6 @@ S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
18 | return ''
|
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
- --> S308.py:26:5
- |
-24 | def bad_func():
-25 | inject = "harmful_input"
-26 | mark_safe(inject)
- | ^^^^^^^^^^^^^^^^^
-27 | mark_safe("I will add" + inject + "to my string")
-28 | mark_safe("I will add %s to my string" % inject)
- |
-
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
- --> S308.py:27:5
- |
-25 | inject = "harmful_input"
-26 | mark_safe(inject)
-27 | mark_safe("I will add" + inject + "to my string")
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-28 | mark_safe("I will add %s to my string" % inject)
-29 | mark_safe("I will add {} to my string".format(inject))
- |
-
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
- --> S308.py:28:5
- |
-26 | mark_safe(inject)
-27 | mark_safe("I will add" + inject + "to my string")
-28 | mark_safe("I will add %s to my string" % inject)
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-29 | mark_safe("I will add {} to my string".format(inject))
-30 | mark_safe(f"I will add {inject} to my string")
- |
-
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
- --> S308.py:29:5
- |
-27 | mark_safe("I will add" + inject + "to my string")
-28 | mark_safe("I will add %s to my string" % inject)
-29 | mark_safe("I will add {} to my string".format(inject))
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-30 | mark_safe(f"I will add {inject} to my string")
- |
-
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
- --> S308.py:30:5
- |
-28 | mark_safe("I will add %s to my string" % inject)
-29 | mark_safe("I will add {} to my string".format(inject))
-30 | mark_safe(f"I will add {inject} to my string")
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-31 |
-32 | def good_func():
- |
S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
--> S308.py:36:2
@@ -127,6 +51,7 @@ S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
38 | return ''
|
+
S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
--> S308.py:42:5
|
@@ -136,6 +61,7 @@ S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
43 | foo = mark_safe
|
+
S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
--> S308.py:43:7
|
diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S310_S310.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S310_S310.py.snap
index 490d8db719..ab8e823ec7 100644
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S310_S310.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S310_S310.py.snap
@@ -1,260 +1,15 @@
---
source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
---
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:6:1
- |
-4 | urllib.request.urlopen(url=f'http://www.google.com')
-5 | urllib.request.urlopen(url='http://' + 'www' + '.google.com')
-6 | urllib.request.urlopen(url='http://www.google.com', **kwargs)
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-7 | urllib.request.urlopen(url=f'http://www.google.com', **kwargs)
-8 | urllib.request.urlopen('http://www.google.com')
- |
+--- Linter settings ---
+-linter.preview = disabled
++linter.preview = enabled
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:7:1
- |
-5 | urllib.request.urlopen(url='http://' + 'www' + '.google.com')
-6 | urllib.request.urlopen(url='http://www.google.com', **kwargs)
-7 | urllib.request.urlopen(url=f'http://www.google.com', **kwargs)
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-8 | urllib.request.urlopen('http://www.google.com')
-9 | urllib.request.urlopen(f'http://www.google.com')
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:10:1
- |
- 8 | urllib.request.urlopen('http://www.google.com')
- 9 | urllib.request.urlopen(f'http://www.google.com')
-10 | urllib.request.urlopen('file:///foo/bar/baz')
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-11 | urllib.request.urlopen(url)
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:11:1
- |
- 9 | urllib.request.urlopen(f'http://www.google.com')
-10 | urllib.request.urlopen('file:///foo/bar/baz')
-11 | urllib.request.urlopen(url)
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
-12 |
-13 | urllib.request.Request(url='http://www.google.com')
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:16:1
- |
-14 | urllib.request.Request(url=f'http://www.google.com')
-15 | urllib.request.Request(url='http://' + 'www' + '.google.com')
-16 | urllib.request.Request(url='http://www.google.com', **kwargs)
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-17 | urllib.request.Request(url=f'http://www.google.com', **kwargs)
-18 | urllib.request.Request('http://www.google.com')
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:17:1
- |
-15 | urllib.request.Request(url='http://' + 'www' + '.google.com')
-16 | urllib.request.Request(url='http://www.google.com', **kwargs)
-17 | urllib.request.Request(url=f'http://www.google.com', **kwargs)
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-18 | urllib.request.Request('http://www.google.com')
-19 | urllib.request.Request(f'http://www.google.com')
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:20:1
- |
-18 | urllib.request.Request('http://www.google.com')
-19 | urllib.request.Request(f'http://www.google.com')
-20 | urllib.request.Request('file:///foo/bar/baz')
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-21 | urllib.request.Request(url)
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:21:1
- |
-19 | urllib.request.Request(f'http://www.google.com')
-20 | urllib.request.Request('file:///foo/bar/baz')
-21 | urllib.request.Request(url)
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
-22 |
-23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:23:1
- |
-21 | urllib.request.Request(url)
-22 |
-23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:24:1
- |
-23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
-24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:25:1
- |
-23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
-24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:26:1
- |
-24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-28 | urllib.request.URLopener().open('http://www.google.com')
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:27:1
- |
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-28 | urllib.request.URLopener().open('http://www.google.com')
-29 | urllib.request.URLopener().open(f'http://www.google.com')
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:28:1
- |
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-28 | urllib.request.URLopener().open('http://www.google.com')
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:29:1
- |
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-28 | urllib.request.URLopener().open('http://www.google.com')
-29 | urllib.request.URLopener().open(f'http://www.google.com')
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-31 | urllib.request.URLopener().open('file:///foo/bar/baz')
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:30:1
- |
-28 | urllib.request.URLopener().open('http://www.google.com')
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-31 | urllib.request.URLopener().open('file:///foo/bar/baz')
-32 | urllib.request.URLopener().open(url)
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:31:1
- |
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-31 | urllib.request.URLopener().open('file:///foo/bar/baz')
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-32 | urllib.request.URLopener().open(url)
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:32:1
- |
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-31 | urllib.request.URLopener().open('file:///foo/bar/baz')
-32 | urllib.request.URLopener().open(url)
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-33 |
-34 | urllib.request.urlopen(url=urllib.request.Request('http://www.google.com'))
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:37:1
- |
-35 | urllib.request.urlopen(url=urllib.request.Request(f'http://www.google.com'))
-36 | urllib.request.urlopen(url=urllib.request.Request('http://' + 'www' + '.google.com'))
-37 | urllib.request.urlopen(url=urllib.request.Request('http://www.google.com'), **kwargs)
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-38 | urllib.request.urlopen(url=urllib.request.Request(f'http://www.google.com'), **kwargs)
-39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:38:1
- |
-36 | urllib.request.urlopen(url=urllib.request.Request('http://' + 'www' + '.google.com'))
-37 | urllib.request.urlopen(url=urllib.request.Request('http://www.google.com'), **kwargs)
-38 | urllib.request.urlopen(url=urllib.request.Request(f'http://www.google.com'), **kwargs)
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:41:1
- |
-39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-42 | urllib.request.urlopen(urllib.request.Request(url))
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:41:24
- |
-39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-42 | urllib.request.urlopen(urllib.request.Request(url))
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:42:1
- |
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
-42 | urllib.request.urlopen(urllib.request.Request(url))
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:42:24
- |
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
-42 | urllib.request.urlopen(urllib.request.Request(url))
- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
- |
+--- Summary ---
+Removed: 0
+Added: 2
+--- Added ---
S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
--> S310.py:46:5
|
@@ -264,6 +19,7 @@ S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom sch
47 | foo = urllib.request.urlopen
|
+
S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
--> S310.py:47:7
|
diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S311_S311.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S311_S311.py.snap
index a7527710df..8904a2523a 100644
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S311_S311.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S311_S311.py.snap
@@ -1,103 +1,15 @@
---
source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
---
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
- --> S311.py:10:1
- |
- 9 | # Errors
-10 | random.Random()
- | ^^^^^^^^^^^^^^^
-11 | random.random()
-12 | random.randrange()
- |
+--- Linter settings ---
+-linter.preview = disabled
++linter.preview = enabled
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
- --> S311.py:11:1
- |
- 9 | # Errors
-10 | random.Random()
-11 | random.random()
- | ^^^^^^^^^^^^^^^
-12 | random.randrange()
-13 | random.randint()
- |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
- --> S311.py:12:1
- |
-10 | random.Random()
-11 | random.random()
-12 | random.randrange()
- | ^^^^^^^^^^^^^^^^^^
-13 | random.randint()
-14 | random.choice()
- |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
- --> S311.py:13:1
- |
-11 | random.random()
-12 | random.randrange()
-13 | random.randint()
- | ^^^^^^^^^^^^^^^^
-14 | random.choice()
-15 | random.choices()
- |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
- --> S311.py:14:1
- |
-12 | random.randrange()
-13 | random.randint()
-14 | random.choice()
- | ^^^^^^^^^^^^^^^
-15 | random.choices()
-16 | random.uniform()
- |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
- --> S311.py:15:1
- |
-13 | random.randint()
-14 | random.choice()
-15 | random.choices()
- | ^^^^^^^^^^^^^^^^
-16 | random.uniform()
-17 | random.triangular()
- |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
- --> S311.py:16:1
- |
-14 | random.choice()
-15 | random.choices()
-16 | random.uniform()
- | ^^^^^^^^^^^^^^^^
-17 | random.triangular()
-18 | random.randbytes()
- |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
- --> S311.py:17:1
- |
-15 | random.choices()
-16 | random.uniform()
-17 | random.triangular()
- | ^^^^^^^^^^^^^^^^^^^
-18 | random.randbytes()
- |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
- --> S311.py:18:1
- |
-16 | random.uniform()
-17 | random.triangular()
-18 | random.randbytes()
- | ^^^^^^^^^^^^^^^^^^
-19 |
-20 | # Unrelated
- |
+--- Summary ---
+Removed: 0
+Added: 2
+--- Added ---
S311 Standard pseudo-random generators are not suitable for cryptographic purposes
--> S311.py:26:5
|
@@ -107,6 +19,7 @@ S311 Standard pseudo-random generators are not suitable for cryptographic purpos
27 | foo = random.randrange
|
+
S311 Standard pseudo-random generators are not suitable for cryptographic purposes
--> S311.py:27:7
|
diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S312_S312.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S312_S312.py.snap
index f2b0afc046..f055d1b424 100644
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S312_S312.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S312_S312.py.snap
@@ -1,15 +1,15 @@
---
source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
---
-S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
- --> S312.py:3:1
- |
-1 | from telnetlib import Telnet
-2 |
-3 | Telnet("localhost", 23)
- | ^^^^^^^^^^^^^^^^^^^^^^^
- |
+--- Linter settings ---
+-linter.preview = disabled
++linter.preview = enabled
+--- Summary ---
+Removed: 0
+Added: 3
+
+--- Added ---
S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
--> S312.py:7:5
|
@@ -19,6 +19,7 @@ S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
8 | foo = Telnet
|
+
S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
--> S312.py:8:7
|
@@ -30,6 +31,7 @@ S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
10 | import telnetlib
|
+
S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
--> S312.py:11:5
|
@@ -39,13 +41,3 @@ S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
12 |
13 | from typing import Annotated
|
-
-S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
- --> S312.py:14:24
- |
-13 | from typing import Annotated
-14 | foo: Annotated[Telnet, telnetlib.Telnet()]
- | ^^^^^^^^^^^^^^^^^^
-15 |
-16 | def _() -> Telnet: ...
- |
diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S508_S508.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S508_S508.py.snap
index b47cdd7f77..f763850e17 100644
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S508_S508.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S508_S508.py.snap
@@ -1,26 +1,15 @@
---
source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
---
-S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
- --> S508.py:3:25
- |
-1 | from pysnmp.hlapi import CommunityData
-2 |
-3 | CommunityData("public", mpModel=0) # S508
- | ^^^^^^^^^
-4 | CommunityData("public", mpModel=1) # S508
- |
+--- Linter settings ---
+-linter.preview = disabled
++linter.preview = enabled
-S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
- --> S508.py:4:25
- |
-3 | CommunityData("public", mpModel=0) # S508
-4 | CommunityData("public", mpModel=1) # S508
- | ^^^^^^^^^
-5 |
-6 | CommunityData("public", mpModel=2) # OK
- |
+--- Summary ---
+Removed: 0
+Added: 8
+--- Added ---
S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
--> S508.py:18:46
|
@@ -32,6 +21,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
20 | pysnmp.hlapi.v1arch.asyncio.CommunityData("public", mpModel=0) # S508
|
+
S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
--> S508.py:19:58
|
@@ -42,6 +32,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
21 | pysnmp.hlapi.v1arch.CommunityData("public", mpModel=0) # S508
|
+
S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
--> S508.py:20:53
|
@@ -53,6 +44,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
22 | pysnmp.hlapi.v3arch.asyncio.auth.CommunityData("public", mpModel=0) # S508
|
+
S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
--> S508.py:21:45
|
@@ -64,6 +56,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
23 | pysnmp.hlapi.v3arch.asyncio.CommunityData("public", mpModel=0) # S508
|
+
S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
--> S508.py:22:58
|
@@ -75,6 +68,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
24 | pysnmp.hlapi.v3arch.CommunityData("public", mpModel=0) # S508
|
+
S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
--> S508.py:23:53
|
@@ -86,6 +80,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
25 | pysnmp.hlapi.auth.CommunityData("public", mpModel=0) # S508
|
+
S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
--> S508.py:24:45
|
@@ -96,6 +91,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
25 | pysnmp.hlapi.auth.CommunityData("public", mpModel=0) # S508
|
+
S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
--> S508.py:25:43
|
diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S509_S509.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S509_S509.py.snap
index da81c2a630..026e848351 100644
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S509_S509.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S509_S509.py.snap
@@ -1,24 +1,15 @@
---
source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
---
-S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
- --> S509.py:4:12
- |
-4 | insecure = UsmUserData("securityName") # S509
- | ^^^^^^^^^^^
-5 | auth_no_priv = UsmUserData("securityName", "authName") # S509
- |
+--- Linter settings ---
+-linter.preview = disabled
++linter.preview = enabled
-S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
- --> S509.py:5:16
- |
-4 | insecure = UsmUserData("securityName") # S509
-5 | auth_no_priv = UsmUserData("securityName", "authName") # S509
- | ^^^^^^^^^^^
-6 |
-7 | less_insecure = UsmUserData("securityName", "authName", "privName") # OK
- |
+--- Summary ---
+Removed: 0
+Added: 4
+--- Added ---
S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
--> S509.py:15:1
|
@@ -30,6 +21,7 @@ S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv`
17 | pysnmp.hlapi.v3arch.asyncio.auth.UsmUserData("user") # S509
|
+
S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
--> S509.py:16:1
|
@@ -40,6 +32,7 @@ S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv`
18 | pysnmp.hlapi.auth.UsmUserData("user") # S509
|
+
S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
--> S509.py:17:1
|
@@ -50,6 +43,7 @@ S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv`
18 | pysnmp.hlapi.auth.UsmUserData("user") # S509
|
+
S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
--> S509.py:18:1
|