Use `diagnostic_diff` testing for flake8-bandit preview tests (#21637)

crates/ruff_linter/src/rules/flake8_bandit/mod.rs

@@ -10,11 +10,11 @@ mod tests {
     use anyhow::Result;
     use test_case::test_case;
 
-    use crate::assert_diagnostics;
     use crate::registry::Rule;
     use crate::settings::LinterSettings;
     use crate::settings::types::PreviewMode;
     use crate::test::test_path;
+    use crate::{assert_diagnostics, assert_diagnostics_diff};
 
     #[test_case(Rule::Assert, Path::new("S101.py"))]
     #[test_case(Rule::BadFilePermissions, Path::new("S103.py"))]
@@ -112,14 +112,19 @@ mod tests {
             rule_code.noqa_code(),
             path.to_string_lossy()
         );
-        let diagnostics = test_path(
+
+        assert_diagnostics_diff!(
+            snapshot,
             Path::new("flake8_bandit").join(path).as_path(),
+            &LinterSettings {
+                preview: PreviewMode::Disabled,
+                ..LinterSettings::for_rule(rule_code)
+            },
             &LinterSettings {
                 preview: PreviewMode::Enabled,
                 ..LinterSettings::for_rule(rule_code)
-            },
+            }
-        )?;
+        );
-        assert_diagnostics!(snapshot, diagnostics);
         Ok(())
     }
 

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S301_S301.py.snap

@@ -1,15 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
+--- Linter settings ---
- --> S301.py:3:1
+-linter.preview = disabled
-  |
++linter.preview = enabled
-1 | import pickle
-2 |
-3 | pickle.loads()
-  | ^^^^^^^^^^^^^^
-  |
 
+--- Summary ---
+Removed: 0
+Added: 2
+
+--- Added ---
 S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
  --> S301.py:7:5
   |
@@ -19,6 +19,7 @@ S301 `pickle` and modules that wrap it can be unsafe when used to deserialize un
 8 | foo = pickle.load
   |
 
+
 S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
  --> S301.py:8:7
   |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S307_S307.py.snap

@@ -1,24 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S307 Use of possibly insecure function; consider using `ast.literal_eval`
+--- Linter settings ---
- --> S307.py:3:7
+-linter.preview = disabled
-  |
++linter.preview = enabled
-1 | import os
-2 |
-3 | print(eval("1+1"))  # S307
-  |       ^^^^^^^^^^^
-4 | print(eval("os.getcwd()"))  # S307
-  |
 
-S307 Use of possibly insecure function; consider using `ast.literal_eval`
+--- Summary ---
- --> S307.py:4:7
+Removed: 0
-  |
+Added: 2
-3 | print(eval("1+1"))  # S307
-4 | print(eval("os.getcwd()"))  # S307
-  |       ^^^^^^^^^^^^^^^^^^^
-  |
 
+--- Added ---
 S307 Use of possibly insecure function; consider using `ast.literal_eval`
   --> S307.py:16:5
    |
@@ -28,6 +19,7 @@ S307 Use of possibly insecure function; consider using `ast.literal_eval`
 17 | foo = eval
    |
 
+
 S307 Use of possibly insecure function; consider using `ast.literal_eval`
   --> S307.py:17:7
    |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S308_S308.py.snap

@@ -1,60 +1,37 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
+--- Linter settings ---
- --> S308.py:6:5
+-linter.preview = disabled
-  |
++linter.preview = enabled
-4 | def bad_func():
-5 |     inject = "harmful_input"
-6 |     mark_safe(inject)
-  |     ^^^^^^^^^^^^^^^^^
-7 |     mark_safe("I will add" + inject + "to my string")
-8 |     mark_safe("I will add %s to my string" % inject)
-  |
 
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
+--- Summary ---
- --> S308.py:7:5
+Removed: 2
-  |
+Added: 4
-5 |     inject = "harmful_input"
-6 |     mark_safe(inject)
-7 |     mark_safe("I will add" + inject + "to my string")
-  |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-8 |     mark_safe("I will add %s to my string" % inject)
-9 |     mark_safe("I will add {} to my string".format(inject))
-  |
 
+--- Removed ---
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:8:5
+  --> S308.py:16:1
    |
- 6 |     mark_safe(inject)
+16 | @mark_safe
- 7 |     mark_safe("I will add" + inject + "to my string")
+   | ^^^^^^^^^^
- 8 |     mark_safe("I will add %s to my string" % inject)
+17 | def some_func():
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+18 |     return '<script>alert("evil!")</script>'
- 9 |     mark_safe("I will add {} to my string".format(inject))
-10 |     mark_safe(f"I will add {inject} to my string")
    |
 
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:9:5
-   |
- 7 |     mark_safe("I will add" + inject + "to my string")
- 8 |     mark_safe("I will add %s to my string" % inject)
- 9 |     mark_safe("I will add {} to my string".format(inject))
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-10 |     mark_safe(f"I will add {inject} to my string")
-   |
 
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:10:5
+  --> S308.py:36:1
    |
- 8 |     mark_safe("I will add %s to my string" % inject)
+36 | @mark_safe
- 9 |     mark_safe("I will add {} to my string".format(inject))
+   | ^^^^^^^^^^
-10 |     mark_safe(f"I will add {inject} to my string")
+37 | def some_func():
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+38 |     return '<script>alert("evil!")</script>'
-11 |
-12 | def good_func():
    |
 
+
+
+--- Added ---
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
   --> S308.py:16:2
    |
@@ -64,59 +41,6 @@ S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
 18 |     return '<script>alert("evil!")</script>'
    |
 
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:26:5
-   |
-24 | def bad_func():
-25 |     inject = "harmful_input"
-26 |     mark_safe(inject)
-   |     ^^^^^^^^^^^^^^^^^
-27 |     mark_safe("I will add" + inject + "to my string")
-28 |     mark_safe("I will add %s to my string" % inject)
-   |
-
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:27:5
-   |
-25 |     inject = "harmful_input"
-26 |     mark_safe(inject)
-27 |     mark_safe("I will add" + inject + "to my string")
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-28 |     mark_safe("I will add %s to my string" % inject)
-29 |     mark_safe("I will add {} to my string".format(inject))
-   |
-
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:28:5
-   |
-26 |     mark_safe(inject)
-27 |     mark_safe("I will add" + inject + "to my string")
-28 |     mark_safe("I will add %s to my string" % inject)
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-29 |     mark_safe("I will add {} to my string".format(inject))
-30 |     mark_safe(f"I will add {inject} to my string")
-   |
-
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:29:5
-   |
-27 |     mark_safe("I will add" + inject + "to my string")
-28 |     mark_safe("I will add %s to my string" % inject)
-29 |     mark_safe("I will add {} to my string".format(inject))
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-30 |     mark_safe(f"I will add {inject} to my string")
-   |
-
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:30:5
-   |
-28 |     mark_safe("I will add %s to my string" % inject)
-29 |     mark_safe("I will add {} to my string".format(inject))
-30 |     mark_safe(f"I will add {inject} to my string")
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-31 |
-32 | def good_func():
-   |
 
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
   --> S308.py:36:2
@@ -127,6 +51,7 @@ S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
 38 |     return '<script>alert("evil!")</script>'
    |
 
+
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
   --> S308.py:42:5
    |
@@ -136,6 +61,7 @@ S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
 43 | foo = mark_safe
    |
 
+
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
   --> S308.py:43:7
    |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S310_S310.py.snap

@@ -1,260 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+--- Linter settings ---
- --> S310.py:6:1
+-linter.preview = disabled
-  |
++linter.preview = enabled
-4 | urllib.request.urlopen(url=f'http://www.google.com')
-5 | urllib.request.urlopen(url='http://' + 'www' + '.google.com')
-6 | urllib.request.urlopen(url='http://www.google.com', **kwargs)
-  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-7 | urllib.request.urlopen(url=f'http://www.google.com', **kwargs)
-8 | urllib.request.urlopen('http://www.google.com')
-  |
 
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+--- Summary ---
- --> S310.py:7:1
+Removed: 0
-  |
+Added: 2
-5 | urllib.request.urlopen(url='http://' + 'www' + '.google.com')
-6 | urllib.request.urlopen(url='http://www.google.com', **kwargs)
-7 | urllib.request.urlopen(url=f'http://www.google.com', **kwargs)
-  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-8 | urllib.request.urlopen('http://www.google.com')
-9 | urllib.request.urlopen(f'http://www.google.com')
-  |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:10:1
-   |
- 8 | urllib.request.urlopen('http://www.google.com')
- 9 | urllib.request.urlopen(f'http://www.google.com')
-10 | urllib.request.urlopen('file:///foo/bar/baz')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-11 | urllib.request.urlopen(url)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:11:1
-   |
- 9 | urllib.request.urlopen(f'http://www.google.com')
-10 | urllib.request.urlopen('file:///foo/bar/baz')
-11 | urllib.request.urlopen(url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
-12 |
-13 | urllib.request.Request(url='http://www.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:16:1
-   |
-14 | urllib.request.Request(url=f'http://www.google.com')
-15 | urllib.request.Request(url='http://' + 'www' + '.google.com')
-16 | urllib.request.Request(url='http://www.google.com', **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-17 | urllib.request.Request(url=f'http://www.google.com', **kwargs)
-18 | urllib.request.Request('http://www.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:17:1
-   |
-15 | urllib.request.Request(url='http://' + 'www' + '.google.com')
-16 | urllib.request.Request(url='http://www.google.com', **kwargs)
-17 | urllib.request.Request(url=f'http://www.google.com', **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-18 | urllib.request.Request('http://www.google.com')
-19 | urllib.request.Request(f'http://www.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:20:1
-   |
-18 | urllib.request.Request('http://www.google.com')
-19 | urllib.request.Request(f'http://www.google.com')
-20 | urllib.request.Request('file:///foo/bar/baz')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-21 | urllib.request.Request(url)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:21:1
-   |
-19 | urllib.request.Request(f'http://www.google.com')
-20 | urllib.request.Request('file:///foo/bar/baz')
-21 | urllib.request.Request(url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
-22 |
-23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:23:1
-   |
-21 | urllib.request.Request(url)
-22 |
-23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:24:1
-   |
-23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
-24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:25:1
-   |
-23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
-24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:26:1
-   |
-24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-28 | urllib.request.URLopener().open('http://www.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:27:1
-   |
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-28 | urllib.request.URLopener().open('http://www.google.com')
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:28:1
-   |
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-28 | urllib.request.URLopener().open('http://www.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:29:1
-   |
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-28 | urllib.request.URLopener().open('http://www.google.com')
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-31 | urllib.request.URLopener().open('file:///foo/bar/baz')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:30:1
-   |
-28 | urllib.request.URLopener().open('http://www.google.com')
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-31 | urllib.request.URLopener().open('file:///foo/bar/baz')
-32 | urllib.request.URLopener().open(url)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:31:1
-   |
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-31 | urllib.request.URLopener().open('file:///foo/bar/baz')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-32 | urllib.request.URLopener().open(url)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:32:1
-   |
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-31 | urllib.request.URLopener().open('file:///foo/bar/baz')
-32 | urllib.request.URLopener().open(url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-33 |
-34 | urllib.request.urlopen(url=urllib.request.Request('http://www.google.com'))
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:37:1
-   |
-35 | urllib.request.urlopen(url=urllib.request.Request(f'http://www.google.com'))
-36 | urllib.request.urlopen(url=urllib.request.Request('http://' + 'www' + '.google.com'))
-37 | urllib.request.urlopen(url=urllib.request.Request('http://www.google.com'), **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-38 | urllib.request.urlopen(url=urllib.request.Request(f'http://www.google.com'), **kwargs)
-39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:38:1
-   |
-36 | urllib.request.urlopen(url=urllib.request.Request('http://' + 'www' + '.google.com'))
-37 | urllib.request.urlopen(url=urllib.request.Request('http://www.google.com'), **kwargs)
-38 | urllib.request.urlopen(url=urllib.request.Request(f'http://www.google.com'), **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:41:1
-   |
-39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-42 | urllib.request.urlopen(urllib.request.Request(url))
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:41:24
-   |
-39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
-   |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-42 | urllib.request.urlopen(urllib.request.Request(url))
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:42:1
-   |
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
-42 | urllib.request.urlopen(urllib.request.Request(url))
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:42:24
-   |
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
-42 | urllib.request.urlopen(urllib.request.Request(url))
-   |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^
-   |
 
+--- Added ---
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
   --> S310.py:46:5
    |
@@ -264,6 +19,7 @@ S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom sch
 47 | foo = urllib.request.urlopen
    |
 
+
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
   --> S310.py:47:7
    |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S311_S311.py.snap

@@ -1,103 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+--- Linter settings ---
-  --> S311.py:10:1
+-linter.preview = disabled
-   |
++linter.preview = enabled
- 9 | # Errors
-10 | random.Random()
-   | ^^^^^^^^^^^^^^^
-11 | random.random()
-12 | random.randrange()
-   |
 
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+--- Summary ---
-  --> S311.py:11:1
+Removed: 0
-   |
+Added: 2
- 9 | # Errors
-10 | random.Random()
-11 | random.random()
-   | ^^^^^^^^^^^^^^^
-12 | random.randrange()
-13 | random.randint()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:12:1
-   |
-10 | random.Random()
-11 | random.random()
-12 | random.randrange()
-   | ^^^^^^^^^^^^^^^^^^
-13 | random.randint()
-14 | random.choice()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:13:1
-   |
-11 | random.random()
-12 | random.randrange()
-13 | random.randint()
-   | ^^^^^^^^^^^^^^^^
-14 | random.choice()
-15 | random.choices()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:14:1
-   |
-12 | random.randrange()
-13 | random.randint()
-14 | random.choice()
-   | ^^^^^^^^^^^^^^^
-15 | random.choices()
-16 | random.uniform()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:15:1
-   |
-13 | random.randint()
-14 | random.choice()
-15 | random.choices()
-   | ^^^^^^^^^^^^^^^^
-16 | random.uniform()
-17 | random.triangular()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:16:1
-   |
-14 | random.choice()
-15 | random.choices()
-16 | random.uniform()
-   | ^^^^^^^^^^^^^^^^
-17 | random.triangular()
-18 | random.randbytes()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:17:1
-   |
-15 | random.choices()
-16 | random.uniform()
-17 | random.triangular()
-   | ^^^^^^^^^^^^^^^^^^^
-18 | random.randbytes()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:18:1
-   |
-16 | random.uniform()
-17 | random.triangular()
-18 | random.randbytes()
-   | ^^^^^^^^^^^^^^^^^^
-19 |
-20 | # Unrelated
-   |
 
+--- Added ---
 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   --> S311.py:26:5
    |
@@ -107,6 +19,7 @@ S311 Standard pseudo-random generators are not suitable for cryptographic purpos
 27 | foo = random.randrange
    |
 
+
 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   --> S311.py:27:7
    |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S312_S312.py.snap

@@ -1,15 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
+--- Linter settings ---
- --> S312.py:3:1
+-linter.preview = disabled
-  |
++linter.preview = enabled
-1 | from telnetlib import Telnet
-2 |
-3 | Telnet("localhost", 23)
-  | ^^^^^^^^^^^^^^^^^^^^^^^
-  |
 
+--- Summary ---
+Removed: 0
+Added: 3
+
+--- Added ---
 S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
  --> S312.py:7:5
   |
@@ -19,6 +19,7 @@ S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
 8 | foo = Telnet
   |
 
+
 S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
   --> S312.py:8:7
    |
@@ -30,6 +31,7 @@ S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
 10 | import telnetlib
    |
 
+
 S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
   --> S312.py:11:5
    |
@@ -39,13 +41,3 @@ S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
 12 |
 13 | from typing import Annotated
    |
-
-S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
-  --> S312.py:14:24
-   |
-13 | from typing import Annotated
-14 | foo: Annotated[Telnet, telnetlib.Telnet()]
-   |                        ^^^^^^^^^^^^^^^^^^
-15 |
-16 | def _() -> Telnet: ...
-   |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S508_S508.py.snap

@@ -1,26 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
+--- Linter settings ---
- --> S508.py:3:25
+-linter.preview = disabled
-  |
++linter.preview = enabled
-1 | from pysnmp.hlapi import CommunityData
-2 |
-3 | CommunityData("public", mpModel=0)  # S508
-  |                         ^^^^^^^^^
-4 | CommunityData("public", mpModel=1)  # S508
-  |
 
-S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
+--- Summary ---
- --> S508.py:4:25
+Removed: 0
-  |
+Added: 8
-3 | CommunityData("public", mpModel=0)  # S508
-4 | CommunityData("public", mpModel=1)  # S508
-  |                         ^^^^^^^^^
-5 |
-6 | CommunityData("public", mpModel=2)  # OK
-  |
 
+--- Added ---
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:18:46
    |
@@ -32,6 +21,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 20 | pysnmp.hlapi.v1arch.asyncio.CommunityData("public", mpModel=0)  # S508
    |
 
+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:19:58
    |
@@ -42,6 +32,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 21 | pysnmp.hlapi.v1arch.CommunityData("public", mpModel=0)  # S508
    |
 
+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:20:53
    |
@@ -53,6 +44,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 22 | pysnmp.hlapi.v3arch.asyncio.auth.CommunityData("public", mpModel=0)  # S508
    |
 
+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:21:45
    |
@@ -64,6 +56,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 23 | pysnmp.hlapi.v3arch.asyncio.CommunityData("public", mpModel=0)  # S508
    |
 
+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:22:58
    |
@@ -75,6 +68,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 24 | pysnmp.hlapi.v3arch.CommunityData("public", mpModel=0)  # S508
    |
 
+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:23:53
    |
@@ -86,6 +80,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 25 | pysnmp.hlapi.auth.CommunityData("public", mpModel=0)  # S508
    |
 
+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:24:45
    |
@@ -96,6 +91,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 25 | pysnmp.hlapi.auth.CommunityData("public", mpModel=0)  # S508
    |
 
+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:25:43
    |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S509_S509.py.snap

@@ -1,24 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
+--- Linter settings ---
- --> S509.py:4:12
+-linter.preview = disabled
-  |
++linter.preview = enabled
-4 | insecure = UsmUserData("securityName")  # S509
-  |            ^^^^^^^^^^^
-5 | auth_no_priv = UsmUserData("securityName", "authName")  # S509
-  |
 
-S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
+--- Summary ---
- --> S509.py:5:16
+Removed: 0
-  |
+Added: 4
-4 | insecure = UsmUserData("securityName")  # S509
-5 | auth_no_priv = UsmUserData("securityName", "authName")  # S509
-  |                ^^^^^^^^^^^
-6 |
-7 | less_insecure = UsmUserData("securityName", "authName", "privName")  # OK
-  |
 
+--- Added ---
 S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
   --> S509.py:15:1
    |
@@ -30,6 +21,7 @@ S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv`
 17 | pysnmp.hlapi.v3arch.asyncio.auth.UsmUserData("user")  # S509
    |
 
+
 S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
   --> S509.py:16:1
    |
@@ -40,6 +32,7 @@ S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv`
 18 | pysnmp.hlapi.auth.UsmUserData("user")  # S509
    |
 
+
 S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
   --> S509.py:17:1
    |
@@ -50,6 +43,7 @@ S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv`
 18 | pysnmp.hlapi.auth.UsmUserData("user")  # S509
    |
 
+
 S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
   --> S509.py:18:1
    |