-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Codes B301-B306 conflict with openstack/bandit (via. flake8-bandit) #37
Comments
I've tested a workaround, which allows both to be activated at the same time. I'm only mentioning it here for informational purposes -- in no way am I expecting this to be a proper solution. Modified
|
Asides from the fact that I'm seeing each error in triplicate, everything's just peachy...! ./.../settings.py:99:92: B950 line too long (91 > 79 characters)
./.../settings.py:99:92: B950 line too long (91 > 79 characters)
./.../settings.py:99:92: B950 line too long (91 > 79 characters)
./.../settings.py:113:91: B950 line too long (90 > 79 characters)
./.../settings.py:113:91: B950 line too long (90 > 79 characters)
./.../settings.py:113:91: B950 line too long (90 > 79 characters) |
Every plugin should register only once, hence you're seeing triplicates if you register multiple times. Bugbear had been around for a few years now. flake8-bandit is a new plugin, it should change its prefix to something that doesn't conflict. |
@ambv Thanks for the response. Unfortunately, I haven't been clear in my explanation above. The conflict is not with
|
@myii @ambv Thanks for pointing this out. We could always handle this internally in What are the thoughts around Is anyone using I've opened up an issue with |
@tylerwince Appreciate the prompt response. This is incredibly naive, since I'm unfamiliar with the internals of Flake8 (see my wonderful workaround above) but is there any mileage in simply using something like BAN = flake8_bandit:BanditTester That way, nothing would have to be done for either of the well-established I've actually had a quick go at the above and it seems to hold together. However, I don't know how that works for users who want the exact |
@tylerwince Something like the following:
@@ -78,7 +78,7 @@
license="MIT",
entry_points={
"flake8.extension": [
- "B=flake8_bandit:BanditTester",
+ "BAN=flake8_bandit:BanditTester",
],
},
classifiers=[
@@ -42,8 +42,8 @@
issues = []
for item in b_mgr.get_issue_list():
i = {}
- i["test_id"] = item.test_id
- i["issue_text"] = item.text
+ i["test_id"] = item.test_id.replace('B', 'BAN')
+ i["issue_text"] = 'Bandit [{0}]: {1}'.format(item.test_id, item.text)
i["line_number"] = item.lineno
issues.append(i)
try: Sample output: ./.../setup.py:14:1: BAN110 Bandit [B110]: Try, Except, Pass detected.
|
@myii I am not sure we want the flake8 code to be longer than 4 characters since that seems to be the standard -- this way the output is easier to visually scan. I am good with the idea of throwing the actual error code in the I can throw a PR together later today or if you want to take a stab at it I will probably be able to accept it and push it to PyPI sooner. |
@tylerwince OK, one thing I am certain about is that Flake8 violation codes can be longer than 4 characters -- it is no longer a fixed standard since v3.0+. The following discussion involves the author of Flake8 itself. https://gitlab.com/pycqa/flake8/issues/337
As for the modifications, I'm a little surprised but on my system, it seems sufficient to simply modify the entry point without having to change |
Whoa, quite a discussion here, folks! We're using Flake8 extensively where I work so I have some experience with this:
Given the two problems I outlined above, I see two possibilities:
If we choose the first solution, that solves the error code clash forever. If we choose to rename Bugbear codes, the .flake8 configuration of existing projects in the wild will become invalid. Plus, I will have to deal with non-working integrations like outlined above. If we choose to merge, renaming B30x in Bugbear to B350 is only going to help in the short term because as soon as Bandit reaches B351 then we're conflicting again. In general, the age of Bandit itself doesn't matter in this issue since this is a separate tool unrelated to Flake8 and can use whatever output it desires. It doesn't have to compose. I think 1. is easiest, but 3. is probably wisest long-term. What do you think? |
@ambv Yeah, sorry for spamming your repo!
Yes, I knew it was too good to be true -- that explanation helps clarify things.
The thing is that it works fine with other plugins, such as displaying the
Since the discussion above, I've tested this and it works fine for me, CLI & Vim. My only concern is that with so many plugins, are we sure that UPDATE: See below for a table showing entry points for violation codes in some of the existing plugins.
Grossly inappropriate, as you've gone on to mention.
Only @tylerwince is in a position to respond to that.
Solution 1 is the obvious starting point for now, so that both can be used at the same time. After that, the affected parties can discuss possibility 3. List of entry points for a selection of existing pluginsExtracted entry points from some of the plugins out there:
|
Just issued a quick fix to |
@tylerwince Thanks for that. Upgraded to @ambv Since we've got a resolution, I'm closing this issue. Thanks for the feedback above. |
I'm sorry I missed this discussion but it seems like you all hit upon the right notes throughout the conversation. Well done. It seems like we need to update http://flake8.pycqa.org/en/latest/plugin-development/registering-plugins.html to represent this advice to plugin developers. Would someone here be willing to send an update with a note/caveat about picking an entry-point/plugin code name? |
Thanks @sigmavirus24, I submitted a PR here: https://gitlab.com/pycqa/flake8/merge_requests/229 Open to any changes or suggestions. Thanks! |
@tylerwince Thanks for rolling with that. Couldn't have been much fun extracting the project names for those error codes! More about that below... To all, apologies for continuing the discussion here. I could have commented on the GitLab MR but I have some feedback that includes questions/assumptions, that would be better to confirm from the combined experience here. Most of the points are in the discussion above, so easier to quote as well. I've offered my suggestions as either Include: Entry-point conflicts can cause plugins to be deactivatedhttps://gitlab.com/pycqa/flake8/merge_requests/229/diffs
Exclude: Tabularised list of entry pointshttps://gitlab.com/pycqa/flake8/merge_requests/229/diffs
Consider from above:
Include: Flake8 3.0+ doesn't enforce 4 character long violation codesFrom above:
And @ambv above:
And @tylerwince above:
Include (unrelated): Fix
|
@myii Thanks for the suggestions. I have updated the MR and added language about selecting a 3letter/3digit combination for an entry point. I will look to the maintainers (@sigmavirus24) to decide if they want to make it a strong recommendation or not by changing how it is presented. |
@tylerwince You're welcome. Thanks for incorporating my suggestions -- I hope the changes are appropriate. |
@ambv You hit the nail on the head about Vim Syntastic:
And I was mistaken when I said:
I've since tried to fix the Flake8 syntax checker used by Syntastic and I've filed a bug on their issue tracker. No need to respond; just giving credit where it's due. |
Similar situation to #20, there are conflicts across codes
B301
-B306
.https://github.com/openstack/bandit:
In my situation:
bandit
is still available whilebugbear
is deactivatedbandit
,bugbear
is activated and works as expectedThe text was updated successfully, but these errors were encountered: