Skip to content

Commit

Permalink
Add a section explaining "nosec" (PyCQA#554)
Browse files Browse the repository at this point in the history
* Add a section explaining "nosec"

References PyCQA#553

* Remove duplicated "in your code"
  • Loading branch information
exhuma authored and ericwb committed Jan 7, 2020
1 parent 8ed0a5f commit 9b4cf91
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions doc/source/config.rst
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,22 @@ Note that command line options `-t`/`-s` can still be used in conjunction with
`tests` and `skips` given in a config. The result is to concatenate `-t` with
`tests` and likewise for `-s` and `skips` before working out the tests to run.

Suppressing Individual Lines
----------------------------

If you have lines in your code triggering vulnerability errors and you are
certain that this is acceptable, they can be individually silenced by appending
``# nosec`` to the line::

# The following hash is not used in any security context. It is only used
# to generate unique values, collisions are acceptable and "data" is not
# coming from user-generated input
the_hash = md5(data).hexdigest() # nosec


In such cases, it is good practice to add a comment explaining *why* a given
line was excluded from security checks.

Generating a Config
-------------------
Bandit ships the tool `bandit-config-generator` designed to take the leg work
Expand Down

0 comments on commit 9b4cf91

Please sign in to comment.