[flake8-bandit] Mark str and list[str] literals as trusted input (S603)#17136
Merged
ntBre merged 4 commits intoastral-sh:mainfrom Apr 2, 2025
Merged
[flake8-bandit] Mark str and list[str] literals as trusted input (S603)#17136ntBre merged 4 commits intoastral-sh:mainfrom
flake8-bandit] Mark str and list[str] literals as trusted input (S603)#17136ntBre merged 4 commits intoastral-sh:mainfrom
Conversation
Contributor
|
| code | total | + violation | - violation | + fix | - fix |
|---|---|---|---|---|---|
| S603 | 77 | 0 | 77 | 0 | 0 |
| RUF100 | 3 | 3 | 0 | 0 | 0 |
| DOC501 | 2 | 1 | 1 | 0 | 0 |
MichaReiser
reviewed
Apr 2, 2025
Member
|
We may want to make this a preview only change, as it changes the rule's scope significantly (as seen by the ecosystem checks) |
ntBre
approved these changes
Apr 2, 2025
Contributor
ntBre
left a comment
ntBre
left a comment
There was a problem hiding this comment.
Nice! This looks good to me besides a few minor comments and gating this behind preview, like Micha said. I think you just need something like if !is_trusted_input(arg) || checker.preview.is_disabled() { ... } because the match case is otherwise the same as before right?
crates/ruff_linter/src/rules/flake8_bandit/rules/shell_injection.rs
Outdated
Show resolved
Hide resolved
crates/ruff_linter/src/rules/flake8_bandit/rules/shell_injection.rs
Outdated
Show resolved
Hide resolved
crates/ruff_linter/resources/test/fixtures/flake8_bandit/S603.py
Outdated
Show resolved
Hide resolved
Contributor
Author
Yep, I simplified that a bit from also TIL cmd+enter makes you post the comment 🤦 |
ntBre
approved these changes
Apr 2, 2025
Contributor
ntBre
left a comment
ntBre
left a comment
There was a problem hiding this comment.
This is great, thanks! I also went through the ecosystem check, and everything looks good to me. Even the new RUF100 lints are true because the S603 noqa comments are no longer needed in a few places!
dcreager
added a commit
that referenced
this pull request
Apr 3, 2025
* origin/main: (35 commits) [red-knot] Callable types are disjoint from literals (#17160) [red-knot] Fix inference for `pow` between two literal integers (#17161) [red-knot] Add GitHub PR annotations when mdtests fail in CI (#17150) [red-knot] Fix equivalence of differently ordered unions that contain `Callable` types (#17145) [red-knot] Add initial set of tests for unreachable code (#17159) [`airflow`] Move `AIR302` to `AIR301` and `AIR303` to `AIR302` (#17151) ruff_db: simplify lifetimes on `DiagnosticDisplay` [red-knot] Detect division-by-zero in unions and intersections (#17157) [`airflow`] Add autofix infrastructure to `AIR302` name checks (#16965) [`flake8-bandit`] Mark `str` and `list[str]` literals as trusted input (`S603`) (#17136) [`airflow`] Add autofix for `AIR302` attribute checks (#16977) [`airflow`] Extend `AIR302` with additional symbols (#17085) [`airflow`] Move `AIR301` to `AIR002` (#16978) [`airflow`] Add autofix for `AIR302` method checks (#16976) ruff_db: switch diagnostic rendering over to `std::fmt::Display` [red-knot] Add 'Goto type definition' to the playground (#17055) red_knot_ide: update snapshots red_knot_python_semantic: remove comment about `TypeCheckDiagnostic` ruff_db: delete most of the old diagnostic code red_knot: use `Diagnostic` inside of red knot ...
dcreager
added a commit
that referenced
this pull request
Apr 3, 2025
* origin/main: (82 commits) [red-knot] Fix more [redundant-cast] false positives (#17170) [red-knot] Three-argument type-calls take 'str' as the first argument (#17168) Control flow: `return` and `raise` (#17121) Bump 0.11.3 (#17173) [red-knot] Improve `Debug` implementation for `semantic_index::SymbolTable` (#17172) [red-knot] Fix `str(…)` calls (#17163) [red-knot] visibility_constraint analysis for match cases (#17077) [red-knot] Fix playground crashes when diagnostics are stale (#17165) [red-knot] Callable types are disjoint from literals (#17160) [red-knot] Fix inference for `pow` between two literal integers (#17161) [red-knot] Add GitHub PR annotations when mdtests fail in CI (#17150) [red-knot] Fix equivalence of differently ordered unions that contain `Callable` types (#17145) [red-knot] Add initial set of tests for unreachable code (#17159) [`airflow`] Move `AIR302` to `AIR301` and `AIR303` to `AIR302` (#17151) ruff_db: simplify lifetimes on `DiagnosticDisplay` [red-knot] Detect division-by-zero in unions and intersections (#17157) [`airflow`] Add autofix infrastructure to `AIR302` name checks (#16965) [`flake8-bandit`] Mark `str` and `list[str]` literals as trusted input (`S603`) (#17136) [`airflow`] Add autofix for `AIR302` attribute checks (#16977) [`airflow`] Extend `AIR302` with additional symbols (#17085) ...
maxmynter
pushed a commit
to maxmynter/ruff
that referenced
this pull request
Apr 3, 2025
…t (`S603`) (astral-sh#17136) ## Summary Closes astral-sh#17112. Allows passing in string and list-of-strings literals into `subprocess.run` (and related) calls without marking them as untrusted input: ```py import subprocess subprocess.run("true") # "instant" named expressions are also allowed subprocess.run(c := "ls") ``` ## Test Plan Added test cases covering new behavior, passed with `cargo nextest run`.
Contributor
|
Hi. |
This was referenced May 2, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #17112. Allows passing in string and list-of-strings literals into
subprocess.run(and related) calls without marking them as untrusted input:Test Plan
Added test cases covering new behavior, passed with
cargo nextest run.