feat(linter): Adapter for bandit#132
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
This PR adds a lintrunner adapter for Bandit, a Python security linter. The adapter integrates Bandit into the lintrunner framework by parsing its JSON output and converting it to LintMessage objects.
Changes:
- Implemented bandit_linter.py adapter with JSON output parsing and concurrent file processing
- Added example configuration in .lintrunner.toml demonstrating usage with a config file
- Includes proper error handling for command failures and JSON parsing
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| lintrunner_adapters/adapters/bandit_linter.py | New adapter that wraps Bandit security linter with JSON output parsing, concurrent execution, and severity mapping |
| examples/adapters/bandit_linter/.lintrunner.toml | Example configuration file showing how to use the bandit adapter with lintrunner |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
justinchuby
left a comment
justinchuby
left a comment
There was a problem hiding this comment.
LGTM, thanks for contributing! Could you fix lint?
|
Looks like you are planning to use docformatter and bandit in executorch. Just curious, was there a reason not to use ruff for both? I think ruff support both usages (e.g. astral-sh/ruff#1646) |
|
Apparently ruff was not enabled (https://github.com/pytorch/executorch/blob/main/pyproject.toml). You can follow https://github.com/pytorch/pytorch/blob/f15f59147ef0e802e819ac3a83314424cc9989e1/pyproject.toml#L134 for an example config. Also, ruff is fully supported by lintrunner-adapters. |
Will do.
The project is already setup and has a mature CI with lintrunner, so just adding support for tools we have good experience with in lintrunner-adapters makes sense from my POV. And bandit is such a tool. |
That is nice to know. I will bring this with me and see what we do in the future. |
|
@justinchuby can you start the lintrunners again? |
|
Running lintrunner -a again locally and will push again. My bad. |
|
@justinchuby I had to wait for internal review before pushing externally, now that is done and I have force pushed to my branch with the lints fixed. Please start the workflows when you have the opportunity. |
|
@justinchuby please merge if you are happy with the changes. |
Lintrunner adapter for bandit https://github.com/PyCQA/bandit