Environment data
-
VS Code version: 1.45.0
-
Extension version: 2020.5.80290 (and master)
-
OS and version: macOS 10.15
-
Type of virtual environment used (N/A | venv | virtualenv | conda | ...): venv
-
Relevant/affected Python packages and their versions: bandit 1.6.3
Reproduce
- Enable the
bandit linter in the user settings
- Install the latest version of bandit
- Create a script where the offending code is nested by whitespace (i.e. within a function or block), e.g.,
import subprocess
def main(opt):
subprocess.call(opt), shell=True)Expected behavior
Linter to highlight the entire line or highlight the correct column
Actual behavior
Linter highlights the whitespace on the 0th column in the whitespace instead of in the right position
This is because bandit.ts hardcodes the column position to 0:
https://github.com/microsoft/vscode-python/blob/master/src/client/linters/bandit.ts#L27
Bandit doesn't currently support reporting on column offset (see Fixes).
Logs
##########Linting Output - bandit##########
1,0,LOW,B404:Consider possible security implications associated with subprocess module.
12,0,HIGH,B602:subprocess call with shell=True identified, security issue.
13,0,HIGH,B602:subprocess call with shell=True identified, security issue.
Fix
Option 1: Report the column offset from bandit
I've raised a PR with bandit to expose the col_offset of the AST node in the custom format reporter, PyCQA/bandit#618
Once this PR is merged, update the bandit custom format string to include the column offset. I've tried this in a branch of this plugin and it works nicely:
However, it would assume that the user has the latest version of bandit installed
Option 2: Change the Linter API to highlight the entire line
Currently, the linter service doesn't distinguish between the reported column being 0 or the column being unknown.
LinterMessage just has a non-nullable field for column which defaults to 0. If any of the linters can't work out the column, then you get this issue by highlighting the wrong part of the line.
Alternatively, the LinterMessage interface could be extended to set column as nullable and then underline the whole line if the column is null, or have an extra field like isWholeLine.
P.S. I'm happy to submit a PR for either fix if you share the preferred approach
Environment data
VS Code version: 1.45.0
Extension version: 2020.5.80290 (and master)
OS and version: macOS 10.15
Type of virtual environment used (N/A | venv | virtualenv | conda | ...): venv
Relevant/affected Python packages and their versions: bandit 1.6.3
Reproduce
banditlinter in the user settingsExpected behavior
Linter to highlight the entire line or highlight the correct column
Actual behavior
Linter highlights the whitespace on the 0th column in the whitespace instead of in the right position
This is because
bandit.tshardcodes the column position to 0:https://github.com/microsoft/vscode-python/blob/master/src/client/linters/bandit.ts#L27
Bandit doesn't currently support reporting on column offset (see Fixes).
Logs
Fix
Option 1: Report the column offset from bandit
I've raised a PR with bandit to expose the
col_offsetof the AST node in the custom format reporter, PyCQA/bandit#618Once this PR is merged, update the bandit custom format string to include the column offset. I've tried this in a branch of this plugin and it works nicely:
However, it would assume that the user has the latest version of bandit installed
Option 2: Change the Linter API to highlight the entire line
Currently, the linter service doesn't distinguish between the reported column being 0 or the column being unknown.
LinterMessagejust has a non-nullable field for column which defaults to 0. If any of the linters can't work out the column, then you get this issue by highlighting the wrong part of the line.Alternatively, the LinterMessage interface could be extended to set column as nullable and then underline the whole line if the column is null, or have an extra field like
isWholeLine.P.S. I'm happy to submit a PR for either fix if you share the preferred approach