🥷 improve bandit config

Joshix-1 · Joshix-1 · commit 02c2d7574336 · 2026-01-31T21:00:00.000Z
diff --git a/.bandit b/.bandit
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -155,7 +155,7 @@ jobs:
       - name: Install Pylint + stuff required for checking the tests and setup.py
         run: pip install -c pip-constraints.txt cryptography dulwich html5lib pylint pylint-pytest pytest setuptools time-machine trove-classifiers zopflipy
       - name: Run Pylint
-        run: pylint -r y -d fixme .
+        run: pylint -r y -d fixme an_website scripts tests
         env:
           DISABLE_PYSTON: 1
 
@@ -176,7 +176,7 @@ jobs:
       - name: Install Bandit
         run: pip install -c pip-constraints.txt bandit[toml]
       - name: Run Bandit
-        run: bandit -rc pyproject.toml .
+        run: bandit -rc pyproject.toml an_website scripts tests
 
   stylelint:
     name: Stylelint
diff --git a/an_website/settings/settings.py b/an_website/settings/settings.py
@@ -95,7 +95,7 @@ async def post(self) -> None:
                 self.request.full_url(),
                 include_protocol_and_host=True,
                 query_args={
-                    "access_token": None,
+                    "access_token": None,  # nosec B105:hardcoded_password_string
                     "advanced_settings": None,
                     "save_in_cookie": None,
                     **dict.fromkeys(self.user_settings.iter_option_names()),
diff --git a/check.sh b/check.sh
@@ -46,12 +46,14 @@ python3 -m mypy --pretty || FAILED=$(( 8 | FAILED ))
 echo Flake8:
 python3 -m flake8 --show-source || FAILED=$(( 16 | FAILED ))
 
+PYTHON_FOLDERS="an_website scripts tests"
+
 echo Pylint:
-DISABLE_PYSTON=1 python3 -m pylint -d all -e fixme --exit-zero --score=no --persistent=no .
-DISABLE_PYSTON=1 python3 -m pylint -d fixme . || FAILED=$(( 32 | FAILED ))
+DISABLE_PYSTON=1 python3 -m pylint -d all -e fixme --exit-zero --score=no --persistent=no $PYTHON_FOLDERS
+DISABLE_PYSTON=1 python3 -m pylint -d fixme $PYTHON_FOLDERS || FAILED=$(( 32 | FAILED ))
 
 echo Bandit:
-python3 -m bandit -qrc pyproject.toml . || FAILED=$(( 64 | FAILED ))
+python3 -m bandit -qrc pyproject.toml $PYTHON_FOLDERS || FAILED=$(( 64 | FAILED ))
 
 if [ -n "${1:-}" ]; then
   pytest="python3 -m pytest --durations=0 --durations-min=0.5"
diff --git a/tests/test_settings.py b/tests/test_settings.py
@@ -189,6 +189,7 @@ async def test_setting_stuff_and_saving_to_cookies2(
     fetch: FetchCallable,  # noqa: F811
 ) -> None:
     """Test changing settings with requests with saving to cookie."""
+    xyzzy = "xyzzy"  # nosec: B105:hardcoded_password_string
     options: tuple[dict[str, str | None], ...] = (
         {
             "theme": "christmas",
@@ -198,7 +199,7 @@ async def test_setting_stuff_and_saving_to_cookies2(
             "bumpscosity": "76",
             "advanced_settings": "nope",
             "compat": "nope",
-            "access_token": "xyzzy",
+            "access_token": xyzzy,
             "ask_before_leaving": "nope",
             "effects": "nope",
             "scheme": "dark",
