test(pre-commit): use flake8-bandit

For one config block fewer, run also by tools only aware of flake8 and not bandit specifically. Too bad the `nosec: B101` does not seem enough when ran through flake8-bandit, tylerwince/flake8-bandit#20 Leaving both in for now so raw CLI `bandit` runs get it filtered, too.
scop · Aug 15, 2021 · 47e33f9 · 47e33f9
1 parent e5ef52b
commit 47e33f9
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 14 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -5,18 +5,15 @@ repos:
     hooks:
       - id: black
 
-  - repo: https://github.com/PyCQA/bandit
-    rev: 1.7.0
-    hooks:
-      - id: bandit
-
   - repo: https://github.com/PyCQA/flake8
     rev: 3.9.2
     hooks:
       - id: flake8
         additional_dependencies:
           - pycodestyle==2.7.0
           - pyflakes==2.3.1
+          - flake8-bandit==2.1.2
+          - bandit==1.7.0
           - flake8-bugbear==21.4.3
           - flake8-docstrings==1.6.0
           - pydocstyle==6.1.1

diff --git a/test_hashpipe.py b/test_hashpipe.py
@@ -139,7 +139,9 @@ def test_ref_nongrouping() -> None:
             expected = _format_hash(hash_)
 
             hashpipe = Hashpipe(pattern=case.pattern, algorithm=algorithm, key=case.key)
-            assert hashpipe.hash_matches(case.data) == expected  # nosec: B101
+            assert (  # noqa: S101 # nosec: B101
+                hashpipe.hash_matches(case.data) == expected
+            )
 
             outbuf = BytesIO()
             with patch(
@@ -154,7 +156,7 @@ def test_ref_nongrouping() -> None:
                 ],
             ):
                 main(in_=(case.data,), out=outbuf)
-            assert outbuf.getvalue() == expected  # nosec: B101
+            assert outbuf.getvalue() == expected  # noqa: S101 # nosec: B101
 
 
 def test_grouping() -> None:
@@ -206,7 +208,9 @@ def test_grouping() -> None:
         hashpipe = Hashpipe(
             pattern=case.pattern, algorithm=case.algorithm, key=case.key
         )
-        assert hashpipe.hash_matches(case.data) == case.result  # nosec: B101
+        assert (  # noqa: S101 # nosec: B101
+            hashpipe.hash_matches(case.data) == case.result
+        )
 
         outbuf = BytesIO()
         with patch(
@@ -221,7 +225,7 @@ def test_grouping() -> None:
             ],
         ):
             main(in_=(case.data,), out=outbuf)
-        assert outbuf.getvalue() == case.result  # nosec: B101
+        assert outbuf.getvalue() == case.result  # noqa: S101 # nosec: B101
 
 
 def test_prefixing() -> None:
@@ -236,7 +240,7 @@ def test_prefixing() -> None:
         hashpipe = Hashpipe(
             pattern=re.compile(b".*"), algorithm=algorithm, key=key, prefix=prefix
         )
-        assert hashpipe.hash_matches(data) == expected  # nosec: B101
+        assert hashpipe.hash_matches(data) == expected  # noqa: S101 # nosec: B101
 
         outbuf = BytesIO()
         with patch(
@@ -253,7 +257,7 @@ def test_prefixing() -> None:
             ],
         ):
             main(in_=(b"",), out=outbuf)
-        assert outbuf.getvalue() == expected  # nosec: B101
+        assert outbuf.getvalue() == expected  # noqa: S101 # nosec: B101
 
 
 def test_invalid_cli_regex() -> None:
@@ -267,8 +271,10 @@ def test_available_algorithms() -> None:
     """Test finding available algorithms."""
     avail = _available_algorithms()
     # Some found?
-    assert avail  # nosec: B101
+    assert avail  # noqa: S101 # nosec: B101
     # Ones containing "with" have been excluded?
-    assert not any("with" in x for x in avail)  # nosec: B101
+    assert not any("with" in x for x in avail)  # noqa: S101 # nosec: B101
     # Non-lowercase variants have been excluded?
-    assert not any(x.lower() in avail for x in avail if x != x.lower())  # nosec: B101
+    assert not any(  # noqa: S101 # nosec: B101
+        x.lower() in avail for x in avail if x != x.lower()
+    )