ruff/crates/ruff_linter at 4963835d0d1771c7e1f80615af55ac5d2d9245cf - mirrors/ruff

mirror of https://github.com/astral-sh/ruff.git synced 2025-08-04 18:58:04 +00:00

History

GiGaGon 4963835d0d [`flake8-bandit`] Make `S604` and `S609` examples error out-of-the-box (#19049 ) <!-- Thank you for contributing to Ruff/ty! To help us out with reviewing, please consider the following: - Does this pull request include a summary of the change? (See below.) - Does this pull request include a descriptive title? (Please prefix with `[ty]` for ty pull requests.) - Does this pull request include references to any relevant issues? --> ## Summary <!-- What's the purpose of the change? What does it do, and why? --> Part of #18972 Both in one PR since they are in the same file. S604 --- This PR makes [call-with-shell-equals-true (S604)](https://docs.astral.sh/ruff/rules/call-with-shell-equals-true/#call-with-shell-equals-true-s604)'s example error out-of-the-box [Old example](https://play.ruff.rs/a054fb79-7653-47f7-9ab5-3d8b7540c810) ```py import subprocess user_input = input("Enter a command: ") subprocess.run(user_input, shell=True) ``` [New example](https://play.ruff.rs/6fea81b4-e745-4b85-8bea-faaabea5c86d) ```py import my_custom_subprocess user_input = input("Enter a command: ") my_custom_subprocess.run(user_input, shell=True) ``` The old example doesn't raise `S604` because it gets overwritten by [subprocess-popen-with-shell-equals-true (S602)](https://docs.astral.sh/ruff/rules/subprocess-popen-with-shell-equals-true/#subprocess-popen-with-shell-equals-true-s602) (which is a good idea to prevent two lints saying the same thing from being raised) S609 --- This PR makes [unix-command-wildcard-injection (S609)](https://docs.astral.sh/ruff/rules/unix-command-wildcard-injection/#unix-command-wildcard-injection-s609)'s example error out-of-the-box [Old example](https://play.ruff.rs/849860fa-0d12-4916-bdbc-64a0fa14cd9b) ```py import subprocess subprocess.Popen(["chmod", "777", ".py"]) ``` [New example](https://play.ruff.rs/77a54d7c-cf78-4158-bcf8-96dd698cf366) ```py import subprocess subprocess.Popen(["chmod", "777", ".py"], shell=True) ``` I'm not familiar enough with `subprocess` to know why `shell=True` is required to make `S609` raise here, but it works. ## Test Plan <!-- How was it tested? --> N/A, no functionality/tests affected		2025-06-30 16:10:14 -05:00
..
resources	[`flake8-comprehensions`] Fix `C420` to prepend whitespace when needed (#18616 )	2025-06-30 12:38:26 -04:00
src	[`flake8-bandit`] Make `S604` and `S609` examples error out-of-the-box (#19049 )	2025-06-30 16:10:14 -05:00
Cargo.toml	Convert `OldDiagnostic::noqa_code` to an `Option<String>` (#18946 )	2025-06-27 11:36:55 -04:00