feat: Support pyproject.toml as configuration file#76
Conversation
Codacy's Analysis Summary0 new issue (≤ 1 medium issue) Review Pull Request in Codacy →
|
There was a problem hiding this comment.
Pull request overview
Adds support for using pyproject.toml as a Bandit configuration source, aligning the tool wrapper with Bandit’s supported config file locations/formats.
Changes:
- Extend the autodetected config filename list to include
pyproject.toml.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // https://bandit.readthedocs.io/en/latest/config.html | ||
| private lazy val nativeIniFileNames = Set(".bandit", "bandit.ini") | ||
| private lazy val nativeConfigFileNames = Set("bandit.yml", "bandit.yaml", "bandit.toml") | ||
| private lazy val nativeConfigFileNames = Set("bandit.yml", "bandit.yaml", "bandit.toml", "pyproject.toml") |
There was a problem hiding this comment.
nativeConfigFileNames is a Set, but the code later uses collectFirst over it to pick a single config file. Since Set iteration order is not guaranteed, the selected config becomes non-deterministic when multiple config files are present (and adding pyproject.toml increases the chance of this). Consider using an ordered collection (e.g., List) with an explicit precedence order, and then collectFirst/find over that list.
No description provided.