language and linting updates

bandit/cli/config_generator.py

@@ -158,11 +158,11 @@ def main():
 
                 for skip in skips:
                     if not extension_loader.MANAGER.check_id(skip):
-                        raise RuntimeError("unknown ID in skips: %s" % skip)
+                        raise RuntimeError(f"unknown ID in skips: {skip}")
 
                 for test in tests:
                     if not extension_loader.MANAGER.check_id(test):
-                        raise RuntimeError("unknown ID in tests: %s" % test)
+                        raise RuntimeError(f"unknown ID in tests: {test}")
 
                 tpl = "# {0} : {1}"
                 test_list = [

bandit/cli/main.py

@@ -371,9 +371,8 @@ def main():
     parser.add_argument(
         "--version",
         action="version",
-        version="%(prog)s {version}\n  python version = {python}".format(
-            version=bandit.__version__, python=python_ver
-        ),
+        version=f"%(prog)s {bandit.__version__}\n"
+        f"  python version = {python_ver}",
     )
 
     parser.set_defaults(debug=False)
@@ -387,7 +386,7 @@ def main():
     blacklist_info = []
     for a in extension_mgr.blacklist.items():
         for b in a[1]:
-            blacklist_info.append("{}\t{}".format(b["id"], b["name"]))
+            blacklist_info.append(f"{b['id']}\t{b['name']}")
 
     plugin_list = "\n\t".join(sorted(set(plugin_info + blacklist_info)))
     dedent_text = textwrap.dedent(

bandit/core/config.py

@@ -15,10 +15,7 @@
     except ImportError:
         tomllib = None
 
-from bandit.core import constants
-from bandit.core import extension_loader
-from bandit.core import utils
-
+from bandit.core import constants, extension_loader, utils
 
 LOG = logging.getLogger(__name__)
 

bandit/core/context.py

@@ -34,7 +34,7 @@ def __repr__(self):
 
         :return: A string representation of the object
         """
-        return "<Context %s>" % self._context
+        return f"<Context {self._context}>"
 
     @property
     def call_args(self):

bandit/core/docs_utils.py

@@ -16,11 +16,7 @@ def get_url(bid):
 
     info = extension_loader.MANAGER.plugins_by_id.get(bid)
     if info is not None:
-        return "{}plugins/{}_{}.html".format(
-            base_url,
-            bid.lower(),
-            info.plugin.__name__,
-        )
+        return f"{base_url}plugins/{bid.lower()}_{info.plugin.__name__}.html"
 
     info = extension_loader.MANAGER.blacklist_by_id.get(bid)
     if info is not None:

bandit/core/extension_loader.py

@@ -42,7 +42,7 @@ def test_has_id(plugin):
             if not hasattr(plugin.plugin, "_test_id"):
                 # logger not setup yet, so using print
                 print(
-                    "WARNING: Test '%s' has no ID, skipping." % plugin.name,
+                    f"WARNING: Test '{plugin.name}' has no ID, skipping.",
                     file=sys.stderr,
                 )
                 return False
@@ -82,16 +82,16 @@ def validate_profile(self, profile):
         """Validate that everything in the configured profiles looks good."""
         for inc in profile["include"]:
             if not self.check_id(inc):
-                raise ValueError("Unknown test found in profile: %s" % inc)
+                raise ValueError(f"Unknown test found in profile: {inc}")
 
         for exc in profile["exclude"]:
             if not self.check_id(exc):
-                raise ValueError("Unknown test found in profile: %s" % exc)
+                raise ValueError(f"Unknown test found in profile: {exc}")
 
         union = set(profile["include"]) & set(profile["exclude"])
         if len(union) > 0:
             raise ValueError(
-                "Non-exclusive include/exclude test sets: %s" % union
+                f"Non-exclusive include/exclude test sets: {union}"
             )
 
     def check_id(self, test):

bandit/core/manager.py

@@ -23,7 +23,6 @@
 from bandit.core import node_visitor as b_node_visitor
 from bandit.core import test_set as b_test_set
 
-
 LOG = logging.getLogger(__name__)
 NOSEC_COMMENT = re.compile(r"#\s*nosec:?\s*(?P<tests>[^#]+)?#?")
 NOSEC_COMMENT_TESTS = re.compile(r"(?:(B\d+|[a-z_]+),?)+", re.IGNORECASE)
@@ -195,8 +194,8 @@ def output_results(
 
         except Exception as e:
             raise RuntimeError(
-                "Unable to output report using '%s' formatter: "
-                "%s" % (output_format, str(e))
+                f"Unable to output report using "
+                f"'{output_format}' formatter: {str(e)}"
             )
 
     def discover_files(self, targets, recursive=False, excluded_paths=""):

bandit/core/meta_ast.py

@@ -5,7 +5,6 @@
 import collections
 import logging
 
-
 LOG = logging.getLogger(__name__)
 
 
@@ -40,7 +39,7 @@ def __str__(self):
         """
         tmpstr = ""
         for k, v in self.nodes.items():
-            tmpstr += "Node: %s\n" % k
-            tmpstr += "\t%s\n" % str(v)
-        tmpstr += "Length: %s\n" % len(self.nodes)
+            tmpstr += f"Node: {k}\n"
+            tmpstr += f"\t{str(v)}\n"
+        tmpstr += f"Length: {len(self.nodes)}\n"
         return tmpstr

bandit/core/node_visitor.py

@@ -10,7 +10,6 @@
 from bandit.core import tester as b_tester
 from bandit.core import utils as b_utils
 
-
 LOG = logging.getLogger(__name__)
 
 

bandit/core/test_set.py

@@ -8,7 +8,6 @@
 from bandit.core import blacklisting
 from bandit.core import extension_loader
 
-
 LOG = logging.getLogger(__name__)
 
 

bandit/core/tester.py

@@ -84,9 +84,9 @@ def run_tests(self, raw_context, checktype):
                             LOG.debug("skipped, nosec without test number")
                             self.metrics.note_nosec()
                             continue
-                        elif result.test_id in nosec_tests_to_skip:
+                        if result.test_id in nosec_tests_to_skip:
                             LOG.debug(
-                                "skipped, nosec for test %s" % result.test_id
+                                f"skipped, nosec for test {result.test_id}"
                             )
                             self.metrics.note_skipped_test()
                             continue
@@ -152,7 +152,7 @@ def _get_nosecs_from_contexts(self, context, test_result=None):
     @staticmethod
     def report_error(test, context, error):
         what = "Bandit internal error running: "
-        what += "%s " % test
+        what += f"{test} "
         what += "on file %s at line %i: " % (
             context._context["filename"],
             context._context["lineno"],

bandit/core/utils.py

@@ -140,8 +140,7 @@ def get_module_qualname_from_path(path):
     (head, tail) = os.path.split(path)
     if head == "" or tail == "":
         raise InvalidModulePath(
-            'Invalid python file path: "%s"'
-            " Missing path or file name" % (path)
+            f'Invalid python file path: "{path}" Missing path or file name'
         )
 
     qname = [os.path.splitext(tail)[0]]
@@ -369,7 +368,7 @@ def check_ast_node(name):
     except AttributeError:  # nosec(tkelsey): catching expected exception
         pass
 
-    raise TypeError("Error: %s is not a valid node type in AST" % name)
+    raise TypeError(f"Error: {name} is not a valid node type in AST")
 
 
 def get_nosec(nosec_lines, context):

bandit/formatters/custom.py

@@ -33,7 +33,6 @@
 
 from bandit.core import test_properties
 
-
 LOG = logging.getLogger(__name__)
 
 
@@ -141,10 +140,7 @@ def get_similar_tag(tag):
             markers = ["", ":", "!"]
             msg_parsed_template_list.append(
                 ["{"]
-                + [
-                    "%s" % (m + p) if p else ""
-                    for m, p in zip(markers, params)
-                ]
+                + [f"{m + p}" if p else "" for m, p in zip(markers, params)]
                 + ["}"]
             )
 

bandit/formatters/html.py

@@ -154,7 +154,6 @@
 from bandit.core import test_properties
 from bandit.formatters import utils
 
-
 LOG = logging.getLogger(__name__)
 
 

bandit/formatters/screen.py

@@ -67,7 +67,7 @@
 
 
 def header(text, *args):
-    return "{}{}{}".format(COLOR["HEADER"], (text % args), COLOR["DEFAULT"])
+    return f"{COLOR['HEADER']}{text % args}{COLOR['DEFAULT']}"
 
 
 def get_verbose_details(manager):
@@ -81,15 +81,15 @@ def get_verbose_details(manager):
         ]
     )
     bits.append(header("Files excluded (%i):", len(manager.excluded_files)))
-    bits.extend(["\t%s" % fname for fname in manager.excluded_files])
+    bits.extend([f"\t{fname}" for fname in manager.excluded_files])
     return "\n".join([str(bit) for bit in bits])
 
 
 def get_metrics(manager):
     bits = []
     bits.append(header("\nRun metrics:"))
     for (criteria, _) in constants.CRITERIA:
-        bits.append("\tTotal issues (by %s):" % (criteria.lower()))
+        bits.append(f"\tTotal issues (by {criteria.lower()}):")
         for rank in constants.RANKING:
             bits.append(
                 "\t\t%s: %s"

bandit/formatters/text.py

@@ -46,24 +46,24 @@
 
 def get_verbose_details(manager):
     bits = []
-    bits.append("Files in scope (%i):" % len(manager.files_list))
+    bits.append(f"Files in scope ({len(manager.files_list)}):")
     tpl = "\t%s (score: {SEVERITY: %i, CONFIDENCE: %i})"
     bits.extend(
         [
             tpl % (item, sum(score["SEVERITY"]), sum(score["CONFIDENCE"]))
             for (item, score) in zip(manager.files_list, manager.scores)
         ]
     )
-    bits.append("Files excluded (%i):" % len(manager.excluded_files))
-    bits.extend(["\t%s" % fname for fname in manager.excluded_files])
+    bits.append(f"Files excluded ({len(manager.excluded_files)}):")
+    bits.extend([f"\t{fname}" for fname in manager.excluded_files])
     return "\n".join([bit for bit in bits])
 
 
 def get_metrics(manager):
     bits = []
     bits.append("\nRun metrics:")
     for (criteria, _) in constants.CRITERIA:
-        bits.append("\tTotal issues (by %s):" % (criteria.lower()))
+        bits.append(f"\tTotal issues (by {criteria.lower()}):")
         for rank in constants.RANKING:
             bits.append(
                 "\t\t%s: %s"
@@ -81,8 +81,7 @@ def _output_issue_str(
     # returns a list of lines that should be added to the existing lines list
     bits = []
     bits.append(
-        "%s>> Issue: [%s:%s] %s"
-        % (indent, issue.test_id, issue.test, issue.text)
+        f"{indent}>> Issue: [{issue.test_id}:{issue.test}] {issue.text}"
     )
 
     bits.append(
@@ -162,7 +161,7 @@ def report(manager, fileobj, sev_level, conf_level, lines=-1):
     bits = []
 
     if not manager.quiet or manager.results_count(sev_level, conf_level):
-        bits.append("Run started:%s" % datetime.datetime.utcnow())
+        bits.append(f"Run started:{datetime.datetime.utcnow()}")
 
         if manager.verbose:
             bits.append(get_verbose_details(manager))
@@ -187,7 +186,7 @@ def report(manager, fileobj, sev_level, conf_level, lines=-1):
 
         skipped = manager.get_skipped()
         bits.append(get_metrics(manager))
-        bits.append("Files skipped (%i):" % len(skipped))
+        bits.append(f"Files skipped ({len(skipped)}):")
         bits.extend(["\t%s (%s)" % skip for skip in skipped])
         result = "\n".join([bit for bit in bits]) + "\n"
 

bandit/plugins/general_hardcoded_password.py

@@ -9,7 +9,6 @@
 from bandit.core import issue
 from bandit.core import test_properties as test
 
-
 RE_WORDS = "(pas+wo?r?d|pass(phrase)?|pwd|token|secrete?)"
 RE_CANDIDATES = re.compile(
     "(^{0}$|_{0}_|^{0}_|_{0}$)".format(RE_WORDS), re.IGNORECASE
@@ -21,7 +20,7 @@ def _report(value):
         severity=bandit.LOW,
         confidence=bandit.MEDIUM,
         cwe=issue.Cwe.HARD_CODED_PASSWORD,
-        text=("Possible hardcoded password: '%s'" % value),
+        text=f"Possible hardcoded password: '{value}'",
     )
 
 

bandit/plugins/hashlib_insecure_functions.py

@@ -47,7 +47,6 @@
 from bandit.core import issue
 from bandit.core import test_properties as test
 
-
 WEAK_HASHES = ("md4", "md5", "sha", "sha1")
 
 

bandit/plugins/injection_shell.py

@@ -9,7 +9,6 @@
 from bandit.core import issue
 from bandit.core import test_properties as test
 
-
 # yuck, regex: starts with a windows drive letter (eg C:)
 # or one of our path delimeter characters (/, \, .)
 full_path_match = re.compile(r"^(?:[A-Za-z](?=\:)|[\\\/\.])")

bandit/plugins/injection_wildcard.py

@@ -124,7 +124,7 @@ def linux_commands_wildcard_injection(context, config):
             argument_string = ""
             if isinstance(call_argument, list):
                 for li in call_argument:
-                    argument_string = argument_string + " %s" % li
+                    argument_string = argument_string + f" {li}"
             elif isinstance(call_argument, str):
                 argument_string = call_argument
 

doc/source/conf.py

@@ -65,16 +65,16 @@
 html_theme_options = {}
 
 # Output file base name for HTML help builder.
-htmlhelp_basename = "%sdoc" % project
+htmlhelp_basename = f"{project}doc"
 
 # Grouping the document tree into LaTeX files. List of tuples
 # (source start file, target name, title, author, documentclass
 # [howto/manual]).
 latex_documents = [
     (
         "index",
-        "%s.tex" % project,
-        "%s Documentation" % project,
+        f"{project}.tex",
+        f"{project} Documentation",
         "PyCQA",
         "manual",
     ),