semgrep python b101 false positives

Problem to solve

The semgrep python bandit b101 rule does not account for assert being valid inside of unittest and pytest files. This causes false positives as users are most likely not going to initially exclude test files.

Proposal

Add pattern-not-inside conditions for pytest and unittest. This should reduce FP rates significantly for this check.

Intended users

Sasha (Software Developer)
Sam (Security Analyst)

What does success look like, and how can we measure that?

Reduced FP rates for the semgrep b103 rule.

What is the type of buyer?

Gold/Ultimate

Edited Jan 27, 2022 by Isaac Dawson