Skip to content

Suppressing B105 on a multiline dict assignment #1352

New issue
New issue
Open
#1359
Open
Suppressing B105 on a multiline dict assignment#1352
#1359
Labels
bugSomething isn't working
@Faholan

Description

@Faholan
Faholan
opened on Jan 24, 2026

Describe the bug

When suppressing a (correct) error B105 (hardcoded_password_string) in a multiline dict assignment, it raises a warning about nosec encountered (B105), but no failed test on other lines, even though there is no such comment on the line

Reproduction steps

1. Create the file `test.py`:


DATABASES: "DatabaseGlobalConfigDict" = {
    "default": {
        "ENGINE": "django.db.backends.postgresql",
        "NAME": "name",
        "USER": "user",
        "PASSWORD": "password",  # nosec B105
        "HOST": "localhost",
        "OPTIONS": {
            "pool": {
                "min_size": 4,
                "max_size": 10,
            },
        },
    },
}


2. run `bandit temp.py`

Expected behavior

No warning and no error should be reported. The actual output is as follows:

[main]	INFO	profile include tests: None
[main]	INFO	profile exclude tests: None
[main]	INFO	cli include tests: None
[main]	INFO	cli exclude tests: None
[main]	INFO	running on Python 3.14.2
[tester]	WARNING	nosec encountered (B105), but no failed test on line 1
[tester]	WARNING	nosec encountered (B105), but no failed test on line 2
[tester]	WARNING	nosec encountered (B105), but no failed test on line 3
[tester]	WARNING	nosec encountered (B105), but no failed test on line 4
[tester]	WARNING	nosec encountered (B105), but no failed test on line 5
[tester]	WARNING	nosec encountered (B105), but no failed test on line 7
[tester]	WARNING	nosec encountered (B105), but no failed test on line 8
[tester]	WARNING	nosec encountered (B105), but no failed test on line 3
[tester]	WARNING	nosec encountered (B105), but no failed test on line 4
[tester]	WARNING	nosec encountered (B105), but no failed test on line 5
[tester]	WARNING	nosec encountered (B105), but no failed test on line 6
[tester]	WARNING	nosec encountered (B105), but no failed test on line 7
Run started:2026-01-24 22:48:09.148111+00:00

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 15
	Total lines skipped (#nosec): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
Files skipped (0):

It would be expected that those spurious warnings wouldn't appear

Bandit version

1.9.1 (Default)

Python version

3.14 (Default)

Additional context

Actually, the version of bandit I am running is 1.9.3 but it isn't available in the dropdown when creating an issue...

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions