Describe the bug
When suppressing a (correct) error B105 (hardcoded_password_string) in a multiline dict assignment, it raises a warning about nosec encountered (B105), but no failed test on other lines, even though there is no such comment on the line
Reproduction steps
1. Create the file `test.py`:
DATABASES: "DatabaseGlobalConfigDict" = {
"default": {
"ENGINE": "django.db.backends.postgresql",
"NAME": "name",
"USER": "user",
"PASSWORD": "password", # nosec B105
"HOST": "localhost",
"OPTIONS": {
"pool": {
"min_size": 4,
"max_size": 10,
},
},
},
}
2. run `bandit temp.py`Expected behavior
No warning and no error should be reported. The actual output is as follows:
[main] INFO profile include tests: None
[main] INFO profile exclude tests: None
[main] INFO cli include tests: None
[main] INFO cli exclude tests: None
[main] INFO running on Python 3.14.2
[tester] WARNING nosec encountered (B105), but no failed test on line 1
[tester] WARNING nosec encountered (B105), but no failed test on line 2
[tester] WARNING nosec encountered (B105), but no failed test on line 3
[tester] WARNING nosec encountered (B105), but no failed test on line 4
[tester] WARNING nosec encountered (B105), but no failed test on line 5
[tester] WARNING nosec encountered (B105), but no failed test on line 7
[tester] WARNING nosec encountered (B105), but no failed test on line 8
[tester] WARNING nosec encountered (B105), but no failed test on line 3
[tester] WARNING nosec encountered (B105), but no failed test on line 4
[tester] WARNING nosec encountered (B105), but no failed test on line 5
[tester] WARNING nosec encountered (B105), but no failed test on line 6
[tester] WARNING nosec encountered (B105), but no failed test on line 7
Run started:2026-01-24 22:48:09.148111+00:00
Test results:
No issues identified.
Code scanned:
Total lines of code: 15
Total lines skipped (#nosec): 0
Run metrics:
Total issues (by severity):
Undefined: 0
Low: 0
Medium: 0
High: 0
Total issues (by confidence):
Undefined: 0
Low: 0
Medium: 0
High: 0
Files skipped (0):
It would be expected that those spurious warnings wouldn't appear
Bandit version
1.9.1 (Default)
Python version
3.14 (Default)
Additional context
Actually, the version of bandit I am running is 1.9.3 but it isn't available in the dropdown when creating an issue...
Describe the bug
When suppressing a (correct) error B105 (hardcoded_password_string) in a multiline dict assignment, it raises a warning about
nosec encountered (B105), but no failed teston other lines, even though there is no such comment on the lineReproduction steps
Expected behavior
No warning and no error should be reported. The actual output is as follows:
It would be expected that those spurious warnings wouldn't appear
Bandit version
1.9.1 (Default)
Python version
3.14 (Default)
Additional context
Actually, the version of bandit I am running is
1.9.3but it isn't available in the dropdown when creating an issue...