From 0d3508660654776e3b440c3b46d708dc3792cd4a Mon Sep 17 00:00:00 2001
From: Benedict Harcourt <github@tea-cats.co.uk>
Date: Fri, 8 Dec 2023 19:14:28 +0000
Subject: [PATCH 1/2] Fix crash on pyproject.toml without bandit config (#1073)

* Fix crash on pyproject.toml without bandit config

This is a naive fix for bandit crashing when it encounters a
`pyproject.toml` which does not contain any specific bandit
configuration.

This resolves the common failure mode that is seen, but does not cause
bandit to fall back to another configuration source if the
`pyproject.toml` does not contain any `tool.bandit` block.

Resolves #1027

* Update bandit/core/config.py

---------

Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>
---
 bandit/core/config.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/bandit/core/config.py b/bandit/core/config.py
index 9ab223d1..dbc68fb7 100644
--- a/bandit/core/config.py
+++ b/bandit/core/config.py
@@ -52,7 +52,9 @@ def __init__(self, config_file=None):
 
                 try:
                     with f:
-                        self._config = tomllib.load(f)["tool"]["bandit"]
+                        self._config = (
+                            tomllib.load(f).get("tool", {}).get("bandit", {})
+                        )
                 except tomllib.TOMLDecodeError as err:
                     LOG.error(err)
                     raise utils.ConfigError("Error parsing file.", config_file)

From 4dea02ec98f0104b9c9e1e21602ee6d16ee76fe8 Mon Sep 17 00:00:00 2001
From: Mathieu Kniewallner <mathieu.kniewallner@gmail.com>
Date: Fri, 8 Dec 2023 20:15:27 +0100
Subject: [PATCH 2/2] refactor: remove `importlib-metadata` fallback (#1066)

Python 3.7 support has been removed in
https://github.com/PyCQA/bandit/pull/1034, so the `importlib-metadata`
fallback, is no longer required, as it was only need for Python < 3.8.

Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>
---
 bandit/__init__.py | 5 +----
 requirements.txt   | 1 -
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/bandit/__init__.py b/bandit/__init__.py
index ebaaccee..75f863db 100644
--- a/bandit/__init__.py
+++ b/bandit/__init__.py
@@ -2,10 +2,7 @@
 # Copyright 2014 Hewlett-Packard Development Company, L.P.
 #
 # SPDX-License-Identifier: Apache-2.0
-try:
-    from importlib import metadata
-except ImportError:
-    import importlib_metadata as metadata
+from importlib import metadata
 
 from bandit.core import config  # noqa
 from bandit.core import context  # noqa
diff --git a/requirements.txt b/requirements.txt
index 3db71252..28978202 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,4 +6,3 @@ PyYAML>=5.3.1 # MIT
 stevedore>=1.20.0 # Apache-2.0
 colorama>=0.3.9;platform_system=="Windows" # BSD License (3 clause)
 rich # MIT
-importlib-metadata;python_version<"3.8" # Apache-2.0