From 950a7f4d73fb2df341b7e80f4b2b389b21934b3e Mon Sep 17 00:00:00 2001
From: Friday <aifriday700@gmail.com>
Date: Tue, 17 Feb 2026 07:18:13 +0000
Subject: [PATCH 1/2] Fix spurious nosec warnings on multiline statements

When a `# nosec` comment appears on one line of a multiline statement
(e.g., a dict literal spanning multiple lines), bandit was checking
the entire statement's line range for nosec comments. This caused
"nosec encountered but no failed test" warnings on every other line
of the same statement.

The fix checks only the specific line being tested for a nosec comment,
not the full linerange of the multiline node.

Fixes #1352
---
 bandit/core/tester.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/bandit/core/tester.py b/bandit/core/tester.py
index e92c29fb0..039a426eb 100644
--- a/bandit/core/tester.py
+++ b/bandit/core/tester.py
@@ -103,12 +103,18 @@ def run_tests(self, raw_context, checktype):
                     val = constants.RANKING_VALUES[result.confidence]
                     scores["CONFIDENCE"][con] += val
                 else:
-                    nosec_tests_to_skip = self._get_nosecs_from_contexts(
-                        temp_context
+                    # Only warn about unused nosec if the comment is on this
+                    # specific line, not on a different line of the same
+                    # multiline statement (see #1352)
+                    line_nosec = self.nosec_lines.get(
+                        temp_context["lineno"], None
                     )
                     if (
-                        nosec_tests_to_skip
-                        and test._test_id in nosec_tests_to_skip
+                        line_nosec is not None
+                        and (
+                            not line_nosec
+                            or test._test_id in line_nosec
+                        )
                     ):
                         LOG.warning(
                             f"nosec encountered ({test._test_id}), but no "

From 964cf5145a13e879571f220d3c2336af8ee0d644 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Tue, 17 Feb 2026 07:19:21 +0000
Subject: [PATCH 2/2] [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
---
 bandit/core/tester.py | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/bandit/core/tester.py b/bandit/core/tester.py
index 039a426eb..b15501e0f 100644
--- a/bandit/core/tester.py
+++ b/bandit/core/tester.py
@@ -109,12 +109,8 @@ def run_tests(self, raw_context, checktype):
                     line_nosec = self.nosec_lines.get(
                         temp_context["lineno"], None
                     )
-                    if (
-                        line_nosec is not None
-                        and (
-                            not line_nosec
-                            or test._test_id in line_nosec
-                        )
+                    if line_nosec is not None and (
+                        not line_nosec or test._test_id in line_nosec
                     ):
                         LOG.warning(
                             f"nosec encountered ({test._test_id}), but no "