Bump version to 0.0.115

Include flake8-bugbear settings in flake8-to-ruff (#712 )
Use an FNVHashSet for settings.enabled (#711 )
2022-11-12 16:46:26 -05:00 · 2022-11-12 16:46:12 -05:00 · 2022-11-12 16:36:56 -05:00 · 2022-11-12 16:33:12 -05:00 · 2022-11-12 16:32:21 -05:00 · 2022-11-12 16:10:43 -05:00
52 changed files with 1288 additions and 136 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
  - repo: https://github.com/charliermarsh/ruff-pre-commit
-    rev: v0.0.114
+    rev: v0.0.115
    hooks:
      - id: ruff

--- a/Cargo.lock
+++ b/Cargo.lock
@@ -930,7 +930,7 @@ checksum = "0ce7134b9999ecaf8bcd65542e436736ef32ddca1b3e06094cb6ec5755203b80"

 [[package]]
 name = "flake8-to-ruff"
-version = "0.0.114-dev.0"
+version = "0.0.115-dev.0"
 dependencies = [
 "anyhow",
 "clap 4.0.22",
@@ -2237,7 +2237,7 @@ dependencies = [

 [[package]]
 name = "ruff"
-version = "0.0.114"
+version = "0.0.115"
 dependencies = [
 "anyhow",
 "assert_cmd",
@@ -2253,6 +2253,7 @@ dependencies = [
 "dirs 4.0.0",
 "fern",
 "filetime",
+ "fnv",
 "getrandom 0.2.8",
 "glob",
 "insta",
@@ -2284,7 +2285,7 @@ dependencies = [

 [[package]]
 name = "ruff_dev"
-version = "0.0.114"
+version = "0.0.115"
 dependencies = [
 "anyhow",
 "clap 4.0.22",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -6,7 +6,7 @@ members = [

 [package]
 name = "ruff"
-version = "0.0.114"
+version = "0.0.115"
 edition = "2021"

 [lib]
@@ -23,6 +23,7 @@ common-path = { version = "1.0.0" }
 dirs = { version = "4.0.0" }
 fern = { version = "0.6.1" }
 filetime = { version = "0.2.17" }
+fnv = { version = "1.0.7" }
 glob = { version = "0.3.0" }
 itertools = { version = "0.10.5" }
 libcst = { git = "https://github.com/charliermarsh/LibCST", rev = "a13ec97dd4eb925bde4d426c6e422582793b260c" }
--- a/README.md
+++ b/README.md
@@ -99,7 +99,7 @@ Ruff also works with [pre-commit](https://pre-commit.com):
 ```yaml
 repos:
  - repo: https://github.com/charliermarsh/ruff-pre-commit
-    rev: v0.0.114
+    rev: v0.0.115
    hooks:
      - id: ruff
 ```
@@ -442,7 +442,7 @@ For more, see [pyupgrade](https://pypi.org/project/pyupgrade/3.2.0/) on PyPI.
 | U008 | SuperCallWithParameters | Use `super()` instead of `super(__class__, self)` | 🛠 |
 | U009 | PEP3120UnnecessaryCodingComment | utf-8 encoding declaration is unnecessary | 🛠 |
 | U010 | UnnecessaryFutureImport | Unnecessary `__future__` import `...` for target Python version | 🛠 |
-| U011 | UnnecessaryLRUCacheParams | Unnecessary parameters to functools.lru_cache | 🛠 |
+| U011 | UnnecessaryLRUCacheParams | Unnecessary parameters to `functools.lru_cache` | 🛠 |
 | U012 | UnnecessaryEncodeUTF8 | Unnecessary call to `encode` as UTF-8 | 🛠 |

 ### pep8-naming
@@ -467,6 +467,19 @@ For more, see [pep8-naming](https://pypi.org/project/pep8-naming/0.13.2/) on PyP
 | N817 | CamelcaseImportedAsAcronym | Camelcase `...` imported as acronym `...` |  |
 | N818 | ErrorSuffixOnExceptionName | Exception name `...` should be named with an Error suffix |  |

+### flake8-bandit
+
+For more, see [flake8-bandit](https://pypi.org/project/flake8-bandit/4.1.1/) on PyPI.
+
+| Code | Name | Message | Fix |
+| ---- | ---- | ------- | --- |
+| S101 | AssertUsed | Use of `assert` detected |  |
+| S102 | ExecUsed | Use of `exec` detected |  |
+| S104 | HardcodedBindAllInterfaces | Possible binding to all interfaces |  |
+| S105 | HardcodedPasswordString | Possible hardcoded password: `'...'` |  |
+| S106 | HardcodedPasswordFuncArg | Possible hardcoded password: `'...'` |  |
+| S107 | HardcodedPasswordDefault | Possible hardcoded password: `'...'` |  |
+
 ### flake8-comprehensions

 For more, see [flake8-comprehensions](https://pypi.org/project/flake8-comprehensions/3.10.1/) on PyPI.
@@ -686,6 +699,7 @@ including:
 - [`flake8-quotes`](https://pypi.org/project/flake8-quotes/)
 - [`flake8-annotations`](https://pypi.org/project/flake8-annotations/)
 - [`flake8-comprehensions`](https://pypi.org/project/flake8-comprehensions/)
+- [`flake8-bandit`](https://pypi.org/project/flake8-bandit/) (6/40)
 - [`flake8-bugbear`](https://pypi.org/project/flake8-bugbear/) (21/32)
 - [`flake8-2020`](https://pypi.org/project/flake8-2020/)
 - [`pyupgrade`](https://pypi.org/project/pyupgrade/) (15/34)
@@ -709,6 +723,7 @@ Today, Ruff can be used to replace Flake8 when used with any of the following pl
 - [`flake8-print`](https://pypi.org/project/flake8-print/)
 - [`flake8-quotes`](https://pypi.org/project/flake8-quotes/)
 - [`flake8-annotations`](https://pypi.org/project/flake8-annotations/)
+- [`flake8-bandit`](https://pypi.org/project/flake8-bandit/) (6/40)
 - [`flake8-comprehensions`](https://pypi.org/project/flake8-comprehensions/)
 - [`flake8-bugbear`](https://pypi.org/project/flake8-bugbear/) (21/32)
 - [`flake8-2020`](https://pypi.org/project/flake8-2020/)
--- a/flake8_to_ruff/Cargo.lock
+++ b/flake8_to_ruff/Cargo.lock
@@ -771,7 +771,7 @@ checksum = "0ce7134b9999ecaf8bcd65542e436736ef32ddca1b3e06094cb6ec5755203b80"

 [[package]]
 name = "flake8_to_ruff"
-version = "0.0.114"
+version = "0.0.115"
 dependencies = [
 "anyhow",
 "clap",
@@ -1975,7 +1975,7 @@ dependencies = [

 [[package]]
 name = "ruff"
-version = "0.0.114"
+version = "0.0.115"
 dependencies = [
 "anyhow",
 "bincode",
--- a/flake8_to_ruff/Cargo.toml
+++ b/flake8_to_ruff/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "flake8-to-ruff"
-version = "0.0.114-dev.0"
+version = "0.0.115-dev.0"
 edition = "2021"

 [lib]
--- a/flake8_to_ruff/src/converter.rs
+++ b/flake8_to_ruff/src/converter.rs
@@ -5,7 +5,7 @@ use ruff::checks_gen::CheckCodePrefix;
 use ruff::flake8_quotes::settings::Quote;
 use ruff::settings::options::Options;
 use ruff::settings::pyproject::Pyproject;
-use ruff::{flake8_annotations, flake8_quotes, pep8_naming};
+use ruff::{flake8_annotations, flake8_bugbear, flake8_quotes, pep8_naming};

 use crate::plugin::Plugin;
 use crate::{parser, plugin};
@@ -69,6 +69,7 @@ pub fn convert(
    // Parse each supported option.
    let mut options: Options = Default::default();
    let mut flake8_annotations: flake8_annotations::settings::Options = Default::default();
+    let mut flake8_bugbear: flake8_bugbear::settings::Options = Default::default();
    let mut flake8_quotes: flake8_quotes::settings::Options = Default::default();
    let mut pep8_naming: pep8_naming::settings::Options = Default::default();
    for (key, value) in flake8 {
@@ -109,6 +110,11 @@ pub fn convert(
                        Err(e) => eprintln!("Unable to parse '{key}' property: {e}"),
                    }
                }
+                // flake8-bugbear
+                "extend-immutable-calls" | "extend_immutable_calls" => {
+                    flake8_bugbear.extend_immutable_calls =
+                        Some(parser::parse_strings(value.as_ref()));
+                }
                // flake8-annotations
                "suppress-none-returning" | "suppress_none_returning" => {
                    match parser::parse_bool(value.as_ref()) {
@@ -179,6 +185,12 @@ pub fn convert(
    // Deduplicate and sort.
    options.select = Some(Vec::from_iter(select));
    options.ignore = Some(Vec::from_iter(ignore));
+    if flake8_annotations != Default::default() {
+        options.flake8_annotations = Some(flake8_annotations);
+    }
+    if flake8_bugbear != Default::default() {
+        options.flake8_bugbear = Some(flake8_bugbear);
+    }
    if flake8_quotes != Default::default() {
        options.flake8_quotes = Some(flake8_quotes);
    }
@@ -224,6 +236,7 @@ mod tests {
            dummy_variable_rgx: None,
            target_version: None,
            flake8_annotations: None,
+            flake8_bugbear: None,
            flake8_quotes: None,
            isort: None,
            pep8_naming: None,
@@ -257,6 +270,7 @@ mod tests {
            dummy_variable_rgx: None,
            target_version: None,
            flake8_annotations: None,
+            flake8_bugbear: None,
            flake8_quotes: None,
            isort: None,
            pep8_naming: None,
@@ -290,6 +304,7 @@ mod tests {
            dummy_variable_rgx: None,
            target_version: None,
            flake8_annotations: None,
+            flake8_bugbear: None,
            flake8_quotes: None,
            isort: None,
            pep8_naming: None,
@@ -323,6 +338,7 @@ mod tests {
            dummy_variable_rgx: None,
            target_version: None,
            flake8_annotations: None,
+            flake8_bugbear: None,
            flake8_quotes: None,
            isort: None,
            pep8_naming: None,
@@ -356,6 +372,7 @@ mod tests {
            dummy_variable_rgx: None,
            target_version: None,
            flake8_annotations: None,
+            flake8_bugbear: None,
            flake8_quotes: Some(flake8_quotes::settings::Options {
                inline_quotes: Some(flake8_quotes::settings::Quote::Single),
                multiline_quotes: None,
@@ -432,6 +449,7 @@ mod tests {
            dummy_variable_rgx: None,
            target_version: None,
            flake8_annotations: None,
+            flake8_bugbear: None,
            flake8_quotes: None,
            isort: None,
            pep8_naming: None,
@@ -466,6 +484,7 @@ mod tests {
            dummy_variable_rgx: None,
            target_version: None,
            flake8_annotations: None,
+            flake8_bugbear: None,
            flake8_quotes: Some(flake8_quotes::settings::Options {
                inline_quotes: Some(flake8_quotes::settings::Quote::Single),
                multiline_quotes: None,
--- a/flake8_to_ruff/src/plugin.rs
+++ b/flake8_to_ruff/src/plugin.rs
@@ -6,6 +6,7 @@ use ruff::checks_gen::CheckCodePrefix;

 #[derive(Debug, Clone, Ord, PartialOrd, Eq, PartialEq)]
 pub enum Plugin {
+    Flake8Bandit,
    Flake8Bugbear,
    Flake8Builtins,
    Flake8Comprehensions,
@@ -22,6 +23,7 @@ impl FromStr for Plugin {

    fn from_str(string: &str) -> Result<Self, Self::Err> {
        match string {
+            "flake8-bandit" => Ok(Plugin::Flake8Bandit),
            "flake8-bugbear" => Ok(Plugin::Flake8Bugbear),
            "flake8-builtins" => Ok(Plugin::Flake8Builtins),
            "flake8-comprehensions" => Ok(Plugin::Flake8Comprehensions),
@@ -39,6 +41,7 @@ impl FromStr for Plugin {
 impl Plugin {
    pub fn default(&self) -> CheckCodePrefix {
        match self {
+            Plugin::Flake8Bandit => CheckCodePrefix::S,
            Plugin::Flake8Bugbear => CheckCodePrefix::B,
            Plugin::Flake8Builtins => CheckCodePrefix::A,
            Plugin::Flake8Comprehensions => CheckCodePrefix::C,
@@ -53,6 +56,7 @@ impl Plugin {

    pub fn select(&self, flake8: &HashMap<String, Option<String>>) -> Vec<CheckCodePrefix> {
        match self {
+            Plugin::Flake8Bandit => vec![CheckCodePrefix::S],
            Plugin::Flake8Bugbear => vec![CheckCodePrefix::B],
            Plugin::Flake8Builtins => vec![CheckCodePrefix::A],
            Plugin::Flake8Comprehensions => vec![CheckCodePrefix::C],
@@ -265,6 +269,10 @@ pub fn infer_plugins_from_options(flake8: &HashMap<String, Option<String>>) -> V
            "docstring-convention" | "docstring_convention" => {
                plugins.insert(Plugin::Flake8Docstrings);
            }
+            // flake8-bugbear
+            "extend-immutable-calls" | "extend_immutable_calls" => {
+                plugins.insert(Plugin::Flake8Bugbear);
+            }
            // flake8-builtins
            "builtins-ignorelist" | "builtins_ignorelist" => {
                plugins.insert(Plugin::Flake8Builtins);
@@ -329,6 +337,7 @@ pub fn infer_plugins_from_options(flake8: &HashMap<String, Option<String>>) -> V
 /// `flake8-annotations` is active.
 pub fn infer_plugins_from_codes(codes: &BTreeSet<CheckCodePrefix>) -> Vec<Plugin> {
    [
+        Plugin::Flake8Bandit,
        Plugin::Flake8Bugbear,
        Plugin::Flake8Builtins,
        Plugin::Flake8Comprehensions,
--- a/resources/test/fixtures/B008_extended.py
+++ b/resources/test/fixtures/B008_extended.py
@@ -0,0 +1,20 @@
+from typing import List
+
+import fastapi
+from fastapi import Query
+
+
+def okay(db=fastapi.Depends(get_db)):
+    ...
+
+
+def okay(data: List[str] = fastapi.Query(None)):
+    ...
+
+
+def okay(data: List[str] = Query(None)):
+    ...
+
+
+def error_due_to_missing_import(data: List[str] = Depends(None)):
+    ...
--- a/resources/test/fixtures/S101.py
+++ b/resources/test/fixtures/S101.py
@@ -0,0 +1,11 @@
+# Error
+assert True
+
+def fn():
+    x = 1
+
+    # Error
+    assert x == 1
+
+    # Error
+    assert x == 2
--- a/resources/test/fixtures/S102.py
+++ b/resources/test/fixtures/S102.py
@@ -0,0 +1,5 @@
+def fn():
+    # Error
+    exec('x = 2')
+
+exec('y = 3')
--- a/resources/test/fixtures/S104.py
+++ b/resources/test/fixtures/S104.py
@@ -0,0 +1,19 @@
+def func(address):
+    print(address)
+
+
+# OK
+"OK"
+
+# Error
+"0.0.0.0"
+'0.0.0.0'
+
+
+# Error
+func("0.0.0.0")
+
+
+def my_func():
+    x = "0.0.0.0"
+    print(x)
--- a/resources/test/fixtures/S105.py
+++ b/resources/test/fixtures/S105.py
@@ -0,0 +1,53 @@
+d = {}
+
+# OK
+safe = "s3cr3t"
+password = True
+password = safe
+password is True
+password == 1
+d["safe"] = "s3cr3t"
+
+# Errors
+password = "s3cr3t"
+_pass = "s3cr3t"
+passwd = "s3cr3t"
+pwd = "s3cr3t"
+secret = "s3cr3t"
+token = "s3cr3t"
+secrete = "s3cr3t"
+safe = password = "s3cr3t"
+password = safe = "s3cr3t"
+
+d["password"] = "s3cr3t"
+d["pass"] = "s3cr3t"
+d["passwd"] = "s3cr3t"
+d["pwd"] = "s3cr3t"
+d["secret"] = "s3cr3t"
+d["token"] = "s3cr3t"
+d["secrete"] = "s3cr3t"
+safe = d["password"] = "s3cr3t"
+d["password"] = safe = "s3cr3t"
+
+
+class MyClass:
+    password = "s3cr3t"
+    safe = password
+
+
+MyClass.password = "s3cr3t"
+MyClass._pass = "s3cr3t"
+MyClass.passwd = "s3cr3t"
+MyClass.pwd = "s3cr3t"
+MyClass.secret = "s3cr3t"
+MyClass.token = "s3cr3t"
+MyClass.secrete = "s3cr3t"
+
+password == "s3cr3t"
+_pass == "s3cr3t"
+passwd == "s3cr3t"
+pwd == "s3cr3t"
+secret == "s3cr3t"
+token == "s3cr3t"
+secrete == "s3cr3t"
+password == safe == "s3cr3t"
--- a/resources/test/fixtures/S106.py
+++ b/resources/test/fixtures/S106.py
@@ -0,0 +1,13 @@
+def func(pos, password):
+    pass
+
+
+string = "Hello World"
+
+# OK
+func("s3cr3t")
+func(1, password=string)
+func(pos="s3cr3t", password=string)
+
+# Error
+func(1, password="s3cr3t")
--- a/resources/test/fixtures/S107.py
+++ b/resources/test/fixtures/S107.py
@@ -0,0 +1,30 @@
+def ok(first, default="default"):
+    pass
+
+
+def default(first, password="default"):
+    pass
+
+
+def ok_posonly(first, /, pos, default="posonly"):
+    pass
+
+
+def default_posonly(first, /, pos, password="posonly"):
+    pass
+
+
+def ok_kwonly(first, *, default="kwonly"):
+    pass
+
+
+def default_kwonly(first, *, password="kwonly"):
+    pass
+
+
+def ok_all(first, /, pos, default="posonly", *, kwonly="kwonly"):
+    pass
+
+
+def default_all(first, /, pos, secret="posonly", *, password="kwonly"):
+    pass
--- a/resources/test/fixtures/pyproject.toml
+++ b/resources/test/fixtures/pyproject.toml
@@ -7,6 +7,9 @@ extend-exclude = [
 ]
 per-file-ignores = { "__init__.py" = ["F401"] }

+[tool.ruff.flake8-bugbear]
+extend-immutable-calls = ["fastapi.Depends", "fastapi.Query"]
+
 [tool.ruff.flake8-quotes]
 inline-quotes = "single"
 multiline-quotes = "double"
--- a/ruff_dev/Cargo.toml
+++ b/ruff_dev/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "ruff_dev"
-version = "0.0.114"
+version = "0.0.115"
 edition = "2021"

 [dependencies]
--- a/src/ast/helpers.rs
+++ b/src/ast/helpers.rs
@@ -1,5 +1,4 @@
-use std::collections::BTreeSet;
-
+use fnv::FnvHashSet;
 use once_cell::sync::Lazy;
 use regex::Regex;
 use rustpython_ast::{Excepthandler, ExcepthandlerKind, Expr, ExprKind, Location, StmtKind};
@@ -47,7 +46,7 @@ pub fn match_name_or_attr_from_module(
    expr: &Expr,
    target: &str,
    module: &str,
-    imports: Option<&BTreeSet<&str>>,
+    imports: Option<&FnvHashSet<&str>>,
 ) -> bool {
    match &expr.node {
        ExprKind::Attribute { value, attr, .. } => match &value.node {
--- a/src/check_ast.rs
+++ b/src/check_ast.rs
@@ -1,9 +1,10 @@
 //! Lint rules based on AST traversal.

-use std::collections::{BTreeMap, BTreeSet};
+use std::collections::BTreeMap;
 use std::ops::Deref;
 use std::path::Path;

+use fnv::{FnvHashMap, FnvHashSet};
 use log::error;
 use rustpython_parser::ast::{
    Arg, Arguments, Constant, Excepthandler, ExcepthandlerKind, Expr, ExprContext, ExprKind,
@@ -32,25 +33,11 @@ use crate::settings::Settings;
 use crate::source_code_locator::SourceCodeLocator;
 use crate::visibility::{module_visibility, transition_scope, Modifier, Visibility, VisibleScope};
 use crate::{
-    docstrings, flake8_2020, flake8_annotations, flake8_bugbear, flake8_builtins,
+    docstrings, flake8_2020, flake8_annotations, flake8_bandit, flake8_bugbear, flake8_builtins,
    flake8_comprehensions, flake8_print, pep8_naming, pycodestyle, pydocstyle, pyflakes, pyupgrade,
 };

 const GLOBAL_SCOPE_INDEX: usize = 0;
-const TRACK_FROM_IMPORTS: [&str; 12] = [
-    "collections",
-    "collections.abc",
-    "contextlib",
-    "functools",
-    "re",
-    "six",
-    "sys",
-    "typing",
-    "typing.io",
-    "typing.re",
-    "typing_extensions",
-    "weakref",
-];

 pub struct Checker<'a> {
    // Input data.
@@ -64,9 +51,9 @@ pub struct Checker<'a> {
    definitions: Vec<(Definition<'a>, Visibility)>,
    // Edit tracking.
    // TODO(charlie): Instead of exposing deletions, wrap in a public API.
-    pub(crate) deletions: BTreeSet<usize>,
+    pub(crate) deletions: FnvHashSet<usize>,
    // Import tracking.
-    pub(crate) from_imports: BTreeMap<&'a str, BTreeSet<&'a str>>,
+    pub(crate) from_imports: FnvHashMap<&'a str, FnvHashSet<&'a str>>,
    // Retain all scopes and parent nodes, along with a stack of indexes to track which are active
    // at various points in time.
    pub(crate) parents: Vec<&'a Stmt>,
@@ -350,6 +337,12 @@ where
                    flake8_bugbear::plugins::cached_instance_method(self, decorator_list);
                }

+                if self.settings.enabled.contains(&CheckCode::S107) {
+                    self.add_checks(
+                        flake8_bandit::plugins::hardcoded_password_default(args).into_iter(),
+                    );
+                }
+
                self.check_builtin_shadowing(name, Range::from_located(stmt), true);

                // Visit the decorators and arguments, but avoid the body, which will be
@@ -403,14 +396,14 @@ where
            StmtKind::Return { .. } => {
                if self.settings.enabled.contains(&CheckCode::F706) {
                    if let Some(index) = self.scope_stack.last().cloned() {
-                        match self.scopes[index].kind {
-                            ScopeKind::Class(_) | ScopeKind::Module => {
-                                self.add_check(Check::new(
-                                    CheckKind::ReturnOutsideFunction,
-                                    Range::from_located(stmt),
-                                ));
-                            }
-                            _ => {}
+                        if matches!(
+                            self.scopes[index].kind,
+                            ScopeKind::Class(_) | ScopeKind::Module
+                        ) {
+                            self.add_check(Check::new(
+                                CheckKind::ReturnOutsideFunction,
+                                Range::from_located(stmt),
+                            ));
                        }
                    }
                }
@@ -583,17 +576,15 @@ where
                // references like `from typing import Union`.
                if level.map(|level| level == 0).unwrap_or(true) {
                    if let Some(module) = module {
-                        if TRACK_FROM_IMPORTS.contains(&module.as_str()) {
-                            self.from_imports
-                                .entry(module)
-                                .or_insert_with(BTreeSet::new)
-                                .extend(
-                                    names
-                                        .iter()
-                                        .filter(|alias| alias.node.asname.is_none())
-                                        .map(|alias| alias.node.name.as_str()),
-                                )
-                        }
+                        self.from_imports
+                            .entry(module)
+                            .or_insert_with(FnvHashSet::default)
+                            .extend(
+                                names
+                                    .iter()
+                                    .filter(|alias| alias.node.asname.is_none())
+                                    .map(|alias| alias.node.name.as_str()),
+                            )
                    }
                }

@@ -803,6 +794,9 @@ where
                if self.settings.enabled.contains(&CheckCode::B011) {
                    flake8_bugbear::plugins::assert_false(self, stmt, test, msg);
                }
+                if self.settings.enabled.contains(&CheckCode::S101) {
+                    self.add_check(flake8_bandit::plugins::assert_used(stmt));
+                }
            }
            StmtKind::With { items, .. } | StmtKind::AsyncWith { items, .. } => {
                if self.settings.enabled.contains(&CheckCode::B017) {
@@ -843,6 +837,13 @@ where
                if self.settings.enabled.contains(&CheckCode::B003) {
                    flake8_bugbear::plugins::assignment_to_os_environ(self, targets);
                }
+                if self.settings.enabled.contains(&CheckCode::S105) {
+                    if let Some(check) =
+                        flake8_bandit::plugins::assign_hardcoded_password_string(value, targets)
+                    {
+                        self.add_check(check);
+                    }
+                }
            }
            StmtKind::AnnAssign { value, .. } => {
                if self.settings.enabled.contains(&CheckCode::E731) {
@@ -1108,6 +1109,16 @@ where
                        self, args, keywords,
                    );
                }
+                if self.settings.enabled.contains(&CheckCode::S102) {
+                    if let Some(check) = flake8_bandit::plugins::exec_used(expr, func) {
+                        self.add_check(check);
+                    }
+                }
+                if self.settings.enabled.contains(&CheckCode::S106) {
+                    self.add_checks(
+                        flake8_bandit::plugins::hardcoded_password_func_arg(keywords).into_iter(),
+                    );
+                }

                // flake8-comprehensions
                if self.settings.enabled.contains(&CheckCode::C400) {
@@ -1456,6 +1467,16 @@ where
                {
                    flake8_2020::plugins::compare(self, left, ops, comparators);
                }
+
+                if self.settings.enabled.contains(&CheckCode::S105) {
+                    self.add_checks(
+                        flake8_bandit::plugins::compare_to_hardcoded_password_string(
+                            left,
+                            comparators,
+                        )
+                        .into_iter(),
+                    );
+                }
            }
            ExprKind::Constant {
                value: Constant::Str(value),
@@ -1465,6 +1486,14 @@ where
                    self.deferred_string_annotations
                        .push((Range::from_located(expr), value));
                }
+                if self.settings.enabled.contains(&CheckCode::S104) {
+                    if let Some(check) = flake8_bandit::plugins::hardcoded_bind_all_interfaces(
+                        value,
+                        &Range::from_located(expr),
+                    ) {
+                        self.add_check(check);
+                    }
+                }
            }
            ExprKind::Lambda { args, .. } => {
                // Visit the arguments, but avoid the body, which will be deferred.
--- a/src/checks.rs
+++ b/src/checks.rs
@@ -220,6 +220,13 @@ pub enum CheckCode {
    N818,
    // isort
    I001,
+    // flake8-bandit
+    S101,
+    S102,
+    S104,
+    S105,
+    S106,
+    S107,
    // Ruff
    RUF001,
    RUF002,
@@ -236,6 +243,7 @@ pub enum CheckCategory {
    Pydocstyle,
    Pyupgrade,
    PEP8Naming,
+    Flake8Bandit,
    Flake8Comprehensions,
    Flake8Bugbear,
    Flake8Builtins,
@@ -253,6 +261,7 @@ impl CheckCategory {
            CheckCategory::Pycodestyle => "pycodestyle",
            CheckCategory::Pyflakes => "Pyflakes",
            CheckCategory::Isort => "isort",
+            CheckCategory::Flake8Bandit => "flake8-bandit",
            CheckCategory::Flake8Builtins => "flake8-builtins",
            CheckCategory::Flake8Bugbear => "flake8-bugbear",
            CheckCategory::Flake8Comprehensions => "flake8-comprehensions",
@@ -291,6 +300,7 @@ impl CheckCategory {
            CheckCategory::Pyupgrade => Some("https://pypi.org/project/pyupgrade/3.2.0/"),
            CheckCategory::Pydocstyle => Some("https://pypi.org/project/pydocstyle/6.1.1/"),
            CheckCategory::PEP8Naming => Some("https://pypi.org/project/pep8-naming/0.13.2/"),
+            CheckCategory::Flake8Bandit => Some("https://pypi.org/project/flake8-bandit/4.1.1/"),
            CheckCategory::Ruff => None,
            CheckCategory::Meta => None,
        }
@@ -509,6 +519,13 @@ pub enum CheckKind {
    ErrorSuffixOnExceptionName(String),
    // isort
    UnsortedImports,
+    // flake8-bandit
+    AssertUsed,
+    ExecUsed,
+    HardcodedBindAllInterfaces,
+    HardcodedPasswordString(String),
+    HardcodedPasswordFuncArg(String),
+    HardcodedPasswordDefault(String),
    // Ruff
    AmbiguousUnicodeCharacterString(char, char),
    AmbiguousUnicodeCharacterDocstring(char, char),
@@ -773,6 +790,13 @@ impl CheckCode {
            CheckCode::N818 => CheckKind::ErrorSuffixOnExceptionName("...".to_string()),
            // isort
            CheckCode::I001 => CheckKind::UnsortedImports,
+            // flake8-bandit
+            CheckCode::S101 => CheckKind::AssertUsed,
+            CheckCode::S102 => CheckKind::ExecUsed,
+            CheckCode::S104 => CheckKind::HardcodedBindAllInterfaces,
+            CheckCode::S105 => CheckKind::HardcodedPasswordString("...".to_string()),
+            CheckCode::S106 => CheckKind::HardcodedPasswordFuncArg("...".to_string()),
+            CheckCode::S107 => CheckKind::HardcodedPasswordDefault("...".to_string()),
            // Ruff
            CheckCode::RUF001 => CheckKind::AmbiguousUnicodeCharacterString('𝐁', 'B'),
            CheckCode::RUF002 => CheckKind::AmbiguousUnicodeCharacterDocstring('𝐁', 'B'),
@@ -965,6 +989,12 @@ impl CheckCode {
            CheckCode::N817 => CheckCategory::PEP8Naming,
            CheckCode::N818 => CheckCategory::PEP8Naming,
            CheckCode::I001 => CheckCategory::Isort,
+            CheckCode::S101 => CheckCategory::Flake8Bandit,
+            CheckCode::S102 => CheckCategory::Flake8Bandit,
+            CheckCode::S104 => CheckCategory::Flake8Bandit,
+            CheckCode::S105 => CheckCategory::Flake8Bandit,
+            CheckCode::S106 => CheckCategory::Flake8Bandit,
+            CheckCode::S107 => CheckCategory::Flake8Bandit,
            CheckCode::RUF001 => CheckCategory::Ruff,
            CheckCode::RUF002 => CheckCategory::Ruff,
            CheckCode::RUF003 => CheckCategory::Ruff,
@@ -1171,6 +1201,13 @@ impl CheckKind {
            CheckKind::ErrorSuffixOnExceptionName(..) => &CheckCode::N818,
            // isort
            CheckKind::UnsortedImports => &CheckCode::I001,
+            // flake8-bandit
+            CheckKind::AssertUsed => &CheckCode::S101,
+            CheckKind::ExecUsed => &CheckCode::S102,
+            CheckKind::HardcodedBindAllInterfaces => &CheckCode::S104,
+            CheckKind::HardcodedPasswordString(..) => &CheckCode::S105,
+            CheckKind::HardcodedPasswordFuncArg(..) => &CheckCode::S106,
+            CheckKind::HardcodedPasswordDefault(..) => &CheckCode::S107,
            // Ruff
            CheckKind::AmbiguousUnicodeCharacterString(..) => &CheckCode::RUF001,
            CheckKind::AmbiguousUnicodeCharacterDocstring(..) => &CheckCode::RUF002,
@@ -1610,7 +1647,7 @@ impl CheckKind {
                }
            }
            CheckKind::UnnecessaryLRUCacheParams => {
-                "Unnecessary parameters to functools.lru_cache".to_string()
+                "Unnecessary parameters to `functools.lru_cache`".to_string()
            }
            CheckKind::UnnecessaryEncodeUTF8 => "Unnecessary call to `encode` as UTF-8".to_string(),
            // pydocstyle
@@ -1778,6 +1815,21 @@ impl CheckKind {
            }
            // isort
            CheckKind::UnsortedImports => "Import block is un-sorted or un-formatted".to_string(),
+            // flake8-bandit
+            CheckKind::AssertUsed => "Use of `assert` detected".to_string(),
+            CheckKind::ExecUsed => "Use of `exec` detected".to_string(),
+            CheckKind::HardcodedBindAllInterfaces => {
+                "Possible binding to all interfaces".to_string()
+            }
+            CheckKind::HardcodedPasswordString(string) => {
+                format!("Possible hardcoded password: `'{string}'`")
+            }
+            CheckKind::HardcodedPasswordFuncArg(string) => {
+                format!("Possible hardcoded password: `'{string}'`")
+            }
+            CheckKind::HardcodedPasswordDefault(string) => {
+                format!("Possible hardcoded password: `'{string}'`")
+            }
            // Ruff
            CheckKind::AmbiguousUnicodeCharacterString(confusable, representant) => {
                format!(
--- a/src/checks_gen.rs
+++ b/src/checks_gen.rs
@@ -245,6 +245,15 @@ pub enum CheckCodePrefix {
    RUF001,
    RUF002,
    RUF003,
+    S,
+    S1,
+    S10,
+    S101,
+    S102,
+    S104,
+    S105,
+    S106,
+    S107,
    T,
    T2,
    T20,
@@ -988,6 +997,36 @@ impl CheckCodePrefix {
            CheckCodePrefix::RUF001 => vec![CheckCode::RUF001],
            CheckCodePrefix::RUF002 => vec![CheckCode::RUF002],
            CheckCodePrefix::RUF003 => vec![CheckCode::RUF003],
+            CheckCodePrefix::S => vec![
+                CheckCode::S101,
+                CheckCode::S102,
+                CheckCode::S104,
+                CheckCode::S105,
+                CheckCode::S106,
+                CheckCode::S107,
+            ],
+            CheckCodePrefix::S1 => vec![
+                CheckCode::S101,
+                CheckCode::S102,
+                CheckCode::S104,
+                CheckCode::S105,
+                CheckCode::S106,
+                CheckCode::S107,
+            ],
+            CheckCodePrefix::S10 => vec![
+                CheckCode::S101,
+                CheckCode::S102,
+                CheckCode::S104,
+                CheckCode::S105,
+                CheckCode::S106,
+                CheckCode::S107,
+            ],
+            CheckCodePrefix::S101 => vec![CheckCode::S101],
+            CheckCodePrefix::S102 => vec![CheckCode::S102],
+            CheckCodePrefix::S104 => vec![CheckCode::S104],
+            CheckCodePrefix::S105 => vec![CheckCode::S105],
+            CheckCodePrefix::S106 => vec![CheckCode::S106],
+            CheckCodePrefix::S107 => vec![CheckCode::S107],
            CheckCodePrefix::T => vec![CheckCode::T201, CheckCode::T203],
            CheckCodePrefix::T2 => vec![CheckCode::T201, CheckCode::T203],
            CheckCodePrefix::T20 => vec![CheckCode::T201, CheckCode::T203],
@@ -1299,6 +1338,15 @@ impl CheckCodePrefix {
            CheckCodePrefix::I0 => PrefixSpecificity::Hundreds,
            CheckCodePrefix::I00 => PrefixSpecificity::Tens,
            CheckCodePrefix::I001 => PrefixSpecificity::Explicit,
+            CheckCodePrefix::S => PrefixSpecificity::Category,
+            CheckCodePrefix::S1 => PrefixSpecificity::Hundreds,
+            CheckCodePrefix::S10 => PrefixSpecificity::Tens,
+            CheckCodePrefix::S101 => PrefixSpecificity::Explicit,
+            CheckCodePrefix::S102 => PrefixSpecificity::Explicit,
+            CheckCodePrefix::S104 => PrefixSpecificity::Explicit,
+            CheckCodePrefix::S105 => PrefixSpecificity::Explicit,
+            CheckCodePrefix::S106 => PrefixSpecificity::Explicit,
+            CheckCodePrefix::S107 => PrefixSpecificity::Explicit,
            CheckCodePrefix::M => PrefixSpecificity::Category,
            CheckCodePrefix::M0 => PrefixSpecificity::Hundreds,
            CheckCodePrefix::M00 => PrefixSpecificity::Tens,
--- a/src/flake8_bandit/helpers.rs
+++ b/src/flake8_bandit/helpers.rs
@@ -0,0 +1,22 @@
+use rustpython_ast::{Constant, Expr, ExprKind};
+
+const PASSWORD_NAMES: [&str; 7] = [
+    "password", "pass", "passwd", "pwd", "secret", "token", "secrete",
+];
+
+pub fn string_literal(expr: &Expr) -> Option<&str> {
+    match &expr.node {
+        ExprKind::Constant {
+            value: Constant::Str(string),
+            ..
+        } => Some(string),
+        _ => None,
+    }
+}
+
+// Maybe use regex for this?
+pub fn matches_password_name(string: &str) -> bool {
+    PASSWORD_NAMES
+        .iter()
+        .any(|name| string.to_lowercase().contains(name))
+}
--- a/src/flake8_bandit/mod.rs
+++ b/src/flake8_bandit/mod.rs
@@ -0,0 +1,2 @@
+mod helpers;
+pub mod plugins;
--- a/src/flake8_bandit/plugins/assert_used.rs
+++ b/src/flake8_bandit/plugins/assert_used.rs
@@ -0,0 +1,9 @@
+use rustpython_ast::{Located, StmtKind};
+
+use crate::ast::types::Range;
+use crate::checks::{Check, CheckKind};
+
+/// S101
+pub fn assert_used(stmt: &Located<StmtKind>) -> Check {
+    Check::new(CheckKind::AssertUsed, Range::from_located(stmt))
+}
--- a/src/flake8_bandit/plugins/exec_used.rs
+++ b/src/flake8_bandit/plugins/exec_used.rs
@@ -0,0 +1,14 @@
+use rustpython_ast::{Expr, ExprKind};
+
+use crate::ast::types::Range;
+use crate::checks::{Check, CheckKind};
+
+/// S102
+pub fn exec_used(expr: &Expr, func: &Expr) -> Option<Check> {
+    if let ExprKind::Name { id, .. } = &func.node {
+        if id == "exec" {
+            return Some(Check::new(CheckKind::ExecUsed, Range::from_located(expr)));
+        }
+    }
+    None
+}
--- a/src/flake8_bandit/plugins/hardcoded_bind_all_interfaces.rs
+++ b/src/flake8_bandit/plugins/hardcoded_bind_all_interfaces.rs
@@ -0,0 +1,11 @@
+use crate::ast::types::Range;
+use crate::checks::{Check, CheckKind};
+
+/// S104
+pub fn hardcoded_bind_all_interfaces(value: &str, range: &Range) -> Option<Check> {
+    if value == "0.0.0.0" {
+        Some(Check::new(CheckKind::HardcodedBindAllInterfaces, *range))
+    } else {
+        None
+    }
+}
--- a/src/flake8_bandit/plugins/hardcoded_password_default.rs
+++ b/src/flake8_bandit/plugins/hardcoded_password_default.rs
@@ -0,0 +1,51 @@
+use rustpython_ast::{ArgData, Arguments, Expr, Located};
+
+use crate::ast::types::Range;
+use crate::checks::{Check, CheckKind};
+use crate::flake8_bandit::helpers::{matches_password_name, string_literal};
+
+fn check_password_kwarg(arg: &Located<ArgData>, default: &Expr) -> Option<Check> {
+    if let Some(string) = string_literal(default) {
+        let kwarg_name = &arg.node.arg;
+        if matches_password_name(kwarg_name) {
+            return Some(Check::new(
+                CheckKind::HardcodedPasswordDefault(string.to_string()),
+                Range::from_located(default),
+            ));
+        }
+    }
+    None
+}
+
+/// S107
+pub fn hardcoded_password_default(arguments: &Arguments) -> Vec<Check> {
+    let mut checks: Vec<Check> = Vec::new();
+
+    let defaults_start =
+        arguments.posonlyargs.len() + arguments.args.len() - arguments.defaults.len();
+    for (i, arg) in arguments
+        .posonlyargs
+        .iter()
+        .chain(&arguments.args)
+        .enumerate()
+    {
+        if let Some(i) = i.checked_sub(defaults_start) {
+            let default = &arguments.defaults[i];
+            if let Some(check) = check_password_kwarg(arg, default) {
+                checks.push(check);
+            }
+        }
+    }
+
+    let defaults_start = arguments.kwonlyargs.len() - arguments.kw_defaults.len();
+    for (i, kwarg) in arguments.kwonlyargs.iter().enumerate() {
+        if let Some(i) = i.checked_sub(defaults_start) {
+            let default = &arguments.kw_defaults[i];
+            if let Some(check) = check_password_kwarg(kwarg, default) {
+                checks.push(check);
+            }
+        }
+    }
+
+    checks
+}
--- a/src/flake8_bandit/plugins/hardcoded_password_func_arg.rs
+++ b/src/flake8_bandit/plugins/hardcoded_password_func_arg.rs
@@ -0,0 +1,25 @@
+use rustpython_ast::Keyword;
+
+use crate::ast::types::Range;
+use crate::checks::{Check, CheckKind};
+use crate::flake8_bandit::helpers::{matches_password_name, string_literal};
+
+/// S106
+pub fn hardcoded_password_func_arg(keywords: &[Keyword]) -> Vec<Check> {
+    keywords
+        .iter()
+        .filter_map(|keyword| {
+            if let Some(string) = string_literal(&keyword.node.value) {
+                if let Some(arg) = &keyword.node.arg {
+                    if matches_password_name(arg) {
+                        return Some(Check::new(
+                            CheckKind::HardcodedPasswordFuncArg(string.to_string()),
+                            Range::from_located(keyword),
+                        ));
+                    }
+                }
+            }
+            None
+        })
+        .collect()
+}
--- a/src/flake8_bandit/plugins/hardcoded_password_string.rs
+++ b/src/flake8_bandit/plugins/hardcoded_password_string.rs
@@ -0,0 +1,58 @@
+use rustpython_ast::{Constant, Expr, ExprKind};
+
+use crate::ast::types::Range;
+use crate::checks::{Check, CheckKind};
+use crate::flake8_bandit::helpers::{matches_password_name, string_literal};
+
+fn is_password_target(target: &Expr) -> bool {
+    let target_name = match &target.node {
+        // variable = "s3cr3t"
+        ExprKind::Name { id, .. } => id,
+        // d["password"] = "s3cr3t"
+        ExprKind::Subscript { slice, .. } => match &slice.node {
+            ExprKind::Constant {
+                value: Constant::Str(string),
+                ..
+            } => string,
+            _ => return false,
+        },
+        // obj.password = "s3cr3t"
+        ExprKind::Attribute { attr, .. } => attr,
+        _ => return false,
+    };
+
+    matches_password_name(target_name)
+}
+
+/// S105
+pub fn compare_to_hardcoded_password_string(left: &Expr, comparators: &[Expr]) -> Vec<Check> {
+    comparators
+        .iter()
+        .filter_map(|comp| {
+            if let Some(string) = string_literal(comp) {
+                if is_password_target(left) {
+                    return Some(Check::new(
+                        CheckKind::HardcodedPasswordString(string.to_string()),
+                        Range::from_located(comp),
+                    ));
+                }
+            }
+            None
+        })
+        .collect()
+}
+
+/// S105
+pub fn assign_hardcoded_password_string(value: &Expr, targets: &Vec<Expr>) -> Option<Check> {
+    if let Some(string) = string_literal(value) {
+        for target in targets {
+            if is_password_target(target) {
+                return Some(Check::new(
+                    CheckKind::HardcodedPasswordString(string.to_string()),
+                    Range::from_located(value),
+                ));
+            }
+        }
+    }
+    None
+}
--- a/src/flake8_bandit/plugins/mod.rs
+++ b/src/flake8_bandit/plugins/mod.rs
@@ -0,0 +1,15 @@
+pub use assert_used::assert_used;
+pub use exec_used::exec_used;
+pub use hardcoded_bind_all_interfaces::hardcoded_bind_all_interfaces;
+pub use hardcoded_password_default::hardcoded_password_default;
+pub use hardcoded_password_func_arg::hardcoded_password_func_arg;
+pub use hardcoded_password_string::{
+    assign_hardcoded_password_string, compare_to_hardcoded_password_string,
+};
+
+mod assert_used;
+mod exec_used;
+mod hardcoded_bind_all_interfaces;
+mod hardcoded_password_default;
+mod hardcoded_password_func_arg;
+mod hardcoded_password_string;
--- a/src/flake8_bugbear/mod.rs
+++ b/src/flake8_bugbear/mod.rs
@@ -1,2 +1,36 @@
 mod constants;
 pub mod plugins;
+pub mod settings;
+
+#[cfg(test)]
+mod tests {
+    use std::path::Path;
+
+    use anyhow::Result;
+
+    use crate::autofix::fixer;
+    use crate::checks::CheckCode;
+    use crate::linter::test_path;
+    use crate::{flake8_bugbear, Settings};
+
+    #[test]
+    fn extend_immutable_calls() -> Result<()> {
+        let snapshot = "extend_immutable_calls".to_string();
+        let mut checks = test_path(
+            Path::new("./resources/test/fixtures/B008_extended.py"),
+            &Settings {
+                flake8_bugbear: flake8_bugbear::settings::Settings {
+                    extend_immutable_calls: vec![
+                        "fastapi.Depends".to_string(),
+                        "fastapi.Query".to_string(),
+                    ],
+                },
+                ..Settings::for_rules(vec![CheckCode::B008])
+            },
+            &fixer::Mode::Generate,
+        )?;
+        checks.sort_by_key(|check| check.location);
+        insta::assert_yaml_snapshot!(snapshot, checks);
+        Ok(())
+    }
+}
--- a/src/flake8_bugbear/plugins/function_call_argument_default.rs
+++ b/src/flake8_bugbear/plugins/function_call_argument_default.rs
@@ -1,3 +1,4 @@
+use fnv::{FnvHashMap, FnvHashSet};
 use rustpython_ast::{Arguments, Constant, Expr, ExprKind};

 use crate::ast::helpers::compose_call_path;
@@ -8,38 +9,69 @@ use crate::check_ast::Checker;
 use crate::checks::{Check, CheckKind};
 use crate::flake8_bugbear::plugins::mutable_argument_default::is_mutable_func;

-// TODO(charlie): Verify imports for each of the imported members.
-const IMMUTABLE_FUNCS: [&str; 11] = [
+const IMMUTABLE_FUNCS: [&str; 7] = [
    "tuple",
    "frozenset",
    "operator.attrgetter",
    "operator.itemgetter",
    "operator.methodcaller",
-    "attrgetter",
-    "itemgetter",
-    "methodcaller",
    "types.MappingProxyType",
-    "MappingProxyType",
    "re.compile",
 ];

-fn is_immutable_func(expr: &Expr) -> bool {
-    compose_call_path(expr).map_or_else(|| false, |func| IMMUTABLE_FUNCS.contains(&func.as_str()))
+fn is_immutable_func(
+    expr: &Expr,
+    extend_immutable_calls: &[&str],
+    from_imports: &FnvHashMap<&str, FnvHashSet<&str>>,
+) -> bool {
+    compose_call_path(expr).map_or_else(
+        || false,
+        |call_path| {
+            // It matches the call path exactly (`operator.methodcaller`).
+            for target in IMMUTABLE_FUNCS.iter().chain(extend_immutable_calls) {
+                if &call_path == target {
+                    return true;
+                }
+            }
+
+            // It matches the member name, and was imported from that module (`methodcaller`
+            // following `from operator import methodcaller`).
+            if !call_path.contains('.') {
+                for target in IMMUTABLE_FUNCS.iter().chain(extend_immutable_calls) {
+                    let mut splitter = target.rsplit('.');
+                    if let (Some(member), Some(module)) = (splitter.next(), splitter.next()) {
+                        if call_path == member
+                            && from_imports
+                                .get(module)
+                                .map(|module| module.contains(member))
+                                .unwrap_or(false)
+                        {
+                            return true;
+                        }
+                    }
+                }
+            }
+
+            false
+        },
+    )
 }

-struct ArgumentDefaultVisitor {
+struct ArgumentDefaultVisitor<'a> {
    checks: Vec<(CheckKind, Range)>,
+    extend_immutable_calls: &'a [&'a str],
+    from_imports: &'a FnvHashMap<&'a str, FnvHashSet<&'a str>>,
 }

-impl<'a, 'b> Visitor<'b> for ArgumentDefaultVisitor
+impl<'a, 'b> Visitor<'b> for ArgumentDefaultVisitor<'b>
 where
    'b: 'a,
 {
-    fn visit_expr(&mut self, expr: &'a Expr) {
+    fn visit_expr(&mut self, expr: &'b Expr) {
        match &expr.node {
            ExprKind::Call { func, args, .. } => {
-                if !is_mutable_func(func)
-                    && !is_immutable_func(func)
+                if !is_mutable_func(func, self.from_imports)
+                    && !is_immutable_func(func, self.extend_immutable_calls, self.from_imports)
                    && !is_nan_or_infinity(func, args)
                {
                    self.checks.push((
@@ -83,7 +115,18 @@ fn is_nan_or_infinity(expr: &Expr, args: &[Expr]) -> bool {

 /// B008
 pub fn function_call_argument_default(checker: &mut Checker, arguments: &Arguments) {
-    let mut visitor = ArgumentDefaultVisitor { checks: vec![] };
+    let extend_immutable_cells: Vec<&str> = checker
+        .settings
+        .flake8_bugbear
+        .extend_immutable_calls
+        .iter()
+        .map(|s| s.as_str())
+        .collect();
+    let mut visitor = ArgumentDefaultVisitor {
+        checks: vec![],
+        extend_immutable_calls: &extend_immutable_cells,
+        from_imports: &checker.from_imports,
+    };
    for expr in arguments
        .defaults
        .iter()
--- a/src/flake8_bugbear/plugins/mutable_argument_default.rs
+++ b/src/flake8_bugbear/plugins/mutable_argument_default.rs
@@ -1,33 +1,53 @@
+use fnv::{FnvHashMap, FnvHashSet};
 use rustpython_ast::{Arguments, Expr, ExprKind};

+use crate::ast::helpers::compose_call_path;
 use crate::ast::types::Range;
 use crate::check_ast::Checker;
 use crate::checks::{Check, CheckKind};

-// TODO(charlie): Verify imports for each of the imported members.
-pub fn is_mutable_func(expr: &Expr) -> bool {
-    match &expr.node {
-        ExprKind::Name { id, .. }
-            if id == "dict"
-                || id == "list"
-                || id == "set"
-                || id == "Counter"
-                || id == "OrderedDict"
-                || id == "defaultdict"
-                || id == "deque" =>
-        {
-            true
-        }
-        ExprKind::Attribute { value, attr, .. }
-            if (attr == "Counter"
-                || attr == "OrderedDict"
-                || attr == "defaultdict"
-                || attr == "deque") =>
-        {
-            matches!(&value.node, ExprKind::Name { id, .. } if id == "collections")
-        }
-        _ => false,
-    }
+const MUTABLE_FUNCS: [&str; 7] = [
+    "dict",
+    "list",
+    "set",
+    "collections.Counter",
+    "collections.OrderedDict",
+    "collections.defaultdict",
+    "collections.deque",
+];
+
+pub fn is_mutable_func(expr: &Expr, from_imports: &FnvHashMap<&str, FnvHashSet<&str>>) -> bool {
+    compose_call_path(expr).map_or_else(
+        || false,
+        |call_path| {
+            // It matches the call path exactly (`collections.Counter`).
+            for target in MUTABLE_FUNCS {
+                if call_path == target {
+                    return true;
+                }
+            }
+
+            // It matches the member name, and was imported from that module (`Counter`
+            // following `from collections import Counter`).
+            if !call_path.contains('.') {
+                for target in MUTABLE_FUNCS {
+                    let mut splitter = target.rsplit('.');
+                    if let (Some(member), Some(module)) = (splitter.next(), splitter.next()) {
+                        if call_path == member
+                            && from_imports
+                                .get(module)
+                                .map(|module| module.contains(member))
+                                .unwrap_or(false)
+                        {
+                            return true;
+                        }
+                    }
+                }
+            }
+
+            false
+        },
+    )
 }

 /// B006
@@ -50,7 +70,7 @@ pub fn mutable_argument_default(checker: &mut Checker, arguments: &Arguments) {
                ));
            }
            ExprKind::Call { func, .. } => {
-                if is_mutable_func(func) {
+                if is_mutable_func(func, &checker.from_imports) {
                    checker.add_check(Check::new(
                        CheckKind::MutableArgumentDefault,
                        Range::from_located(expr),
--- a/src/flake8_bugbear/plugins/unused_loop_control_variable.rs
+++ b/src/flake8_bugbear/plugins/unused_loop_control_variable.rs
@@ -1,5 +1,4 @@
-use std::collections::BTreeMap;
-
+use fnv::FnvHashMap;
 use rustpython_ast::{Expr, ExprKind, Stmt};

 use crate::ast::types::Range;
@@ -12,7 +11,7 @@ use crate::checks::{Check, CheckKind};
 /// Identify all `ExprKind::Name` nodes in an AST.
 struct NameFinder<'a> {
    /// A map from identifier to defining expression.
-    names: BTreeMap<&'a str, &'a Expr>,
+    names: FnvHashMap<&'a str, &'a Expr>,
 }

 impl NameFinder<'_> {
--- a/src/flake8_bugbear/settings.rs
+++ b/src/flake8_bugbear/settings.rs
@@ -0,0 +1,22 @@
+//! Settings for the `pep8-naming` plugin.
+
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, PartialEq, Eq, Serialize, Deserialize, Default)]
+#[serde(deny_unknown_fields, rename_all = "kebab-case")]
+pub struct Options {
+    pub extend_immutable_calls: Option<Vec<String>>,
+}
+
+#[derive(Debug, Hash, Default)]
+pub struct Settings {
+    pub extend_immutable_calls: Vec<String>,
+}
+
+impl Settings {
+    pub fn from_options(options: Options) -> Self {
+        Self {
+            extend_immutable_calls: options.extend_immutable_calls.unwrap_or_default(),
+        }
+    }
+}
--- a/src/flake8_bugbear/snapshots/ruff__flake8_bugbeartestsextend_immutable_calls.snap
+++ b/src/flake8_bugbear/snapshots/ruff__flake8_bugbeartestsextend_immutable_calls.snap
@@ -0,0 +1,13 @@
+---
+source: src/flake8_bugbear/mod.rs
+expression: checks
+---
+- kind: FunctionCallArgumentDefault
+  location:
+    row: 19
+    column: 50
+  end_location:
+    row: 19
+    column: 63
+  fix: ~
+
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -29,7 +29,8 @@ mod directives;
 mod docstrings;
 mod flake8_2020;
 pub mod flake8_annotations;
-mod flake8_bugbear;
+pub mod flake8_bandit;
+pub mod flake8_bugbear;
 mod flake8_builtins;
 mod flake8_comprehensions;
 mod flake8_print;
--- a/src/linter.rs
+++ b/src/linter.rs
@@ -469,6 +469,12 @@ mod tests {
    #[test_case(CheckCode::N816, Path::new("N816.py"); "N816")]
    #[test_case(CheckCode::N817, Path::new("N817.py"); "N817")]
    #[test_case(CheckCode::N818, Path::new("N818.py"); "N818")]
+    #[test_case(CheckCode::S101, Path::new("S101.py"); "S101")]
+    #[test_case(CheckCode::S102, Path::new("S102.py"); "S102")]
+    #[test_case(CheckCode::S104, Path::new("S104.py"); "S104")]
+    #[test_case(CheckCode::S105, Path::new("S105.py"); "S105")]
+    #[test_case(CheckCode::S106, Path::new("S106.py"); "S106")]
+    #[test_case(CheckCode::S107, Path::new("S107.py"); "S107")]
    #[test_case(CheckCode::T201, Path::new("T201.py"); "T201")]
    #[test_case(CheckCode::T203, Path::new("T203.py"); "T203")]
    #[test_case(CheckCode::U001, Path::new("U001.py"); "U001")]
--- a/src/python/typing.rs
+++ b/src/python/typing.rs
@@ -1,11 +1,10 @@
-use std::collections::{BTreeMap, BTreeSet};
-
+use fnv::{FnvHashMap, FnvHashSet};
 use once_cell::sync::Lazy;
 use rustpython_ast::{Expr, ExprKind};

 // See: https://pypi.org/project/typing-extensions/
-static TYPING_EXTENSIONS: Lazy<BTreeSet<&'static str>> = Lazy::new(|| {
-    BTreeSet::from([
+static TYPING_EXTENSIONS: Lazy<FnvHashSet<&'static str>> = Lazy::new(|| {
+    FnvHashSet::from_iter([
        "Annotated",
        "Any",
        "AsyncContextManager",
@@ -64,9 +63,9 @@ pub fn in_extensions(name: &str) -> bool {
 }

 // See: https://docs.python.org/3/library/typing.html
-static IMPORTED_SUBSCRIPTS: Lazy<BTreeMap<&'static str, BTreeSet<&'static str>>> =
+static IMPORTED_SUBSCRIPTS: Lazy<FnvHashMap<&'static str, FnvHashSet<&'static str>>> =
    Lazy::new(|| {
-        let mut import_map = BTreeMap::new();
+        let mut import_map = FnvHashMap::default();
        for (name, module) in [
            // `collections`
            ("ChainMap", "collections"),
@@ -183,7 +182,7 @@ static IMPORTED_SUBSCRIPTS: Lazy<BTreeMap<&'static str, BTreeSet<&'static str>>>
        ] {
            import_map
                .entry(name)
-                .or_insert_with(BTreeSet::new)
+                .or_insert_with(FnvHashSet::default)
                .insert(module);
        }
        import_map
@@ -191,13 +190,13 @@ static IMPORTED_SUBSCRIPTS: Lazy<BTreeMap<&'static str, BTreeSet<&'static str>>>

 // These are all assumed to come from the `typing` module.
 // See: https://peps.python.org/pep-0585/
-static PEP_585_BUILTINS_ELIGIBLE: Lazy<BTreeSet<&'static str>> =
-    Lazy::new(|| BTreeSet::from(["Dict", "FrozenSet", "List", "Set", "Tuple", "Type"]));
+static PEP_585_BUILTINS_ELIGIBLE: Lazy<FnvHashSet<&'static str>> =
+    Lazy::new(|| FnvHashSet::from_iter(["Dict", "FrozenSet", "List", "Set", "Tuple", "Type"]));

 // These are all assumed to come from the `typing` module.
 // See: https://peps.python.org/pep-0585/
-static PEP_585_BUILTINS: Lazy<BTreeSet<&'static str>> =
-    Lazy::new(|| BTreeSet::from(["dict", "frozenset", "list", "set", "tuple", "type"]));
+static PEP_585_BUILTINS: Lazy<FnvHashSet<&'static str>> =
+    Lazy::new(|| FnvHashSet::from_iter(["dict", "frozenset", "list", "set", "tuple", "type"]));

 fn is_pep593_annotated_subscript(name: &str) -> bool {
    name == "Annotated"
@@ -210,7 +209,7 @@ pub enum SubscriptKind {

 pub fn match_annotated_subscript(
    expr: &Expr,
-    imports: &BTreeMap<&str, BTreeSet<&str>>,
+    imports: &FnvHashMap<&str, FnvHashSet<&str>>,
 ) -> Option<SubscriptKind> {
    match &expr.node {
        ExprKind::Attribute { attr, value, .. } => {
@@ -261,7 +260,7 @@ pub fn match_annotated_subscript(
 /// Returns `true` if `Expr` represents a reference to a typing object with a
 /// PEP 585 built-in. Note that none of the PEP 585 built-ins are in
 /// `typing_extensions`.
-pub fn is_pep585_builtin(expr: &Expr, typing_imports: Option<&BTreeSet<&str>>) -> bool {
+pub fn is_pep585_builtin(expr: &Expr, typing_imports: Option<&FnvHashSet<&str>>) -> bool {
    match &expr.node {
        ExprKind::Attribute { attr, value, .. } => {
            if let ExprKind::Name { id, .. } = &value.node {
--- a/src/pyupgrade/checks.rs
+++ b/src/pyupgrade/checks.rs
@@ -1,5 +1,4 @@
-use std::collections::BTreeSet;
-
+use fnv::FnvHashSet;
 use rustpython_ast::{Constant, KeywordData};
 use rustpython_parser::ast::{ArgData, Expr, ExprKind, Stmt, StmtKind};

@@ -164,7 +163,7 @@ pub fn type_of_primitive(func: &Expr, args: &[Expr], location: Range) -> Option<
 pub fn unnecessary_lru_cache_params(
    decorator_list: &[Expr],
    target_version: PythonVersion,
-    imports: Option<&BTreeSet<&str>>,
+    imports: Option<&FnvHashSet<&str>>,
 ) -> Option<Check> {
    for expr in decorator_list.iter() {
        if let ExprKind::Call {
--- a/src/pyupgrade/plugins/deprecated_unittest_alias.rs
+++ b/src/pyupgrade/plugins/deprecated_unittest_alias.rs
@@ -1,5 +1,4 @@
-use std::collections::BTreeMap;
-
+use fnv::FnvHashMap;
 use once_cell::sync::Lazy;
 use rustpython_ast::{Expr, ExprKind};

@@ -8,8 +7,8 @@ use crate::autofix::Fix;
 use crate::check_ast::Checker;
 use crate::checks::{Check, CheckKind};

-static DEPRECATED_ALIASES: Lazy<BTreeMap<&'static str, &'static str>> = Lazy::new(|| {
-    BTreeMap::from([
+static DEPRECATED_ALIASES: Lazy<FnvHashMap<&'static str, &'static str>> = Lazy::new(|| {
+    FnvHashMap::from_iter([
        ("failUnlessEqual", "assertEqual"),
        ("assertEquals", "assertEqual"),
        ("failIfEqual", "assertNotEqual"),
--- a/src/rules/checks.rs
+++ b/src/rules/checks.rs
@@ -1,5 +1,4 @@
-use std::collections::BTreeMap;
-
+use fnv::FnvHashMap;
 use once_cell::sync::Lazy;
 use rustpython_ast::Location;

@@ -10,8 +9,8 @@ use crate::source_code_locator::SourceCodeLocator;
 use crate::Check;

 /// See: https://github.com/microsoft/vscode/blob/095ddabc52b82498ee7f718a34f9dd11d59099a8/src/vs/base/common/strings.ts#L1094
-static CONFUSABLES: Lazy<BTreeMap<u32, u32>> = Lazy::new(|| {
-    BTreeMap::from([
+static CONFUSABLES: Lazy<FnvHashMap<u32, u32>> = Lazy::new(|| {
+    FnvHashMap::from_iter([
        (8232, 32),
        (8233, 32),
        (5760, 32),
--- a/src/settings/configuration.rs
+++ b/src/settings/configuration.rs
@@ -12,7 +12,7 @@ use regex::Regex;
 use crate::checks_gen::CheckCodePrefix;
 use crate::settings::pyproject::load_options;
 use crate::settings::types::{FilePattern, PerFileIgnore, PythonVersion};
-use crate::{flake8_annotations, flake8_quotes, fs, isort, pep8_naming};
+use crate::{flake8_annotations, flake8_bugbear, flake8_quotes, fs, isort, pep8_naming};

 #[derive(Debug)]
 pub struct Configuration {
@@ -30,6 +30,7 @@ pub struct Configuration {
    pub target_version: PythonVersion,
    // Plugins
    pub flake8_annotations: flake8_annotations::settings::Settings,
+    pub flake8_bugbear: flake8_bugbear::settings::Settings,
    pub flake8_quotes: flake8_quotes::settings::Settings,
    pub isort: isort::settings::Settings,
    pub pep8_naming: pep8_naming::settings::Settings,
@@ -133,6 +134,10 @@ impl Configuration {
                .flake8_annotations
                .map(flake8_annotations::settings::Settings::from_options)
                .unwrap_or_default(),
+            flake8_bugbear: options
+                .flake8_bugbear
+                .map(flake8_bugbear::settings::Settings::from_options)
+                .unwrap_or_default(),
            flake8_quotes: options
                .flake8_quotes
                .map(flake8_quotes::settings::Settings::from_options)
--- a/src/settings/mod.rs
+++ b/src/settings/mod.rs
@@ -2,10 +2,10 @@
 //! command-line options. Structure is optimized for internal usage, as opposed
 //! to external visibility or parsing.

-use std::collections::BTreeSet;
 use std::hash::{Hash, Hasher};
 use std::path::PathBuf;

+use fnv::FnvHashSet;
 use path_absolutize::path_dedot;
 use regex::Regex;

@@ -13,7 +13,7 @@ use crate::checks::CheckCode;
 use crate::checks_gen::{CheckCodePrefix, PrefixSpecificity};
 use crate::settings::configuration::Configuration;
 use crate::settings::types::{FilePattern, PerFileIgnore, PythonVersion};
-use crate::{flake8_annotations, flake8_quotes, isort, pep8_naming};
+use crate::{flake8_annotations, flake8_bugbear, flake8_quotes, isort, pep8_naming};

 pub mod configuration;
 pub mod options;
@@ -24,7 +24,7 @@ pub mod user;
 #[derive(Debug)]
 pub struct Settings {
    pub dummy_variable_rgx: Regex,
-    pub enabled: BTreeSet<CheckCode>,
+    pub enabled: FnvHashSet<CheckCode>,
    pub exclude: Vec<FilePattern>,
    pub extend_exclude: Vec<FilePattern>,
    pub line_length: usize,
@@ -33,6 +33,7 @@ pub struct Settings {
    pub target_version: PythonVersion,
    // Plugins
    pub flake8_annotations: flake8_annotations::settings::Settings,
+    pub flake8_bugbear: flake8_bugbear::settings::Settings,
    pub flake8_quotes: flake8_quotes::settings::Settings,
    pub isort: isort::settings::Settings,
    pub pep8_naming: pep8_naming::settings::Settings,
@@ -51,6 +52,7 @@ impl Settings {
            exclude: config.exclude,
            extend_exclude: config.extend_exclude,
            flake8_annotations: config.flake8_annotations,
+            flake8_bugbear: config.flake8_bugbear,
            flake8_quotes: config.flake8_quotes,
            isort: config.isort,
            line_length: config.line_length,
@@ -64,7 +66,7 @@ impl Settings {
    pub fn for_rule(check_code: CheckCode) -> Self {
        Self {
            dummy_variable_rgx: Regex::new("^(_+|(_+[a-zA-Z0-9_]*[a-zA-Z0-9]+?))$").unwrap(),
-            enabled: BTreeSet::from([check_code]),
+            enabled: FnvHashSet::from_iter([check_code]),
            exclude: Default::default(),
            extend_exclude: Default::default(),
            line_length: 88,
@@ -72,6 +74,7 @@ impl Settings {
            src: vec![path_dedot::CWD.clone()],
            target_version: PythonVersion::Py310,
            flake8_annotations: Default::default(),
+            flake8_bugbear: Default::default(),
            flake8_quotes: Default::default(),
            isort: Default::default(),
            pep8_naming: Default::default(),
@@ -81,7 +84,7 @@ impl Settings {
    pub fn for_rules(check_codes: Vec<CheckCode>) -> Self {
        Self {
            dummy_variable_rgx: Regex::new("^(_+|(_+[a-zA-Z0-9_]*[a-zA-Z0-9]+?))$").unwrap(),
-            enabled: BTreeSet::from_iter(check_codes),
+            enabled: FnvHashSet::from_iter(check_codes),
            exclude: Default::default(),
            extend_exclude: Default::default(),
            line_length: 88,
@@ -89,6 +92,7 @@ impl Settings {
            src: vec![path_dedot::CWD.clone()],
            target_version: PythonVersion::Py310,
            flake8_annotations: Default::default(),
+            flake8_bugbear: Default::default(),
            flake8_quotes: Default::default(),
            isort: Default::default(),
            pep8_naming: Default::default(),
@@ -123,8 +127,8 @@ fn resolve_codes(
    extend_select: &[CheckCodePrefix],
    ignore: &[CheckCodePrefix],
    extend_ignore: &[CheckCodePrefix],
-) -> BTreeSet<CheckCode> {
-    let mut codes: BTreeSet<CheckCode> = BTreeSet::new();
+) -> FnvHashSet<CheckCode> {
+    let mut codes: FnvHashSet<CheckCode> = FnvHashSet::default();
    for specificity in [
        PrefixSpecificity::Category,
        PrefixSpecificity::Hundreds,
@@ -161,7 +165,7 @@ fn resolve_codes(

 #[cfg(test)]
 mod tests {
-    use std::collections::BTreeSet;
+    use fnv::FnvHashSet;

    use crate::checks::CheckCode;
    use crate::checks_gen::CheckCodePrefix;
@@ -170,19 +174,19 @@ mod tests {
    #[test]
    fn resolver() {
        let actual = resolve_codes(&[CheckCodePrefix::W], &[], &[], &[]);
-        let expected = BTreeSet::from_iter([CheckCode::W292, CheckCode::W605]);
+        let expected = FnvHashSet::from_iter([CheckCode::W292, CheckCode::W605]);
        assert_eq!(actual, expected);

        let actual = resolve_codes(&[CheckCodePrefix::W6], &[], &[], &[]);
-        let expected = BTreeSet::from_iter([CheckCode::W605]);
+        let expected = FnvHashSet::from_iter([CheckCode::W605]);
        assert_eq!(actual, expected);

        let actual = resolve_codes(&[CheckCodePrefix::W], &[], &[CheckCodePrefix::W292], &[]);
-        let expected = BTreeSet::from_iter([CheckCode::W605]);
+        let expected = FnvHashSet::from_iter([CheckCode::W605]);
        assert_eq!(actual, expected);

        let actual = resolve_codes(&[CheckCodePrefix::W605], &[], &[CheckCodePrefix::W605], &[]);
-        let expected = BTreeSet::from_iter([]);
+        let expected = FnvHashSet::from_iter([]);
        assert_eq!(actual, expected);
    }
 }
--- a/src/settings/options.rs
+++ b/src/settings/options.rs
@@ -6,7 +6,7 @@ use serde::{Deserialize, Serialize};

 use crate::checks_gen::CheckCodePrefix;
 use crate::settings::types::PythonVersion;
-use crate::{flake8_annotations, flake8_quotes, isort, pep8_naming};
+use crate::{flake8_annotations, flake8_bugbear, flake8_quotes, isort, pep8_naming};

 #[derive(Debug, PartialEq, Eq, Serialize, Deserialize, Default)]
 #[serde(deny_unknown_fields, rename_all = "kebab-case")]
@@ -19,13 +19,15 @@ pub struct Options {
    pub fix: Option<bool>,
    pub ignore: Option<Vec<CheckCodePrefix>>,
    pub line_length: Option<usize>,
-    pub per_file_ignores: Option<BTreeMap<String, Vec<CheckCodePrefix>>>,
    pub select: Option<Vec<CheckCodePrefix>>,
    pub src: Option<Vec<String>>,
    pub target_version: Option<PythonVersion>,
    // Plugins
    pub flake8_annotations: Option<flake8_annotations::settings::Options>,
+    pub flake8_bugbear: Option<flake8_bugbear::settings::Options>,
    pub flake8_quotes: Option<flake8_quotes::settings::Options>,
    pub isort: Option<isort::settings::Options>,
    pub pep8_naming: Option<pep8_naming::settings::Options>,
+    // Tables are required to go last.
+    pub per_file_ignores: Option<BTreeMap<String, Vec<CheckCodePrefix>>>,
 }
--- a/src/settings/pyproject.rs
+++ b/src/settings/pyproject.rs
@@ -109,7 +109,7 @@ mod tests {
        find_project_root, find_pyproject_toml, parse_pyproject_toml, Options, Pyproject, Tools,
    };
    use crate::settings::types::PatternPrefixPair;
-    use crate::{flake8_quotes, pep8_naming};
+    use crate::{flake8_bugbear, flake8_quotes, pep8_naming};

    #[test]
    fn deserialize() -> Result<()> {
@@ -146,6 +146,7 @@ mod tests {
                    src: None,
                    target_version: None,
                    flake8_annotations: None,
+                    flake8_bugbear: None,
                    flake8_quotes: None,
                    isort: None,
                    pep8_naming: None,
@@ -177,6 +178,7 @@ line-length = 79
                    src: None,
                    target_version: None,
                    flake8_annotations: None,
+                    flake8_bugbear: None,
                    flake8_quotes: None,
                    isort: None,
                    pep8_naming: None,
@@ -208,6 +210,7 @@ exclude = ["foo.py"]
                    src: None,
                    target_version: None,
                    flake8_annotations: None,
+                    flake8_bugbear: None,
                    flake8_quotes: None,
                    isort: None,
                    pep8_naming: None,
@@ -239,6 +242,7 @@ select = ["E501"]
                    src: None,
                    target_version: None,
                    flake8_annotations: None,
+                    flake8_bugbear: None,
                    flake8_quotes: None,
                    isort: None,
                    pep8_naming: None,
@@ -271,6 +275,7 @@ ignore = ["E501"]
                    src: None,
                    target_version: None,
                    flake8_annotations: None,
+                    flake8_bugbear: None,
                    flake8_quotes: None,
                    isort: None,
                    pep8_naming: None,
@@ -349,6 +354,12 @@ other-attribute = 1
                src: None,
                target_version: None,
                flake8_annotations: None,
+                flake8_bugbear: Some(flake8_bugbear::settings::Options {
+                    extend_immutable_calls: Some(vec![
+                        "fastapi.Depends".to_string(),
+                        "fastapi.Query".to_string(),
+                    ]),
+                }),
                flake8_quotes: Some(flake8_quotes::settings::Options {
                    inline_quotes: Some(Quote::Single),
                    multiline_quotes: Some(Quote::Double),
--- a/src/snapshots/rufflintertests__S101_S101.py.snap
+++ b/src/snapshots/rufflintertests__S101_S101.py.snap
@@ -0,0 +1,29 @@
+---
+source: src/linter.rs
+expression: checks
+---
+- kind: AssertUsed
+  location:
+    row: 2
+    column: 0
+  end_location:
+    row: 2
+    column: 11
+  fix: ~
+- kind: AssertUsed
+  location:
+    row: 8
+    column: 4
+  end_location:
+    row: 8
+    column: 17
+  fix: ~
+- kind: AssertUsed
+  location:
+    row: 11
+    column: 4
+  end_location:
+    row: 11
+    column: 17
+  fix: ~
+
--- a/src/snapshots/rufflintertests__S102_S102.py.snap
+++ b/src/snapshots/rufflintertests__S102_S102.py.snap
@@ -0,0 +1,21 @@
+---
+source: src/linter.rs
+expression: checks
+---
+- kind: ExecUsed
+  location:
+    row: 3
+    column: 4
+  end_location:
+    row: 3
+    column: 17
+  fix: ~
+- kind: ExecUsed
+  location:
+    row: 5
+    column: 0
+  end_location:
+    row: 5
+    column: 13
+  fix: ~
+
--- a/src/snapshots/rufflintertests__S104_S104.py.snap
+++ b/src/snapshots/rufflintertests__S104_S104.py.snap
@@ -0,0 +1,37 @@
+---
+source: src/linter.rs
+expression: checks
+---
+- kind: HardcodedBindAllInterfaces
+  location:
+    row: 9
+    column: 0
+  end_location:
+    row: 9
+    column: 9
+  fix: ~
+- kind: HardcodedBindAllInterfaces
+  location:
+    row: 10
+    column: 0
+  end_location:
+    row: 10
+    column: 9
+  fix: ~
+- kind: HardcodedBindAllInterfaces
+  location:
+    row: 14
+    column: 5
+  end_location:
+    row: 14
+    column: 14
+  fix: ~
+- kind: HardcodedBindAllInterfaces
+  location:
+    row: 18
+    column: 8
+  end_location:
+    row: 18
+    column: 17
+  fix: ~
+
--- a/src/snapshots/rufflintertests__S105_S105.py.snap
+++ b/src/snapshots/rufflintertests__S105_S105.py.snap
@@ -0,0 +1,311 @@
+---
+source: src/linter.rs
+expression: checks
+---
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 12
+    column: 11
+  end_location:
+    row: 12
+    column: 19
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 13
+    column: 8
+  end_location:
+    row: 13
+    column: 16
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 14
+    column: 9
+  end_location:
+    row: 14
+    column: 17
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 15
+    column: 6
+  end_location:
+    row: 15
+    column: 14
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 16
+    column: 9
+  end_location:
+    row: 16
+    column: 17
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 17
+    column: 8
+  end_location:
+    row: 17
+    column: 16
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 18
+    column: 10
+  end_location:
+    row: 18
+    column: 18
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 19
+    column: 18
+  end_location:
+    row: 19
+    column: 26
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 20
+    column: 18
+  end_location:
+    row: 20
+    column: 26
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 22
+    column: 16
+  end_location:
+    row: 22
+    column: 24
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 23
+    column: 12
+  end_location:
+    row: 23
+    column: 20
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 24
+    column: 14
+  end_location:
+    row: 24
+    column: 22
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 25
+    column: 11
+  end_location:
+    row: 25
+    column: 19
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 26
+    column: 14
+  end_location:
+    row: 26
+    column: 22
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 27
+    column: 13
+  end_location:
+    row: 27
+    column: 21
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 28
+    column: 15
+  end_location:
+    row: 28
+    column: 23
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 29
+    column: 23
+  end_location:
+    row: 29
+    column: 31
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 30
+    column: 23
+  end_location:
+    row: 30
+    column: 31
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 34
+    column: 15
+  end_location:
+    row: 34
+    column: 23
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 38
+    column: 19
+  end_location:
+    row: 38
+    column: 27
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 39
+    column: 16
+  end_location:
+    row: 39
+    column: 24
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 40
+    column: 17
+  end_location:
+    row: 40
+    column: 25
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 41
+    column: 14
+  end_location:
+    row: 41
+    column: 22
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 42
+    column: 17
+  end_location:
+    row: 42
+    column: 25
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 43
+    column: 16
+  end_location:
+    row: 43
+    column: 24
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 44
+    column: 18
+  end_location:
+    row: 44
+    column: 26
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 46
+    column: 12
+  end_location:
+    row: 46
+    column: 20
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 47
+    column: 9
+  end_location:
+    row: 47
+    column: 17
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 48
+    column: 10
+  end_location:
+    row: 48
+    column: 18
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 49
+    column: 7
+  end_location:
+    row: 49
+    column: 15
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 50
+    column: 10
+  end_location:
+    row: 50
+    column: 18
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 51
+    column: 9
+  end_location:
+    row: 51
+    column: 17
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 52
+    column: 11
+  end_location:
+    row: 52
+    column: 19
+  fix: ~
+- kind:
+    HardcodedPasswordString: s3cr3t
+  location:
+    row: 53
+    column: 20
+  end_location:
+    row: 53
+    column: 28
+  fix: ~
+
--- a/src/snapshots/rufflintertests__S106_S106.py.snap
+++ b/src/snapshots/rufflintertests__S106_S106.py.snap
@@ -0,0 +1,14 @@
+---
+source: src/linter.rs
+expression: checks
+---
+- kind:
+    HardcodedPasswordFuncArg: s3cr3t
+  location:
+    row: 13
+    column: 8
+  end_location:
+    row: 13
+    column: 25
+  fix: ~
+
--- a/src/snapshots/rufflintertests__S107_S107.py.snap
+++ b/src/snapshots/rufflintertests__S107_S107.py.snap
@@ -0,0 +1,50 @@
+---
+source: src/linter.rs
+expression: checks
+---
+- kind:
+    HardcodedPasswordDefault: default
+  location:
+    row: 5
+    column: 28
+  end_location:
+    row: 5
+    column: 37
+  fix: ~
+- kind:
+    HardcodedPasswordDefault: posonly
+  location:
+    row: 13
+    column: 44
+  end_location:
+    row: 13
+    column: 53
+  fix: ~
+- kind:
+    HardcodedPasswordDefault: kwonly
+  location:
+    row: 21
+    column: 38
+  end_location:
+    row: 21
+    column: 46
+  fix: ~
+- kind:
+    HardcodedPasswordDefault: posonly
+  location:
+    row: 29
+    column: 38
+  end_location:
+    row: 29
+    column: 47
+  fix: ~
+- kind:
+    HardcodedPasswordDefault: kwonly
+  location:
+    row: 29
+    column: 61
+  end_location:
+    row: 29
+    column: 69
+  fix: ~
+
Author	SHA1	Message	Date
Charlie Marsh	695b06ba60	Bump version to 0.0.115	2022-11-12 16:46:26 -05:00
Charlie Marsh	3a2e6926d4	Include flake8-bugbear settings in flake8-to-ruff (#712 )	2022-11-12 16:46:12 -05:00
Charlie Marsh	d16c3a1186	Use an FNVHashSet for `settings.enabled` (#711 )	2022-11-12 16:36:56 -05:00
Charlie Marsh	53a2187f02	Run cargo fmt	2022-11-12 16:33:12 -05:00
Charlie Marsh	00b5d1059c	Validate that mutable and immutable defaults are imported (#710 )	2022-11-12 16:32:21 -05:00
Charlie Marsh	b7acf76aaf	Track all import-from members (#709 )	2022-11-12 16:10:43 -05:00
Charlie Marsh	8cfc0e5cf5	Use FnvHasher for unordered maps and sets (#708 )	2022-11-12 16:09:34 -05:00
Edgar R. M	aa7681f9ad	Add `extend-immutable-calls` setting for B008 (#706 )	2022-11-12 15:48:34 -05:00
Charlie Marsh	2493d48725	Add flake8-bandit to flake8-to-ruff (#701 )	2022-11-12 12:08:15 -05:00
Edgar R. M	1b422a7f12	Add `flake8-bandit` (#697 )	2022-11-12 12:04:49 -05:00
Charlie Marsh	da051624e4	Add backticks around functools.lru_cache	2022-11-12 11:56:23 -05:00