ci bandit (#211)

* ci_ bandit

* bandit

* bandit

.github/workflows/bandit.yml

@@ -0,0 +1,24 @@
+name: Security check - Bandit
+
+on: push
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Security check - Bandit
+      uses: ioggstream/[email protected]
+      with:
+        project_path: src
+        # ignore_failure: true
+
+    # This is optional
+    #- name: Security check report artifacts
+    #  uses: actions/upload-artifact@v4
+    #  with:
+    #    name: Security report
+    #    path: output/security_report.txt
+

.gitignore

@@ -44,6 +44,7 @@ reports/
 !.gitkeep
 !.travis.yml
 !src/redturtle
+!src/.bandit
 .Python
 src/redturtle/prenotazioni/locales/__pycache__/
 wget-log*

src/.bandit

@@ -0,0 +1,5 @@
+[bandit]
+exclude = tests,locales
+# token in vocabularies
+# ignore assert check
+skips = B106,B101

src/redturtle/prenotazioni/adapters/booker.py

@@ -120,7 +120,7 @@ def get_available_gate(self, booking_date, booking_expiration_date=None):
         )
         if len(available_gates) == 0:
             return None
-        return choice(list(available_gates))
+        return choice(list(available_gates))  # nosec B311
 
         # if len(available_gates) == 1:
         #    return available_gates[0]

src/redturtle/prenotazioni/locales/en/LC_MESSAGES/plone.po

@@ -0,0 +1,23 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"POT-Creation-Date: 2023-09-05 08:08+0000\n"
+"PO-Revision-Date: 2014-05-27 17:36+0200\n"
+"Last-Translator: Alessandro Pisa <[email protected]>\n"
+"Language-Team: American English <[email protected]>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0\n"
+"Language-Code: en\n"
+"Language-Name: English\n"
+"Preferred-Encodings: utf-8 latin1\n"
+"Domain: plone\n"
+"Language: en_US\n"
+"X-Generator: Lokalize 1.5\n"
+
+msgid "Can Manage Bookings"
+msgstr "Can Manage Bookings"
+
+msgid "confirmed"
+msgstr "Confirmed"