From 4c603df5ecfa3f0344c836d8550506c408b1d04e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Jan 2024 16:47:07 +0100 Subject: [PATCH 1/4] Update pdm-project/setup-pdm action to v3 (#26) --- .github/workflows/CI.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/CI.yaml b/.github/workflows/CI.yaml index 3a6e86cb..abdac411 100644 --- a/.github/workflows/CI.yaml +++ b/.github/workflows/CI.yaml @@ -20,7 +20,7 @@ jobs: python-version: ${{ matrix.python-version }} architecture: x64 - name: Setting up PDM - uses: pdm-project/setup-pdm@v2 + uses: pdm-project/setup-pdm@v3 with: python-version: ${{ matrix.python-version }} - name: Setting up NOX From 9f1bf8f4cea4bdf6101d2b7ee7812b2dea68f336 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Jan 2024 17:06:40 +0100 Subject: [PATCH 2/4] Update actions/setup-python action to v5 (#25) --- .github/workflows/CI.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/CI.yaml b/.github/workflows/CI.yaml index abdac411..65873ed0 100644 --- a/.github/workflows/CI.yaml +++ b/.github/workflows/CI.yaml @@ -15,7 +15,7 @@ jobs: name: Python ${{ matrix.python-version }} steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} architecture: x64 From 0dbb33bd8ef46df91de959475451f59a97234ebe Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Jan 2024 17:16:14 +0100 Subject: [PATCH 3/4] Update wntrblm/nox action to v2023 (#29) --- .github/workflows/CI.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/CI.yaml b/.github/workflows/CI.yaml index 65873ed0..054af385 100644 --- a/.github/workflows/CI.yaml +++ b/.github/workflows/CI.yaml @@ -24,7 +24,7 @@ jobs: with: python-version: ${{ matrix.python-version }} - name: Setting up NOX - uses: wntrblm/nox@2022.11.21 + uses: wntrblm/nox@2023.04.22 with: python-versions: ${{ matrix.python-version }} - name: "Linting tests" From eecd6595612325bf476d2326caeea95a281500e4 Mon Sep 17 00:00:00 2001 From: ioangatop Date: Wed, 17 Jan 2024 21:16:19 +0100 Subject: [PATCH 4/4] Add `bandit` as lint check (#19) --- noxfile.py | 3 +- pdm.lock | 115 ++++++++++++++++++++++++++++++++++++++++++++++++- pyproject.toml | 4 ++ 3 files changed, 120 insertions(+), 2 deletions(-) diff --git a/noxfile.py b/noxfile.py index 70745fc1..24738b0d 100644 --- a/noxfile.py +++ b/noxfile.py @@ -40,13 +40,14 @@ def fmt(session: nox.Session) -> None: @nox.session(python=PYTHON_VERSIONS[-1], tags=["lint"]) def lint(session: nox.Session) -> None: - """Checks the source code for programmatic and stylistic errors.""" + """Checks the source code for programmatic, stylistic and security violations.""" args = session.posargs or LOCATIONS session.run("pdm", "install", "--group", "lint", external=True) session.run("isort", "--check-only", *args) session.run("black", "--check", *args) session.run("ruff", *args) session.run("yamllint", *args) + session.run("bandit", "-q", "-c", "pyproject.toml", "-r", *args, external=True) @nox.session(python=PYTHON_VERSIONS[-1], tags=["check"]) diff --git a/pdm.lock b/pdm.lock index f04be95b..d6fb0b7b 100644 --- a/pdm.lock +++ b/pdm.lock @@ -5,7 +5,7 @@ groups = ["default", "dev", "lint", "test"] strategy = ["cross_platform"] lock_version = "4.4.1" -content_hash = "sha256:154635e812939ca5626f81d4d475b57315a38e6d8290d1f8cf73ff357558ed84" +content_hash = "sha256:1925ac892d6d3ba3e860d1697d3382804bfc7ede2d4746a084591ca4806125c9" [[package]] name = "aiohttp" @@ -112,6 +112,23 @@ files = [ {file = "attrs-23.2.0.tar.gz", hash = "sha256:935dc3b529c262f6cf76e50877d35a4bd3c1de194fd41f47a2b7ae8f19971f30"}, ] +[[package]] +name = "bandit" +version = "1.7.6" +requires_python = ">=3.8" +summary = "Security oriented static analyser for python code." +dependencies = [ + "GitPython>=3.1.30", + "PyYAML>=5.3.1", + "colorama>=0.3.9; platform_system == \"Windows\"", + "rich", + "stevedore>=1.20.0", +] +files = [ + {file = "bandit-1.7.6-py3-none-any.whl", hash = "sha256:36da17c67fc87579a5d20c323c8d0b1643a890a2b93f00b3d1229966624694ff"}, + {file = "bandit-1.7.6.tar.gz", hash = "sha256:72ce7bc9741374d96fb2f1c9a8960829885f1243ffde743de70a19cee353e8f3"}, +] + [[package]] name = "black" version = "23.12.1" @@ -439,6 +456,32 @@ files = [ {file = "fsspec-2023.12.2.tar.gz", hash = "sha256:8548d39e8810b59c38014934f6b31e57f40c1b20f911f4cc2b85389c7e9bf0cb"}, ] +[[package]] +name = "gitdb" +version = "4.0.11" +requires_python = ">=3.7" +summary = "Git Object Database" +dependencies = [ + "smmap<6,>=3.0.1", +] +files = [ + {file = "gitdb-4.0.11-py3-none-any.whl", hash = "sha256:81a3407ddd2ee8df444cbacea00e2d038e40150acfa3001696fe0dcf1d3adfa4"}, + {file = "gitdb-4.0.11.tar.gz", hash = "sha256:bf5421126136d6d0af55bc1e7c1af1c397a34f5b7bd79e776cd3e89785c2b04b"}, +] + +[[package]] +name = "gitpython" +version = "3.1.41" +requires_python = ">=3.7" +summary = "GitPython is a Python library used to interact with Git repositories" +dependencies = [ + "gitdb<5,>=4.0.1", +] +files = [ + {file = "GitPython-3.1.41-py3-none-any.whl", hash = "sha256:c36b6634d069b3f719610175020a9aed919421c87552185b085e04fbbdb10b7c"}, + {file = "GitPython-3.1.41.tar.gz", hash = "sha256:ed66e624884f76df22c8e16066d567aaa5a37d5b5fa19db2c6df6f7156db9048"}, +] + [[package]] name = "idna" version = "3.6" @@ -497,6 +540,19 @@ files = [ {file = "lightning_utilities-0.10.0-py3-none-any.whl", hash = "sha256:84d09b11fe9bc16c803ae5e412874748239d73ad2f3d1b90862f99ce15a03aa0"}, ] +[[package]] +name = "markdown-it-py" +version = "3.0.0" +requires_python = ">=3.8" +summary = "Python port of markdown-it. Markdown parsing, done right!" +dependencies = [ + "mdurl~=0.1", +] +files = [ + {file = "markdown-it-py-3.0.0.tar.gz", hash = "sha256:e3f60a94fa066dc52ec76661e37c851cb232d92f9886b15cb560aaada2df8feb"}, + {file = "markdown_it_py-3.0.0-py3-none-any.whl", hash = "sha256:355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1"}, +] + [[package]] name = "markupsafe" version = "2.1.3" @@ -536,6 +592,16 @@ files = [ {file = "MarkupSafe-2.1.3.tar.gz", hash = "sha256:af598ed32d6ae86f1b747b82783958b1a4ab8f617b06fe68795c7f026abbdcad"}, ] +[[package]] +name = "mdurl" +version = "0.1.2" +requires_python = ">=3.7" +summary = "Markdown URL utilities" +files = [ + {file = "mdurl-0.1.2-py3-none-any.whl", hash = "sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8"}, + {file = "mdurl-0.1.2.tar.gz", hash = "sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba"}, +] + [[package]] name = "mpmath" version = "1.3.0" @@ -818,6 +884,16 @@ files = [ {file = "pathspec-0.12.1.tar.gz", hash = "sha256:a482d51503a1ab33b1c67a6c3813a26953dbdc71c31dacaef9a838c4e29f5712"}, ] +[[package]] +name = "pbr" +version = "6.0.0" +requires_python = ">=2.6" +summary = "Python Build Reasonableness" +files = [ + {file = "pbr-6.0.0-py2.py3-none-any.whl", hash = "sha256:4a7317d5e3b17a3dccb6a8cfe67dab65b20551404c52c8ed41279fa4f0cb4cda"}, + {file = "pbr-6.0.0.tar.gz", hash = "sha256:d1377122a5a00e2f940ee482999518efe16d745d423a670c27773dfbc3c9a7d9"}, +] + [[package]] name = "platformdirs" version = "4.1.0" @@ -961,6 +1037,20 @@ files = [ {file = "requests-2.31.0.tar.gz", hash = "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1"}, ] +[[package]] +name = "rich" +version = "13.7.0" +requires_python = ">=3.7.0" +summary = "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal" +dependencies = [ + "markdown-it-py>=2.2.0", + "pygments<3.0.0,>=2.13.0", +] +files = [ + {file = "rich-13.7.0-py3-none-any.whl", hash = "sha256:6da14c108c4866ee9520bbffa71f6fe3962e193b7da68720583850cd4548e235"}, + {file = "rich-13.7.0.tar.gz", hash = "sha256:5cb5123b5cf9ee70584244246816e9114227e0b98ad9176eede6ad54bf5403fa"}, +] + [[package]] name = "ruff" version = "0.1.13" @@ -996,6 +1086,29 @@ files = [ {file = "setuptools-69.0.3.tar.gz", hash = "sha256:be1af57fc409f93647f2e8e4573a142ed38724b8cdd389706a867bb4efcf1e78"}, ] +[[package]] +name = "smmap" +version = "5.0.1" +requires_python = ">=3.7" +summary = "A pure Python implementation of a sliding window memory map manager" +files = [ + {file = "smmap-5.0.1-py3-none-any.whl", hash = "sha256:e6d8668fa5f93e706934a62d7b4db19c8d9eb8cf2adbb75ef1b675aa332b69da"}, + {file = "smmap-5.0.1.tar.gz", hash = "sha256:dceeb6c0028fdb6734471eb07c0cd2aae706ccaecab45965ee83f11c8d3b1f62"}, +] + +[[package]] +name = "stevedore" +version = "5.1.0" +requires_python = ">=3.8" +summary = "Manage dynamic plugins for Python applications" +dependencies = [ + "pbr!=2.1.0,>=2.0.0", +] +files = [ + {file = "stevedore-5.1.0-py3-none-any.whl", hash = "sha256:8cc040628f3cea5d7128f2e76cf486b2251a4e543c7b938f58d9a377f6694a2d"}, + {file = "stevedore-5.1.0.tar.gz", hash = "sha256:a54534acf9b89bc7ed264807013b505bf07f74dbe4bcfa37d32bd063870b087c"}, +] + [[package]] name = "sympy" version = "1.12" diff --git a/pyproject.toml b/pyproject.toml index f882acdb..c0cef4b0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -31,6 +31,7 @@ lint = [ "pyright>=1.1.295", "yamllint>=1.29.0", "nox>=2022.11.21", + "bandit>=1.7.6", ] test = [ "pygments>=2.14.0", @@ -62,6 +63,9 @@ convention = "google" [tool.ruff.flake8-quotes] docstring-quotes = "double" +[tool.bandit] +exclude_dirs = [".venv", "tests/**"] + [tool.pyright] pythonVersion = "3.10" reportInvalidStringEscapeSequence = false