Bandit, markdownlint, and prettier pre-commit fixes added

cisagov · Jan 29, 2024 · 3b1b192 · 3b1b192
1 parent 1fd8fe3
commit 3b1b192
Show file tree

Hide file tree

Showing 10 changed files with 258 additions and 267 deletions.
diff --git a/src/pe_asm/data/checkAccessor.py b/src/pe_asm/data/checkAccessor.py
@@ -16,7 +16,7 @@ def checkVMrunning():
         vmID = os.getenv("INSTANCE_ID")
         LOGGER.info(vmID)
 
-        checkAWS = os.popen(
+        checkAWS = os.popen(  # nosec HIGH SEV. B605
             f"""
             export AWS_DEFAULT_PROFILE=cool-dns-sesmanagesuppressionlist-cyber.dhs.gov &&
             aws ec2 describe-instance-status --instance-ids {vmID}
@@ -26,7 +26,7 @@ def checkVMrunning():
         checkAWS = checkAWS[1].split()
         checkAWS = checkAWS[2]
         if checkAWS == "running":
-            os.popen("screenConnectAccessor")
+            os.popen("screenConnectAccessor")  # nosec LOW SEV. B605, B607
             LOGGER.info(
                 "The accessor was running and screen has been connected. You can now login. "
             )
@@ -38,7 +38,7 @@ def checkVMrunning():
                 "attempting to access Accessor."
             )
             theInstance_ID = os.getenv("INSTANCE_ID")
-            os.popen(
+            os.popen(  # nosec HIGH SEV. B605
                 f"""export AWS_DEFAULT_PROFILE=cool-dns-sesmanagesuppressionlist-cyber.dhs.gov &&
                 aws ec2 start-instances --instance-ids {theInstance_ID}"""
             )
@@ -50,12 +50,12 @@ def checkVMrunning():
 
 def checkCyhyRunning():
     """Connect to Cyhy database."""
-    os.popen("tocyhy")
+    os.popen("tocyhy")  # nosec LOW SEV. B605, B607
 
 
 def kill_screen_ssh():
     """Kill all ssh connections."""
-    os.popen("killall ssh")
+    os.popen("killall ssh")  # nosec LOW SEV. B605, B607
     time.sleep(1)
 
 

diff --git a/src/pe_asm/port_scans/run_port_scans.py b/src/pe_asm/port_scans/run_port_scans.py
@@ -6,7 +6,7 @@
 import json
 import logging
 import re
-import subprocess
+import subprocess  # nosec LOW SEV. B404
 
 # Third-Party Libraries
 import pandas as pd
@@ -34,7 +34,7 @@ def get_cyhy_port_scans(staging):
     pe_orgs = query_pe_orgs(pe_db_conn)
 
     # Build the Go program
-    subprocess.run(
+    subprocess.run(  # nosec LOW SEV. B603, B607
         [
             "go",
             "build",
@@ -47,7 +47,7 @@ def get_cyhy_port_scans(staging):
     print("Go program built successfully.")
 
     # Call the Go program with the number of start and end days as arguments
-    result = subprocess.run(
+    result = subprocess.run(  # nosec LOW SEV. B603
         ["./src/pe_asm/port_scans/cyhybatcher", "7", "0", "DOE"],
         stdout=subprocess.PIPE,
         stderr=subprocess.PIPE,

diff --git a/src/pe_reports/data/checkAccessor.py b/src/pe_reports/data/checkAccessor.py
@@ -16,7 +16,7 @@ def checkVMrunning():
         vmID = os.getenv("INSTANCE_ID")
         LOGGER.info(vmID)
 
-        checkAWS = os.popen(
+        checkAWS = os.popen(  # nosec HIGH SEV. B605
             f"""
             export AWS_DEFAULT_PROFILE=cool-dns-sesmanagesuppressionlist-cyber.dhs.gov &&
             aws ec2 describe-instance-status --instance-ids {vmID}
@@ -26,7 +26,7 @@ def checkVMrunning():
         checkAWS = checkAWS[1].split()
         checkAWS = checkAWS[2]
         if checkAWS == "running":
-            os.popen("screenConnectAccessor")
+            os.popen("screenConnectAccessor")  # nosec LOW SEV. B605, B607
             LOGGER.info(
                 "The accessor was running and screen has been connected. You can now login. "
             )
@@ -38,7 +38,7 @@ def checkVMrunning():
                 "attempting to access Accessor."
             )
             theInstance_ID = os.getenv("INSTANCE_ID")
-            os.popen(
+            os.popen(  # nosec HIGH SEV. B605
                 f"""export AWS_DEFAULT_PROFILE=cool-dns-sesmanagesuppressionlist-cyber.dhs.gov &&
                 aws ec2 start-instances --instance-ids {theInstance_ID}"""
             )
@@ -50,12 +50,12 @@ def checkVMrunning():
 
 def checkCyhyRunning():
     """Connect to Cyhy database."""
-    os.popen("tocyhy")
+    os.popen("tocyhy")  # nosec LOW SEV. B605, B607
 
 
 def kill_screen_ssh():
     """Kill all ssh connections."""
-    os.popen("killall ssh")
+    os.popen("killall ssh")  # nosec LOW SEV. B605, B607
     time.sleep(1)
 
 

diff --git a/src/pe_reports/data/cyhy_db_query.py b/src/pe_reports/data/cyhy_db_query.py
@@ -131,6 +131,7 @@ def get_pe_org_map(pe_db_conn):
     return pe_org_map
 
 
+# Needs API conversion
 def insert_assets(conn, assets_df, table):
     """Insert CyHy assets into the P&E databse."""
     on_conflict = """
@@ -143,18 +144,19 @@ def insert_assets(conn, assets_df, table):
     """
     tpls = [tuple(x) for x in assets_df.to_numpy()]
     cols = ",".join(list(assets_df.columns))
-    sql = "INSERT INTO {}({}) VALUES %s".format(table, cols)
+    sql = "INSERT INTO {}({}) VALUES %s"
     sql = sql + on_conflict
     cursor = conn.cursor()
     try:
-        extras.execute_values(cursor, sql, tpls)
+        extras.execute_values(cursor, sql.format(table, cols), tpls)
         conn.commit()
         LOGGER.info("Asset data inserted using execute_values() successfully")
     except (Exception, psycopg2.DatabaseError) as err:
         show_psycopg2_exception(err)
         cursor.close()
 
 
+# Needs API conversion
 def insert_contacts(conn, contacts_df, table):
     """Insert CyHy contacts into the P&E databse."""
     on_conflict = """
@@ -166,11 +168,11 @@ def insert_contacts(conn, contacts_df, table):
     """
     tpls = [tuple(x) for x in contacts_df.to_numpy()]
     cols = ",".join(list(contacts_df.columns))
-    sql = "INSERT INTO {}({}) VALUES %s".format(table, cols)
+    sql = "INSERT INTO {}({}) VALUES %s"
     sql = sql + on_conflict
     cursor = conn.cursor()
     try:
-        extras.execute_values(cursor, sql, tpls)
+        extras.execute_values(cursor, sql.format(table, cols), tpls)
         conn.commit()
         LOGGER.info("Contact data inserted using execute_values() successfully")
     except (Exception, psycopg2.DatabaseError) as err:
@@ -264,23 +266,27 @@ def update_child_parent_orgs(conn, parent_uid, child_name):
     cursor.close()
 
 
+# Needs API conversion
 def update_scan_status(conn, child_name):
     """Update child parent relationships between organizations."""
-    cursor = conn.cursor()
-    cursor.execute(
-        """
+    sql = """
         UPDATE organizations
         set run_scans = True
         where cyhy_db_name = '{}'
-        """.format(
-            child_name
-        ),
-    )
-
-    conn.commit()
-    cursor.close()
+        """
+    cursor = conn.cursor()
+    try:
+        extras.execute_values(cursor, sql.format(child_name))
+        conn.commit()
+        LOGGER.info(
+            "Child/Parent relationships updated using execute_values() successfully..."
+        )
+    except (Exception, psycopg2.DatabaseError) as err:
+        show_psycopg2_exception(err)
+        cursor.close()
 
 
+# Needs API conversion
 def insert_dot_gov_domains(conn, dotgov_df, table):
     """Insert dot gov domains."""
     conflict = """
@@ -289,13 +295,13 @@ def insert_dot_gov_domains(conn, dotgov_df, table):
     """
     tpls = [tuple(x) for x in dotgov_df.to_numpy()]
     cols = ",".join(list(dotgov_df.columns))
-    sql = "INSERT INTO {}({}) VALUES %s".format(table, cols)
+    sql = "INSERT INTO {}({}) VALUES %s"
     sql = sql + conflict
     cursor = conn.cursor()
     try:
-        extras.execute_values(cursor, sql, tpls)
+        extras.execute_values(cursor, sql.format(table, cols), tpls)
         conn.commit()
-        LOGGER.info("Dot gov data inserted using execute_values() successfully..")
+        LOGGER.info("Dot gov data inserted using execute_values() successfully...")
     except (Exception, psycopg2.DatabaseError) as err:
         show_psycopg2_exception(err)
         cursor.close()

diff --git a/src/pe_reports/helpers/db_backup.py b/src/pe_reports/helpers/db_backup.py
@@ -22,7 +22,7 @@ def run_backup():
         LOGGER.info("Running database backup...")
         LOGGER.info(BACKUP_SCRIPT)
         cmd = f"bash {BACKUP_SCRIPT}"
-        os.system(cmd)
+        os.system(cmd)  # nosec HIGH SEV. B605
         LOGGER.info("Success")
     except Exception as e:
         failed = True

diff --git a/...ts/pe_reports_django_project/static/admin/css/vendor/select2/LICENSE-SELECT2.md b/...ts/pe_reports_django_project/static/admin/css/vendor/select2/LICENSE-SELECT2.md
@@ -1,4 +1,4 @@
-The MIT License (MIT)
+# The MIT License (MIT) #
 
 Copyright (c) 2012-2017 Kevin Brown, Igor Vaynberg, and Select2 contributors
 

diff --git a/src/pe_reports/pe_reports_django_project/static/admin/js/vendor/select2/LICENSE.md b/src/pe_reports/pe_reports_django_project/static/admin/js/vendor/select2/LICENSE.md
@@ -1,4 +1,4 @@
-The MIT License (MIT)
+# The MIT License (MIT) #
 
 Copyright (c) 2012-2017 Kevin Brown, Igor Vaynberg, and Select2 contributors
 

diff --git a/..._reports_django_project/staticfiles/admin/css/vendor/select2/LICENSE-SELECT2.md b/..._reports_django_project/staticfiles/admin/css/vendor/select2/LICENSE-SELECT2.md
@@ -1,4 +1,4 @@
-The MIT License (MIT)
+# The MIT License (MIT) #
 
 Copyright (c) 2012-2017 Kevin Brown, Igor Vaynberg, and Select2 contributors
 

diff --git a/...eports/pe_reports_django_project/staticfiles/admin/js/vendor/select2/LICENSE.md b/...eports/pe_reports_django_project/staticfiles/admin/js/vendor/select2/LICENSE.md
@@ -1,4 +1,4 @@
-The MIT License (MIT)
+# The MIT License (MIT) #
 
 Copyright (c) 2012-2017 Kevin Brown, Igor Vaynberg, and Select2 contributors