From e6ab4e8dc875fb482f18904a92a6606a6074bbec Mon Sep 17 00:00:00 2001 From: Jon-Pierre Hanna Date: Mon, 22 Apr 2024 23:55:59 -0400 Subject: [PATCH] Remove bandit and replace with it's ruff variant (#42) --- .github/workflows/python-app.yml | 3 - .pre-commit-config.yaml | 10 --- poetry.lock | 119 +------------------------------ pyproject.toml | 6 +- src/bot/controllers.py | 2 +- 5 files changed, 4 insertions(+), 136 deletions(-) diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index 1d12b3c..888da2c 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -37,9 +37,6 @@ jobs: - name: Lint with ruff if: always() run: docker-compose run test-pipeline ruff src - - name: Check with bandit - if: always() - run: docker-compose run test-pipeline bandit -r src -c pyproject.toml - name: Test with unit pytest if: always() run: | diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6b411a3..b87c957 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -57,16 +57,6 @@ repos: exclude: alembic args: [--fix, --exit-non-zero-on-fix] - - repo: local - hooks: - - id: bandit - name: bandit - entry: bandit - language: system - types: [ python ] - exclude: alembic|test_.*|conftest.py - args: [ -c, pyproject.toml ] - - repo: https://github.com/radix-ai/auto-smart-commit rev: v1.0.3 hooks: diff --git a/poetry.lock b/poetry.lock index cecbfc2..4f189db 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,7 +1,7 @@ # This file is automatically @generated by Poetry 1.7.1 and should not be changed by hand. [metadata] -content-hash = "c6f729c2c70ddb7520421468cbbc38d8c9f11e5cb80805578da802e19292ed0c" +content-hash = "1094bd3d84ce07abf3c0c85a51c6bd964b44c36e36bd38f1c6d47c99090bd542" lock-version = "2.0" python-versions = "^3.11" @@ -231,30 +231,6 @@ tests = ["attrs[tests-no-zope]", "zope-interface"] tests-mypy = ["mypy (>=1.6)", "pytest-mypy-plugins"] tests-no-zope = ["attrs[tests-mypy]", "cloudpickle", "hypothesis", "pympler", "pytest (>=4.3.0)", "pytest-xdist[psutil]"] -[[package]] -description = "Security oriented static analyser for python code." -files = [ - {file = "bandit-1.7.8-py3-none-any.whl", hash = "sha256:509f7af645bc0cd8fd4587abc1a038fc795636671ee8204d502b933aee44f381"}, - {file = "bandit-1.7.8.tar.gz", hash = "sha256:36de50f720856ab24a24dbaa5fee2c66050ed97c1477e0a1159deab1775eab6b"} -] -name = "bandit" -optional = false -python-versions = ">=3.8" -version = "1.7.8" - -[package.dependencies] -PyYAML = ">=5.3.1" -colorama = {version = ">=0.3.9", markers = "platform_system == \"Windows\""} -rich = "*" -stevedore = ">=1.20.0" - -[package.extras] -baseline = ["GitPython (>=3.1.30)"] -sarif = ["jschema-to-python (>=1.2.3)", "sarif-om (>=1.0.4)"] -test = ["beautifulsoup4 (>=4.8.0)", "coverage (>=4.5.4)", "fixtures (>=3.0.0)", "flake8 (>=4.0.0)", "pylint (==1.9.4)", "stestr (>=2.5.0)", "testscenarios (>=0.5.0)", "testtools (>=2.3.0)"] -toml = ["tomli (>=1.1.0)"] -yaml = ["PyYAML"] - [[package]] description = "The uncompromising code formatter." files = [ @@ -827,30 +803,6 @@ babel = ["Babel"] lingua = ["lingua"] testing = ["pytest"] -[[package]] -description = "Python port of markdown-it. Markdown parsing, done right!" -files = [ - {file = "markdown-it-py-3.0.0.tar.gz", hash = "sha256:e3f60a94fa066dc52ec76661e37c851cb232d92f9886b15cb560aaada2df8feb"}, - {file = "markdown_it_py-3.0.0-py3-none-any.whl", hash = "sha256:355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1"} -] -name = "markdown-it-py" -optional = false -python-versions = ">=3.8" -version = "3.0.0" - -[package.dependencies] -mdurl = ">=0.1,<1.0" - -[package.extras] -benchmarking = ["psutil", "pytest", "pytest-benchmark"] -code-style = ["pre-commit (>=3.0,<4.0)"] -compare = ["commonmark (>=0.9,<1.0)", "markdown (>=3.4,<4.0)", "mistletoe (>=1.0,<2.0)", "mistune (>=2.0,<3.0)", "panflute (>=2.3,<3.0)"] -linkify = ["linkify-it-py (>=1,<3)"] -plugins = ["mdit-py-plugins"] -profiling = ["gprof2dot"] -rtd = ["jupyter_sphinx", "mdit-py-plugins", "myst-parser", "pyyaml", "sphinx", "sphinx-copybutton", "sphinx-design", "sphinx_book_theme"] -testing = ["coverage", "pytest", "pytest-cov", "pytest-regressions"] - [[package]] description = "Safely add untrusted strings to HTML/XML markup." files = [ @@ -920,17 +872,6 @@ optional = false python-versions = ">=3.7" version = "2.1.5" -[[package]] -description = "Markdown URL utilities" -files = [ - {file = "mdurl-0.1.2-py3-none-any.whl", hash = "sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8"}, - {file = "mdurl-0.1.2.tar.gz", hash = "sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba"} -] -name = "mdurl" -optional = false -python-versions = ">=3.7" -version = "0.1.2" - [[package]] description = "multidict implementation" files = [ @@ -1137,17 +1078,6 @@ optional = false python-versions = ">=3.8" version = "0.12.1" -[[package]] -description = "Python Build Reasonableness" -files = [ - {file = "pbr-6.0.0-py2.py3-none-any.whl", hash = "sha256:4a7317d5e3b17a3dccb6a8cfe67dab65b20551404c52c8ed41279fa4f0cb4cda"}, - {file = "pbr-6.0.0.tar.gz", hash = "sha256:d1377122a5a00e2f940ee482999518efe16d745d423a670c27773dfbc3c9a7d9"} -] -name = "pbr" -optional = false -python-versions = ">=2.6" -version = "6.0.0" - [[package]] description = "A small Python package for determining appropriate platform-specific dirs, e.g. a \"user data dir\"." files = [ @@ -1406,21 +1336,6 @@ python-dotenv = ">=0.21.0" toml = ["tomli (>=2.0.1)"] yaml = ["pyyaml (>=6.0.1)"] -[[package]] -description = "Pygments is a syntax highlighting package written in Python." -files = [ - {file = "pygments-2.17.2-py3-none-any.whl", hash = "sha256:b27c2826c47d0f3219f29554824c30c5e8945175d888647acd804ddd04af846c"}, - {file = "pygments-2.17.2.tar.gz", hash = "sha256:da46cec9fd2de5be3a8a784f434e4c4ab670b4ff54d605c4c2717e9d49c4c367"} -] -name = "pygments" -optional = false -python-versions = ">=3.7" -version = "2.17.2" - -[package.extras] -plugins = ["importlib-metadata"] -windows-terminal = ["colorama (>=0.4.6)"] - [[package]] description = "pytest: simple powerful testing with Python" files = [ @@ -1628,24 +1543,6 @@ optional = false python-versions = ">=3.6" version = "6.0.1" -[[package]] -description = "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal" -files = [ - {file = "rich-13.7.1-py3-none-any.whl", hash = "sha256:4edbae314f59eb482f54e9e30bf00d33350aaa94f4bfcd4e9e3110e64d0d7222"}, - {file = "rich-13.7.1.tar.gz", hash = "sha256:9be308cb1fe2f1f57d67ce99e95af38a1e2bc71ad9813b0e247cf7ffbcc3a432"} -] -name = "rich" -optional = false -python-versions = ">=3.7.0" -version = "13.7.1" - -[package.dependencies] -markdown-it-py = ">=2.2.0" -pygments = ">=2.13.0,<3.0.0" - -[package.extras] -jupyter = ["ipywidgets (>=7.5.1,<9)"] - [[package]] description = "An extremely fast Python linter and code formatter, written in Rust." files = [ @@ -1801,20 +1698,6 @@ version = "0.0.14" SQLAlchemy = ">=2.0.0,<2.1.0" pydantic = ">=1.10.13,<3.0.0" -[[package]] -description = "Manage dynamic plugins for Python applications" -files = [ - {file = "stevedore-5.2.0-py3-none-any.whl", hash = "sha256:1c15d95766ca0569cad14cb6272d4d31dae66b011a929d7c18219c176ea1b5c9"}, - {file = "stevedore-5.2.0.tar.gz", hash = "sha256:46b93ca40e1114cea93d738a6c1e365396981bb6bb78c27045b7587c9473544d"} -] -name = "stevedore" -optional = false -python-versions = ">=3.8" -version = "5.2.0" - -[package.dependencies] -pbr = ">=2.0.0,<2.1.0 || >2.1.0" - [[package]] description = "Backported and Experimental Type Hints for Python 3.8+" files = [ diff --git a/pyproject.toml b/pyproject.toml index 17b0dbf..67aef1a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -2,9 +2,6 @@ build-backend = "poetry.core.masonry.api" requires = ["poetry-core"] -[tool.bandit] -exclude_dirs = ["test"] - [tool.black] line-length = 120 @@ -74,7 +71,6 @@ sqlmodel = "^0.0.14" typing-extensions = "^4.9.0" [tool.poetry.group.dev.dependencies] -bandit = {extras = ["toml"], version = "^1.7.4"} black = "*" coverage = {extras = ["toml"], version = "^6.4.4"} factory-boy = "^3.3.0" @@ -114,6 +110,7 @@ select = [ "C", "PT", "I", + "S", "RSE", "RET501", "RET502", @@ -141,3 +138,4 @@ max-complexity = 10 [tool.ruff.lint.per-file-ignores] "src/helpers/factories/*" = ["FBT001"] "src/model_hub.py" = ["F401"] +"src/tests/*" = ["S"] diff --git a/src/bot/controllers.py b/src/bot/controllers.py index 0bdb059..5fefb69 100644 --- a/src/bot/controllers.py +++ b/src/bot/controllers.py @@ -150,5 +150,5 @@ async def select_from_tavern_menu( return NO_MENU_ITEMS_FOR_CHOSEN_DAY_MESSAGE food_text = food_items[0].food.title() if style == ChooseStyle.RANDOM: - food_text = random.choice(food_items).food.title() # nosec + food_text = random.choice(food_items).food.title() # noqa: S311 return f"Order Up!\n{food_text}"