Fix scurity scan - move bandit conf to a deparate file (#500)

aws-samples · Mar 13, 2023 · 70df581 · 70df581
1 parent f200af7
commit 70df581
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 8 deletions.
diff --git a/.bandit b/.bandit
@@ -0,0 +1,4 @@
+# FILE: .bandit
+[bandit]
+exclude = ./bump-release.py,./build/*,./.venv/*
+skips = B101,B608
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -21,13 +21,16 @@ jobs:
         uses: actions/setup-python@v4
         with:
           python-version: ${{ matrix.python-version }}
-      - name: Install Python
+      - name: Install Python Modules
         run: |
           python -m pip install --upgrade pip
-          pip install -U bandit toml pip-audit setuptools .
+          pip install -U bandit pip-audit setuptools .
+      - name: Install cid-cmd
+        run: |
+          pip install -U .
       - name: Bandit Scan
         run: |
-          bandit -c pyproject.toml -r .
+          bandit -r .
       - name: Pip Audit
         run: |
           pip-audit

diff --git a/cid/common.py b/cid/common.py
@@ -249,7 +249,7 @@ def load_resources(self):
             resources = {}
             try:
                 if source.startswith('https://'):
-                    resp = requests.get(source)
+                    resp = requests.get(source, timeout=10)
                     assert resp.status_code in [200, 201], f'Error {resp.status_code} while loading url. {resp.text}'
                     resources = yaml.safe_load(resp.text)
                 else:

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,7 +1,3 @@
 [build-system]
 requires = ["setuptools>=42"]
 build-backend = "setuptools.build_meta"
-
-[tool.bandit]
-exclude_dirs = ["./bump-release.py"]
-skips = ["B101","B608"]