Add bandit linter, update CI\CD

yar-kik · Dec 27, 2022 · 2014ba2 · 2014ba2
1 parent da95cf6
commit 2014ba2
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 1 deletion.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -21,3 +21,9 @@ repos:
  - id: mypy
  additional_dependencies: [types-PyYAML==6.0.12.1]
  exclude: tests
+
+- repo: https://github.com/PyCQA/bandit
+ rev: 1.7.4
+ hooks:
+ - id: bandit
+ exclude: tests
diff --git a/.travis.yml b/.travis.yml
@@ -8,12 +8,14 @@ script:
  - flake8 app_properties/
  - black --line-length 79 --check app_properties/
  - mypy app_properties/
+ - bandit app_properties/ -r
  - coverage run --source=app_properties -m pytest && coveralls
  - coverage report --fail-under=80
 
 deploy:
  provider: pypi
  username: "__token__"
  password: $PYPI_API_TOKEN
+ skip_existing: true
  on:
  tags: true
diff --git a/README.md b/README.md
@@ -7,6 +7,7 @@
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
 [![Checked with mypy](http://www.mypy-lang.org/static/mypy_badge.svg)](http://mypy-lang.org/)
 [![Imports: isort](https://img.shields.io/badge/%20imports-isort-%231674b1?style=flat&labelColor=ef8336)](https://pycqa.github.io/isort/)
+[![security: bandit](https://img.shields.io/badge/security-bandit-yellow.svg)](https://github.com/PyCQA/bandit)
 
 
 ## What is this

diff --git a/app_properties/config_handler.py b/app_properties/config_handler.py
@@ -51,7 +51,8 @@ def _get_config_file(self) -> pathlib.Path:
  return file
 
  def _get_yaml_config(self, text_content: str) -> dict:
- return yaml.load(text_content, yaml.CSafeLoader)
+ # equivalent of yaml.safe_load() but faster
+ return yaml.load(text_content, yaml.CSafeLoader) # nosec
 
  def _get_json_config(self, text_content: str) -> dict:
  return json.loads(text_content)

diff --git a/requirements.txt b/requirements.txt
@@ -1,4 +1,5 @@
 attrs==22.1.0
+bandit==1.7.4
 black==22.10.0
 bleach==5.0.1
 build==0.9.0
@@ -14,6 +15,8 @@ docutils==0.19
 exceptiongroup==1.0.0
 filelock==3.8.0
 flake8==5.0.4
+gitdb==4.0.10
+GitPython==3.1.29
 identify==2.5.8
 idna==3.4
 importlib-metadata==5.0.0
@@ -27,6 +30,7 @@ mypy-extensions==0.4.3
 nodeenv==1.7.0
 packaging==21.3
 pathspec==0.10.2
+pbr==5.11.0
 pep517==0.13.0
 pkginfo==1.8.3
 platformdirs==2.5.2
@@ -45,6 +49,8 @@ requests-toolbelt==0.10.1
 rfc3986==2.0.0
 rich==12.6.0
 six==1.16.0
+smmap==5.0.0
+stevedore==4.1.1
 toml==0.10.2
 tomli==2.0.1
 twine==4.0.1