Merge b563b26 into 99ce099

LibraryOfCongress · Nov 1, 2019 · 2f66594 · 2f66594
2 parents 99ce099 + b563b26
commit 2f66594
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 20 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -5,11 +5,11 @@ repos:
       hooks:
           - id: isort
     - repo: https://github.com/ambv/black
-      rev: 19.3b0
+      rev: 19.10b0
       hooks:
           - id: black
     - repo: https://github.com/pre-commit/pre-commit-hooks
-      rev: v2.3.0
+      rev: v2.4.0
       hooks:
           - id: check-added-large-files
             args: ['--maxkb=128']
@@ -44,7 +44,7 @@ repos:
           - id: prettier
             files: \.(css|less|scss|ts|tsx|graphql|gql|json|js|jsx|md)$
     - repo: https://github.com/pre-commit/mirrors-eslint
-      rev: v6.4.0
+      rev: v6.6.0
       hooks:
           - id: eslint
             additional_dependencies:
@@ -61,11 +61,15 @@ repos:
                 - stylelint-config-prettier@6.0.0
                 - stylelint-config-recommended@3.0.0
     - repo: https://github.com/awslabs/cfn-python-lint
-      rev: v0.24.1
+      rev: v0.24.7
       hooks:
           - id: cfn-python-lint
             files: cloudformation/.*\.(json|yml|yaml)$
     - repo: https://gitlab.com/pycqa/flake8
-      rev: 3.7.8
+      rev: 3.7.9
       hooks:
           - id: flake8
+    - repo: https://github.com/PyCQA/bandit
+      rev: 1.6.2
+      hooks:
+          - id: bandit
diff --git a/concordia/settings_dev.py b/concordia/settings_dev.py
@@ -16,10 +16,12 @@
 
 DEBUG = True
 
-ALLOWED_HOSTS = ["127.0.0.1", "0.0.0.0", "*"]
+ALLOWED_HOSTS = ["127.0.0.1", "0.0.0.0", "*"]  # nosec
 
 EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
-EMAIL_FILE_PATH = "/tmp/concordia-messages"  # change this to a proper location
+EMAIL_FILE_PATH = (
+    "/tmp/concordia-messages"  # nosec — change this to a proper location for deployment
+)
 DEFAULT_FROM_EMAIL = os.environ.get("DEFAULT_FROM_EMAIL", "")
 DEFAULT_TO_EMAIL = DEFAULT_FROM_EMAIL
 

diff --git a/concordia/settings_docker.py b/concordia/settings_docker.py
@@ -1,14 +1,10 @@
 import os
 
-from django.core.management.utils import get_random_secret_key
-
 from .settings_template import *  # NOQA ignore=F405
 from .settings_template import INSTALLED_APPS
 
 DEBUG = os.getenv("DEBUG", "").lower() == "true"
 
-DJANGO_SECRET_KEY = os.getenv("DJANGO_SECRET_KEY", get_random_secret_key())
-
 EMAIL_BACKEND = "django.core.mail.backends.dummy.EmailBackend"
 
 ELASTICSEARCH_DSL_AUTOSYNC = os.getenv("ELASTICSEARCH_DSL_AUTOSYNC", False)

diff --git a/concordia/settings_ecs.py b/concordia/settings_ecs.py
@@ -1,8 +1,6 @@
 import json
 import os
 
-from django.core.management.utils import get_random_secret_key
-
 from .secrets import get_secret
 from .settings_template import *  # NOQA ignore=F405
 from .settings_template import CONCORDIA_ENVIRONMENT, DATABASES, INSTALLED_APPS
@@ -12,7 +10,7 @@
 
     django_secret_json = get_secret("crowd/%s/Django/SecretKey" % ENV_NAME)
     django_secret = json.loads(django_secret_json)
-    DJANGO_SECRET_KEY = django_secret["DjangoSecretKey"]
+    SECRET_KEY = django_secret["DjangoSecretKey"]
 
     postgres_secret_json = get_secret("crowd/%s/DB/MasterUserPassword" % ENV_NAME)
     postgres_secret = json.loads(postgres_secret_json)
@@ -26,7 +24,6 @@
     EMAIL_HOST_PASSWORD = smtp_secret["Password"]
 
 else:
-    DJANGO_SECRET_KEY = os.getenv("DJANGO_SECRET_KEY", get_random_secret_key())
     EMAIL_HOST = os.environ.get("EMAIL_HOST", "localhost")
     EMAIL_HOST_USER = os.environ.get("EMAIL_HOST_USER", "")
     EMAIL_HOST_PASSWORD = os.environ.get("EMAIL_HOST_PASSWORD", "")

diff --git a/concordia/settings_template.py b/concordia/settings_template.py
@@ -2,6 +2,7 @@
 
 import sentry_sdk
 from django.contrib import messages
+from django.core.management.utils import get_random_secret_key
 from sentry_sdk.integrations.django import DjangoIntegration
 
 from concordia.version import get_concordia_version
@@ -10,14 +11,13 @@
 CONCORDIA_APP_DIR = os.path.abspath(os.path.dirname(__file__))
 SITE_ROOT_DIR = os.path.dirname(CONCORDIA_APP_DIR)
 
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = "django-secret-key"
+SECRET_KEY = os.getenv("DJANGO_SECRET_KEY", get_random_secret_key())
 
 CONCORDIA_ENVIRONMENT = os.environ.get("CONCORDIA_ENVIRONMENT", "development")
 
 # Optional SMTP authentication information for EMAIL_HOST.
 EMAIL_HOST_USER = ""
-EMAIL_HOST_PASSWORD = ""
+EMAIL_HOST_PASSWORD = ""  # nosec
 EMAIL_USE_TLS = False
 DEFAULT_FROM_EMAIL = "crowd@loc.gov"
 
@@ -232,7 +232,7 @@
 LOGIN_URL = "login"
 
 PASSWORD_VALIDATOR = (
-    "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"
+    "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"  # nosec
 )
 
 AUTH_PASSWORD_VALIDATORS = [

diff --git a/concordia/settings_test.py b/concordia/settings_test.py
@@ -7,7 +7,7 @@
 
 DEFAULT_TO_EMAIL = "rstorey@loc.gov"
 
-ALLOWED_HOSTS = ["127.0.0.1", "0.0.0.0"]
+ALLOWED_HOSTS = ["127.0.0.1", "0.0.0.0"]  # nosec
 
 EMAIL_BACKEND = "django.core.mail.backends.dummy.EmailBackend"