Skip to content

Add vulnerabilities check in the CI + SECURITY.md file #627

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jul 8, 2025
Merged

Add vulnerabilities check in the CI + SECURITY.md file #627

merged 6 commits into from
Jul 8, 2025

Conversation

@FedericoNegri
Copy link
Contributor

@FedericoNegri FedericoNegri commented Jul 8, 2025
edited
Loading

Adding vulnerabilities check in the CI + SECURITY.md file as requested by the PyAnsys team in the linked issues.

Bandit flagged two cases of B110 try_except_pass. Reviewed the code and don't see how that can be a security concern. These are not places with any relevant logic.

I think they're acceptable and propose to mark those two instances as # nosec.

This was linked to issues Jul 8, 2025
[MAINTENANCE] Missing or outdated ansys/actions/check-vulnerabilities action in ansys/pyhps #620
Closed
[MAINTENANCE] Missing or outdated SECURITY.md file in ansys/pyhps #621
Closed
@github-actions github-actions bot added the maintenance Package and maintenance related label Jul 8, 2025
@codecov
Copy link

codecov bot commented Jul 8, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.

Project coverage is 87.62%. Comparing base (c405273) to head (c61d7cd).
Report is 3 commits behind head on main.

Files with missing lines Patch % Lines
src/ansys/hps/client/common/base_resource.py 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #627   +/-   ##
=======================================
  Coverage   87.62%   87.62%           
=======================================
  Files          65       65           
  Lines        2999     2999           
=======================================
  Hits         2628     2628           
  Misses        371      371

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@FedericoNegri FedericoNegri marked this pull request as ready for review July 8, 2025 09:46
@RobPasMue
Copy link
Member

RobPasMue commented Jul 8, 2025

Hi @FedericoNegri! I think what bandit is trying to tell you is to avoid silently ignoring exceptions. Rather than a security concern this one is more related to best practices - unless it's intended.

Would adding a message to the logger (with debug level?) make sense? I don't know how often and under what circumstances you might end up going down the exception path - but maybe it makes sense to let the users know that happened.

If it doesn't make sense, then let's ignore it. However, I would suggest, in that case, that you only ignored that specific rule and added an explanatory comment - for example:

try:
  # do something
except Exception:
  # Ignoring exceptions because ...
  pass  # nosec B110

@FedericoNegri
Copy link
Contributor Author

FedericoNegri commented Jul 8, 2025

@RobPasMue made the nosec marker more specific and added comments

RobPasMue
RobPasMue approved these changes Jul 8, 2025
View reviewed changes
Copy link
Member

@RobPasMue RobPasMue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome - thanks @FedericoNegri!

@FedericoNegri FedericoNegri merged commit e6cde77 into main Jul 8, 2025
19 checks passed
@FedericoNegri FedericoNegri deleted the maint/check-vulnerabilities branch July 8, 2025 13:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RobPasMue RobPasMue RobPasMue approved these changes

@ojkoenig ojkoenig Awaiting requested review from ojkoenig

Assignees

No one assigned

Labels

maintenance Package and maintenance related

Projects

None yet

Milestone

No milestone

3 participants

@FedericoNegri @RobPasMue