Remove hardcoded bandit version and add nosecs

faust/cli/completion.py

@@ -28,7 +28,7 @@ async def run(self) -> None:
                 "Run `pip install click_completion` from your virtualenv\n"
                 "and try again!"
             )
-        self.say(click_completion.get_code(shell=self.shell()))
+        self.say(click_completion.get_code(shell=self.shell()))  # nosec: B604
 
     def shell(self) -> str:
         """Return the current shell used in this environment."""

faust/cli/send.py

@@ -82,5 +82,7 @@ async def run(
             meta: RecordMetadata = await fut_send_complete
             self.say(self.dumps(meta._asdict()))
             if i and max_latency:
-                await asyncio.sleep(random.uniform(min_latency, max_latency))
+                await asyncio.sleep(
+                    random.uniform(min_latency, max_latency)  # nosec B311
+                )
         await self.app.producer.stop()

faust/livecheck/case.py

@@ -204,7 +204,7 @@ async def maybe_trigger(
         """Schedule test execution, or not, based on probability setting."""
         execution: Optional[TestExecution] = None
         with ExitStack() as exit_stack:
-            if uniform(0, 1) < self.probability:
+            if uniform(0, 1) < self.probability:  # nosec B311
                 execution = await self.trigger(id, *args, **kwargs)
                 exit_stack.enter_context(current_test_stack.push(execution))
             yield execution

faust/models/typing.py

@@ -275,7 +275,9 @@ def __post_init__(self) -> None:
         ...
 
     def random_identifier(self, n: int = 8) -> str:
-        return "".join(random.choice(string.ascii_letters) for _ in range(n))
+        return "".join(
+            random.choice(string.ascii_letters) for _ in range(n)  # nosec B311
+        )
 
     @abc.abstractmethod
     def build(self, var: Variable, *args: Type) -> str:

faust/serializers/codecs.py

@@ -159,7 +159,7 @@ def msgpack() -> codecs.Codec:
 At this point may want to publish this on PyPI to share
 the extension with other Faust users.
 """
-import pickle as _pickle
+import pickle as _pickle  # nosec B403
 from base64 import b64decode, b64encode
 from types import ModuleType
 from typing import Any, Dict, MutableMapping, Optional, Tuple, cast
@@ -279,10 +279,10 @@ class raw_pickle(Codec):
     """:mod:`pickle` serializer with no encoding."""
 
     def _loads(self, s: bytes) -> Any:
-        return _pickle.loads(s)
+        return _pickle.loads(s)  # nosec B301
 
     def _dumps(self, obj: Any) -> bytes:
-        return _pickle.dumps(obj)
+        return _pickle.dumps(obj)  # nosec B403
 
 
 def pickle() -> Codec:
@@ -313,7 +313,7 @@ def _dumps(self, s: bytes) -> bytes:
 #: Codec registry, mapping of name to :class:`Codec` instance.
 codecs: MutableMapping[str, CodecT] = {
     "json": json(),
-    "pickle": pickle(),
+    "pickle": pickle(),  # nosec B403
     "binary": binary(),
     "raw": raw(),
     "yaml": yaml(),

faust/tables/globaltable.py

@@ -11,5 +11,3 @@ class GlobalTable(Table, GlobalTableT):
 
             app.GlobalTable(..., partitions=1, recovery_buffer_size=1)
     """
-
-    pass

faust/utils/codegen.py

@@ -96,7 +96,7 @@ def build_closure(
     assert locals is not None
     if return_type is not MISSING:
         locals["_return_type"] = return_type
-    exec(source, globals, locals)
+    exec(source, globals, locals)  # nosec: B102
     obj = locals[outer_name](*args)
     obj.__sourcecode__ = source
     return cast(Callable, obj)
@@ -114,7 +114,7 @@ def build_function(
     assert locals is not None
     if return_type is not MISSING:
         locals["_return_type"] = return_type
-    exec(source, globals, locals)
+    exec(source, globals, locals)  # nosec: B102
     obj = locals[name]
     obj.__sourcecode__ = source
     return cast(Callable, obj)

faust/utils/platforms.py

@@ -1,6 +1,6 @@
 """Platform/OS utilities."""
 import platform
-import subprocess
+import subprocess  # nosec: B404
 from typing import Optional
 
 
@@ -16,7 +16,7 @@ def max_open_files() -> Optional[int]:
             # macOS bash always returns infinity, even though there
             # is an actual system limit.
             if platform.system() == "Darwin":
-                output = subprocess.check_output(
+                output = subprocess.check_output(  # nosec
                     [
                         "sysctl",
                         "-q",

faust/utils/terminal/spinners.py

@@ -59,7 +59,7 @@
     SPINNER_MOON,
 ]
 
-ACTIVE_SPINNER: Sequence[str] = random.choice(SPINNERS)
+ACTIVE_SPINNER: Sequence[str] = random.choice(SPINNERS)  # nosec B311
 
 
 class Spinner:

faust/web/cache/cache.py

@@ -141,10 +141,12 @@ def build_key(
         self, request: Request, method: str, prefix: str, headers: Mapping[str, str]
     ) -> str:
         """Build cache key from web request and environment."""
-        context = hashlib.md5(
-            b"".join(want_bytes(k) + want_bytes(v) for k, v in headers.items())
+        context = hashlib.md5(  # nosec
+            b"".join(want_bytes(k) + want_bytes(v) for k, v in headers.items()),
+        ).hexdigest()
+        url = hashlib.md5(  # nosec
+            iri_to_uri(str(request.url)).encode("ascii"),
         ).hexdigest()
-        url = hashlib.md5(iri_to_uri(str(request.url)).encode("ascii")).hexdigest()
         return f"{self.ident}.{prefix}.{method}.{url}.{context}"
 
 

requirements/test.txt

@@ -19,7 +19,7 @@ pytest>=5.4.0
 python-dateutil>=2.8
 pytz>=2018.7
 codecov
-bandit==1.6.2
+bandit
 twine
 wheel
 intervaltree