From 1ae5610f6361805639c15214e96cb2f776990905 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Saugat=20Pachhai=20=28=E0=A4=B8=E0=A5=8C=E0=A4=97=E0=A4=BE?= =?UTF-8?q?=E0=A4=A4=29?= Date: Mon, 7 Nov 2022 22:32:30 +0545 Subject: [PATCH] add bandit, a security linter See https://github.com/PyCQA/bandit. --- .pre-commit-config.yaml | 6 ++++++ pyproject.toml | 4 ++++ src/dvc_task/proc/process.py | 4 ++-- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index bdb47f4..ae5637f 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -44,3 +44,9 @@ repos: - flake8-comprehensions==3.10.0 - flake8-debugger==4.1.2 - flake8-string-format==0.3.0 + - repo: https://github.com/pycqa/bandit + rev: 1.7.4 + hooks: + - id: bandit + args: [-c, pyproject.toml] + additional_dependencies: ["toml"] diff --git a/pyproject.toml b/pyproject.toml index 8ae5929..07290d0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -84,3 +84,7 @@ enable = ["c-extension-no-member", "no-else-return"] [tool.pylint.variables] dummy-variables-rgx = "_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_" ignored-argument-names = "_.*|^ignored_|^unused_|args|kwargs" + +[tool.bandit] +exclude_dirs = ["tests"] +skips = ["B101"] diff --git a/src/dvc_task/proc/process.py b/src/dvc_task/proc/process.py index 6f4dc37..ba76d81 100644 --- a/src/dvc_task/proc/process.py +++ b/src/dvc_task/proc/process.py @@ -4,7 +4,7 @@ import multiprocessing as mp import os import shlex -import subprocess +import subprocess # nosec B404 from contextlib import AbstractContextManager, ExitStack from dataclasses import asdict, dataclass from typing import Any, Dict, List, Optional, Union @@ -160,7 +160,7 @@ def run(self): stdout = self._fd_stack.enter_context(open(self.stdout_path, "ab")) try: # pylint: disable=consider-using-with - self._proc = subprocess.Popen( + self._proc = subprocess.Popen( # nosec B603 self.args, stdin=subprocess.DEVNULL, stdout=stdout,