From 014048421e6062678a6db10a6ed9048211f49ad4 Mon Sep 17 00:00:00 2001
From: Jirka <jirka.borovec@seznam.cz>
Date: Wed, 14 Feb 2024 01:16:57 +0100
Subject: [PATCH 1/3] ruff: bandit

---
 pyproject.toml         |  2 +-
 tests/test_security.py | 10 ----------
 2 files changed, 1 insertion(+), 11 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index ec2d5c64..eb48528a 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -43,7 +43,7 @@ select = [
 #    "I", #see: https://pypi.org/project/isort/
 #    "D", # see: https://pypi.org/project/pydocstyle
 #    "N", # see: https://pypi.org/project/pep8-naming
-#    "S", # see: https://pypi.org/project/flake8-bandit
+    "S", # see: https://pypi.org/project/flake8-bandit
     "SIM",
 ]
 ignore = [
diff --git a/tests/test_security.py b/tests/test_security.py
index 7b7a9a57..33ebb48c 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -2,16 +2,6 @@
 import subprocess
 
 
-@pytest.mark.skip  # todo: dead check, so let's replace it with Ruff
-def test_bandit():
-    """Bandit security scan passes with no warnings or errors."""
-    command = ["bandit"]
-    parameters = ["-r", "cachier"]
-    subprocess.check_call(command + parameters)
-    parameters = ["-s", "B101,B311,B404,B603", "-r", "tests"]
-    subprocess.check_call(command + parameters)
-
-
 @pytest.mark.skip  # todo: dead check, enable it in separate PR w/ pre-commit
 def test_safety():
     """Safety security scan passes with no warnings or errors."""

From 570e493f9fb959870d4b85f987df35fc49b21f3a Mon Sep 17 00:00:00 2001
From: Jirka <jirka.borovec@seznam.cz>
Date: Wed, 14 Feb 2024 01:23:41 +0100
Subject: [PATCH 2/3] setting

---
 cachier/_version.py     | 4 ++--
 cachier/cores/mongo.py  | 2 +-
 cachier/cores/pickle.py | 4 ++--
 pyproject.toml          | 3 +++
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/cachier/_version.py b/cachier/_version.py
index 003bd249..3f8583fd 100644
--- a/cachier/_version.py
+++ b/cachier/_version.py
@@ -70,8 +70,8 @@ def decorate(f):
 
 def run_command(commands, args, cwd=None, verbose=False, hide_stderr=False):
     """Call the given command(s)."""
-    assert isinstance(commands, list)
-    p = None
+    if not isinstance(commands, list):
+        raise ValueError("commands must be a list")
     for c in commands:
         try:
             dispcmd = str([c] + args)
diff --git a/cachier/cores/mongo.py b/cachier/cores/mongo.py
index 64b6fcb8..3447a46a 100644
--- a/cachier/cores/mongo.py
+++ b/cachier/cores/mongo.py
@@ -61,7 +61,7 @@ def get_entry_by_key(self, key):
         if res:
             try:
                 entry = {
-                    "value": pickle.loads(res["value"]),
+                    "value": pickle.loads(res["value"]),  # noqa: S301
                     "time": res.get("time", None),
                     "stale": res.get("stale", False),
                     "being_calculated": res.get("being_calculated", False),
diff --git a/cachier/cores/pickle.py b/cachier/cores/pickle.py
index d83a1979..d2010015 100644
--- a/cachier/cores/pickle.py
+++ b/cachier/cores/pickle.py
@@ -134,7 +134,7 @@ def _reload_cache(self):
             try:
                 with portalocker.Lock(fpath, mode="rb") as cache_file:
                     try:
-                        self.cache = pickle.load(cache_file)
+                        self.cache = pickle.load(cache_file)  # noqa: S301
                     except EOFError:
                         self.cache = {}
             except FileNotFoundError:
@@ -155,7 +155,7 @@ def _get_cache_by_key(self, key=None, hash=None):
         try:
             with portalocker.Lock(fpath, mode="rb") as cache_file:
                 try:
-                    res = pickle.load(cache_file)
+                    res = pickle.load(cache_file)  # noqa: S301
                 except EOFError:  # pragma: no cover
                     res = None
         except FileNotFoundError:
diff --git a/pyproject.toml b/pyproject.toml
index eb48528a..d409b071 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -64,6 +64,9 @@ exclude = [
 ignore-init-module-imports = true
 unfixable = ["F401"]
 
+[tool.ruff.per-file-ignores]
+"tests/**" = ["S101", "S311", "S105", "S603"]
+
 #[tool.ruff.pydocstyle]
 ## Use Google-style docstrings.
 #convention = "google"

From 9379c5f24a371b723aadd202055e47248932978b Mon Sep 17 00:00:00 2001
From: Jirka <jirka.borovec@seznam.cz>
Date: Wed, 14 Feb 2024 21:52:32 +0100
Subject: [PATCH 3/3] noqa

---
 cachier/_version.py     | 2 +-
 cachier/cores/pickle.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cachier/_version.py b/cachier/_version.py
index f66fad61..1a1a1118 100644
--- a/cachier/_version.py
+++ b/cachier/_version.py
@@ -16,7 +16,7 @@
 
 
 def _get_git_sha():
-    sha = os.popen("git rev-parse HEAD").read().strip()
+    sha = os.popen("git rev-parse HEAD").read().strip()  # noqa: S605, S607 todo
     # SHA short
     return sha[:7]
 
diff --git a/cachier/cores/pickle.py b/cachier/cores/pickle.py
index 9a09d49b..9e7ef54a 100644
--- a/cachier/cores/pickle.py
+++ b/cachier/cores/pickle.py
@@ -152,7 +152,7 @@ def _get_cache_by_key(self, key=None, hash=None):
         fpath += f"_{key}" if hash is None else f"_{hash}"
         try:
             with portalocker.Lock(fpath, mode="rb") as cache_file:
-                return pickle.load(cache_file)
+                return pickle.load(cache_file)  # noqa: S301
         except (FileNotFoundError, EOFError):
             return None