diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2023-04-10 18:31:58 +0200 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2023-04-17 15:47:16 +0200 |
| commit | ff5aee7158bd46e4ae22bc431adadd7060a6e277 (patch) | |
| tree | 120f0fe58d2872aec800b7b794dc9dd5222a9e44 | |
| parent | 71a256dc52ed3391638dcf9669cf57d75475d326 (diff) | |
| download | Ishtar-ff5aee7158bd46e4ae22bc431adadd7060a6e277.tar.bz2 Ishtar-ff5aee7158bd46e4ae22bc431adadd7060a6e277.zip | |
Add bandit scan tool to Makefile - mark some security issue as non relevants
| -rw-r--r-- | Makefile.example | 40 | ||||
| -rw-r--r-- | archaeological_finds/views_api.py | 3 | ||||
| -rw-r--r-- | ishtar_common/data_importer.py | 2 | ||||
| -rw-r--r-- | ishtar_common/ignf_utils.py | 3 | ||||
| -rw-r--r-- | ishtar_common/utils.py | 3 |
5 files changed, 16 insertions, 35 deletions
diff --git a/Makefile.example b/Makefile.example index 385054b0d..59b7b3b8e 100644 --- a/Makefile.example +++ b/Makefile.example @@ -135,6 +135,12 @@ pylint: pylint "$(CURDIR)/$$DIR" --ignore=.git,migrations --max-public-methods=50 --ignored-classes=Item.Meta --method-rgx='[a-z_][a-z0-9_]{2,40}$$'; \ done +bandit: ## audit for security with bandit tool + bandit -r -s B322 -n 3 ishtar_common/ archaeological_context_records/ archaeological_files archaeological_finds/ archaeological_operations/ archaeological_warehouse/ example_project/ + +bandit_no_marksafe: ## audit for security with bandit tool + bandit -r -s B322,B308,B703 -n 3 ishtar_common/ archaeological_context_records/ archaeological_files archaeological_finds/ archaeological_operations/ archaeological_warehouse/ example_project/ + ##@ Development: run shell: ## launch shell @@ -143,6 +149,9 @@ shell: ## launch shell run: ## run test server cd $(project); $(PYTHON) manage.py runserver 0.0.0.0:8000 +runalt: ## run test server on port 9000 + cd $(project); $(PYTHON) manage.py runserver 0.0.0.0:9000 + runcelery: ## run a celery worker celery -A example_project worker -l INFO @@ -321,34 +330,3 @@ sass: sass_watch: ./node_modules/node-sass/bin/node-sass --watch scss/custom.scss --output-style compressed > ishtar_common/static/bootstrap/bootstrap.css -transition_migrate: - cd $(project); \ - $(PYTHON) manage.py migrate ishtar_common 0117 ; \ - $(PYTHON) manage.py migrate archaeological_files 0024 ; \ - $(PYTHON) manage.py migrate archaeological_operations 0075 ; \ - $(PYTHON) manage.py migrate archaeological_context_records 0056 ; \ - $(PYTHON) manage.py migrate archaeological_finds 0080 ; \ - $(PYTHON) manage.py migrate archaeological_warehouse 0044 ; \ - $(PYTHON) manage.py migrate --fake ishtar_common 0201 ; \ - $(PYTHON) manage.py migrate --fake archaeological_files 0101 ; \ - $(PYTHON) manage.py migrate --fake archaeological_operations 0102 ; \ - $(PYTHON) manage.py migrate --fake archaeological_context_records 0102 ; \ - $(PYTHON) manage.py migrate --fake archaeological_finds 0102 ; \ - $(PYTHON) manage.py migrate --fake archaeological_warehouse 0101 ; - -new_migration: - cd $(project); \ - $(PYTHON) manage.py migrate contenttypes ; \ - $(PYTHON) manage.py migrate admin ; \ - $(PYTHON) manage.py migrate auth ; \ - $(PYTHON) manage.py migrate authtoken ; \ - $(PYTHON) manage.py migrate registration ; \ - $(PYTHON) manage.py migrate sessions ; \ - $(PYTHON) manage.py migrate sites ; \ - $(PYTHON) manage.py migrate --fake ishtar_common 0117 ; \ - $(PYTHON) manage.py migrate --fake archaeological_files 0024 ; \ - $(PYTHON) manage.py migrate --fake archaeological_operations 0075 ; \ - $(PYTHON) manage.py migrate --fake archaeological_context_records 0056 ; \ - $(PYTHON) manage.py migrate --fake archaeological_finds 0080 ; \ - $(PYTHON) manage.py migrate --fake archaeological_warehouse 0044 ; \ - $(PYTHON) manage.py migrate ; diff --git a/archaeological_finds/views_api.py b/archaeological_finds/views_api.py index 4302fbd89..8bea74eb7 100644 --- a/archaeological_finds/views_api.py +++ b/archaeological_finds/views_api.py @@ -32,7 +32,8 @@ class PublicFindAPI(APIView): ) ordering = "CASE {} END".format(clauses) - return models.Find.objects.filter(id__in=id_list).extra( + # nosec: extra clauses uses only find id from a FindBasket query no injection possible + return models.Find.objects.filter(id__in=id_list).extra( # nosec select={"ordering": ordering}, order_by=("ordering",) ) diff --git a/ishtar_common/data_importer.py b/ishtar_common/data_importer.py index d63004849..ae3c8387a 100644 --- a/ishtar_common/data_importer.py +++ b/ishtar_common/data_importer.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 # -*- coding: utf-8 -*- # Copyright (C) 2013-2017 Étienne Loks <etienne.loks_AT_peacefrogsDOTnet> diff --git a/ishtar_common/ignf_utils.py b/ishtar_common/ignf_utils.py index 2f167299c..94429d458 100644 --- a/ishtar_common/ignf_utils.py +++ b/ishtar_common/ignf_utils.py @@ -160,7 +160,8 @@ IGNF = { def extract_from_csv(filename): - tree = ET.parse(filename) + # nosec: parsing only used by programmer to generate previous dict from a trusted source + tree = ET.parse(filename) # nosec root = tree.getroot() ns = "{http://www.isotc211.org/2005/gmx}" ns_gml = "{http://www.opengis.net/gml}" diff --git a/ishtar_common/utils.py b/ishtar_common/utils.py index 3a3c53853..91591e0b2 100644 --- a/ishtar_common/utils.py +++ b/ishtar_common/utils.py @@ -399,7 +399,8 @@ def get_cache(cls, extra_args=tuple(), app_label=None): ): cls._add_cache_key_to_refresh(extra_args) if len(cache_key) >= 250: - m = hashlib.md5() + # nosec: used for a cache key no consequence if predictable + m = hashlib.md5() # nosec m.update(cache_key) cache_key = m.hexdigest() return cache_key, cache.get(cache_key) |