mirror of
https://github.com/home-assistant/core
synced 2024-10-04 19:43:00 +00:00
Replace bandit with ruff (#93200)
This commit is contained in:
Ville Skyttä
GitHub
parent
f7938c940c
commit
ca936d0b38
13
.github/workflows/ci.yaml
vendored
13
.github/workflows/ci.yaml
vendored
|
|
@ -468,19 +468,6 @@ jobs:
|
|||
with:
|
||||
args: hadolint Dockerfile.dev
|
||||
|
||||
- name: Run bandit (fully)
|
||||
if: needs.info.outputs.test_full_suite == 'true'
|
||||
run: |
|
||||
. venv/bin/activate
|
||||
pre-commit run --hook-stage manual bandit --all-files --show-diff-on-failure
|
||||
- name: Run bandit (partially)
|
||||
if: needs.info.outputs.test_full_suite == 'false'
|
||||
shell: bash
|
||||
run: |
|
||||
. venv/bin/activate
|
||||
shopt -s globstar
|
||||
pre-commit run --hook-stage manual bandit --files {homeassistant,tests}/components/${{ needs.info.outputs.integrations_glob }}/{*,**/*} --show-diff-on-failure
|
||||
|
||||
base:
|
||||
name: Prepare dependencies
|
||||
runs-on: ubuntu-22.04
|
||||
|
|
|
|||
|
|
@ -22,15 +22,6 @@ repos:
|
|||
- --quiet-level=2
|
||||
exclude_types: [csv, json]
|
||||
exclude: ^tests/fixtures/|homeassistant/generated/
|
||||
- repo: https://github.com/PyCQA/bandit
|
||||
rev: 1.7.4
|
||||
hooks:
|
||||
- id: bandit
|
||||
args:
|
||||
- --quiet
|
||||
- --format=custom
|
||||
- --configfile=tests/bandit.yaml
|
||||
files: ^(homeassistant|script|tests)/.+\.py$
|
||||
- repo: https://github.com/PyCQA/isort
|
||||
rev: 5.12.0
|
||||
hooks:
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ class CommandLineNotificationService(BaseNotificationService):
|
|||
universal_newlines=True,
|
||||
stdin=subprocess.PIPE,
|
||||
close_fds=False, # required for posix_spawn
|
||||
shell=True, # nosec # shell by design
|
||||
shell=True, # noqa: S602 # shell by design
|
||||
) as proc:
|
||||
try:
|
||||
proc.communicate(input=message, timeout=self._timeout)
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ def call_shell_with_timeout(
|
|||
_LOGGER.debug("Running command: %s", command)
|
||||
subprocess.check_output(
|
||||
command,
|
||||
shell=True, # nosec # shell by design
|
||||
shell=True, # noqa: S602 # shell by design
|
||||
timeout=timeout,
|
||||
close_fds=False, # required for posix_spawn
|
||||
)
|
||||
|
|
@ -45,7 +45,7 @@ def check_output_or_log(command: str, timeout: int) -> str | None:
|
|||
try:
|
||||
return_value = subprocess.check_output(
|
||||
command,
|
||||
shell=True, # nosec # shell by design
|
||||
shell=True, # noqa: S602 # shell by design
|
||||
timeout=timeout,
|
||||
close_fds=False, # required for posix_spawn
|
||||
)
|
||||
|
|
|
|||
|
|
@ -341,7 +341,7 @@ def get_next_departure(
|
|||
{tomorrow_order}
|
||||
origin_stop_time.departure_time
|
||||
LIMIT :limit
|
||||
"""
|
||||
""" # noqa: S608
|
||||
result = schedule.engine.connect().execute(
|
||||
text(sql_query),
|
||||
{
|
||||
|
|
|
|||
|
|
@ -339,7 +339,7 @@ class InfluxQLSensorData:
|
|||
return
|
||||
|
||||
self.query = (
|
||||
f"select {self.group}({self.field}) as {INFLUX_CONF_VALUE} from"
|
||||
f"select {self.group}({self.field}) as {INFLUX_CONF_VALUE} from" # noqa: S608
|
||||
f" {self.measurement} where {where_clause}"
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1303,7 +1303,7 @@ def _migrate_statistics_columns_to_timestamp(
|
|||
with session_scope(session=session_maker()) as session:
|
||||
session.connection().execute(
|
||||
text(
|
||||
f"UPDATE {table} set start_ts=strftime('%s',start) + "
|
||||
f"UPDATE {table} set start_ts=strftime('%s',start) + " # noqa: S608
|
||||
"cast(substr(start,-7) AS FLOAT), "
|
||||
f"created_ts=strftime('%s',created) + "
|
||||
"cast(substr(created,-7) AS FLOAT), "
|
||||
|
|
@ -1321,7 +1321,7 @@ def _migrate_statistics_columns_to_timestamp(
|
|||
with session_scope(session=session_maker()) as session:
|
||||
result = session.connection().execute(
|
||||
text(
|
||||
f"UPDATE {table} set start_ts="
|
||||
f"UPDATE {table} set start_ts=" # noqa: S608
|
||||
"IF(start is NULL or UNIX_TIMESTAMP(start) is NULL,0,"
|
||||
"UNIX_TIMESTAMP(start) "
|
||||
"), "
|
||||
|
|
@ -1343,7 +1343,7 @@ def _migrate_statistics_columns_to_timestamp(
|
|||
with session_scope(session=session_maker()) as session:
|
||||
result = session.connection().execute(
|
||||
text(
|
||||
f"UPDATE {table} set start_ts=" # nosec
|
||||
f"UPDATE {table} set start_ts=" # noqa: S608
|
||||
"(case when start is NULL then 0 else EXTRACT(EPOCH FROM start::timestamptz) end), "
|
||||
"created_ts=EXTRACT(EPOCH FROM created::timestamptz), "
|
||||
"last_reset_ts=EXTRACT(EPOCH FROM last_reset::timestamptz) "
|
||||
|
|
|
|||
|
|
@ -2400,7 +2400,7 @@ def cleanup_statistics_timestamp_migration(instance: Recorder) -> bool:
|
|||
with session_scope(session=instance.get_session()) as session:
|
||||
session.connection().execute(
|
||||
text(
|
||||
f"update {table} set start = NULL, created = NULL, last_reset = NULL;"
|
||||
f"update {table} set start = NULL, created = NULL, last_reset = NULL;" # noqa: S608
|
||||
)
|
||||
)
|
||||
elif engine.dialect.name == SupportedDialect.MYSQL:
|
||||
|
|
@ -2410,7 +2410,7 @@ def cleanup_statistics_timestamp_migration(instance: Recorder) -> bool:
|
|||
session.connection()
|
||||
.execute(
|
||||
text(
|
||||
f"UPDATE {table} set start=NULL, created=NULL, last_reset=NULL where start is not NULL LIMIT 100000;"
|
||||
f"UPDATE {table} set start=NULL, created=NULL, last_reset=NULL where start is not NULL LIMIT 100000;" # noqa: S608
|
||||
)
|
||||
)
|
||||
.rowcount
|
||||
|
|
@ -2425,7 +2425,7 @@ def cleanup_statistics_timestamp_migration(instance: Recorder) -> bool:
|
|||
session.connection()
|
||||
.execute(
|
||||
text(
|
||||
f"UPDATE {table} set start=NULL, created=NULL, last_reset=NULL " # nosec
|
||||
f"UPDATE {table} set start=NULL, created=NULL, last_reset=NULL " # noqa: S608
|
||||
f"where id in (select id from {table} where start is not NULL LIMIT 100000)"
|
||||
)
|
||||
)
|
||||
|
|
|
|||
|
|
@ -278,9 +278,11 @@ def basic_sanity_check(cursor: SQLiteCursor) -> bool:
|
|||
|
||||
for table in TABLES_TO_CHECK:
|
||||
if table in (TABLE_RECORDER_RUNS, TABLE_SCHEMA_CHANGES):
|
||||
cursor.execute(f"SELECT * FROM {table};") # nosec # not injection
|
||||
cursor.execute(f"SELECT * FROM {table};") # noqa: S608 # not injection
|
||||
else:
|
||||
cursor.execute(f"SELECT * FROM {table} LIMIT 1;") # nosec # not injection
|
||||
cursor.execute(
|
||||
f"SELECT * FROM {table} LIMIT 1;" # noqa: S608 # not injection
|
||||
)
|
||||
|
||||
return True
|
||||
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ _LOGGER = logging.getLogger(__name__)
|
|||
|
||||
DEFAULT_BRAND = "YI Home Camera"
|
||||
DEFAULT_PASSWORD = ""
|
||||
DEFAULT_PATH = "/tmp/sd/record" # nosec
|
||||
DEFAULT_PATH = "/tmp/sd/record" # noqa: S108
|
||||
DEFAULT_PORT = 21
|
||||
DEFAULT_USERNAME = "root"
|
||||
DEFAULT_ARGUMENTS = "-pred 1"
|
||||
|
|
|
|||
|
|
@ -251,6 +251,23 @@ select = [
|
|||
"ICN001", # import concentions; {name} should be imported as {asname}
|
||||
"PGH004", # Use specific rule codes when using noqa
|
||||
"PLC0414", # Useless import alias. Import alias does not rename original package.
|
||||
"S103", # bad-file-permissions
|
||||
"S108", # hardcoded-temp-file
|
||||
"S306", # suspicious-mktemp-usage
|
||||
"S307", # suspicious-eval-usage
|
||||
"S313", # suspicious-xmlc-element-tree-usage
|
||||
"S314", # suspicious-xml-element-tree-usage
|
||||
"S315", # suspicious-xml-expat-reader-usage
|
||||
"S316", # suspicious-xml-expat-builder-usage
|
||||
"S317", # suspicious-xml-sax-usage
|
||||
"S318", # suspicious-xml-mini-dom-usage
|
||||
"S319", # suspicious-xml-pull-dom-usage
|
||||
"S320", # suspicious-xmle-tree-usage
|
||||
"S601", # paramiko-call
|
||||
"S602", # subprocess-popen-with-shell-equals-true
|
||||
"S604", # call-with-shell-equals-true
|
||||
"S608", # hardcoded-sql-expression
|
||||
"S609", # unix-command-wildcard-injection
|
||||
"SIM105", # Use contextlib.suppress({exception}) instead of try-except-pass
|
||||
"SIM117", # Merge with-statements that use the same scope
|
||||
"SIM118", # Use {key} in {dict} instead of {key} in {dict}.keys()
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
# Automatically generated from .pre-commit-config.yaml by gen_requirements_all.py, do not edit
|
||||
|
||||
bandit==1.7.4
|
||||
black==23.3.0
|
||||
codespell==2.2.2
|
||||
isort==5.12.0
|
||||
|
|
|
|||
|
|
@ -1,21 +0,0 @@
|
|||
# https://bandit.readthedocs.io/en/latest/config.html
|
||||
|
||||
tests:
|
||||
- B103
|
||||
- B108
|
||||
- B306
|
||||
- B307
|
||||
- B313
|
||||
- B314
|
||||
- B315
|
||||
- B316
|
||||
- B317
|
||||
- B318
|
||||
- B319
|
||||
- B320
|
||||
- B325
|
||||
- B601
|
||||
- B602
|
||||
- B604
|
||||
- B608
|
||||
- B609
|
||||
|
|
@ -145,7 +145,7 @@ async def test_poll_when_cover_has_command_state(
|
|||
await hass.async_block_till_done()
|
||||
check_output.assert_called_once_with(
|
||||
"echo state",
|
||||
shell=True, # nosec # shell by design
|
||||
shell=True, # noqa: S604 # shell by design
|
||||
timeout=15,
|
||||
close_fds=False,
|
||||
)
|
||||
|
|
|
|||
|
|
@ -167,7 +167,7 @@ async def test_template_render_with_quote(hass: HomeAssistant) -> None:
|
|||
assert len(check_output.mock_calls) == 1
|
||||
check_output.assert_called_with(
|
||||
'echo "sensor_value" "3 4"',
|
||||
shell=True, # nosec # shell by design
|
||||
shell=True, # noqa: S604 # shell by design
|
||||
timeout=15,
|
||||
close_fds=False,
|
||||
)
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ async def test_kill_process() -> None:
|
|||
"""Test killing a process."""
|
||||
sleeper = subprocess.Popen(
|
||||
"sleep 1000",
|
||||
shell=True, # nosec # shell by design
|
||||
shell=True, # noqa: S602 # shell by design
|
||||
stdout=subprocess.DEVNULL,
|
||||
stderr=subprocess.DEVNULL,
|
||||
)
|
||||
|
|
|
|||
Loading…
Reference in a new issue