Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[flake8-bandit] Implement upstream updates for S311, S324 and S605 #10313

Merged
merged 7 commits into from
Mar 11, 2024
Merged

[flake8-bandit] Implement upstream updates for S311, S324 and S605 #10313

merged 7 commits into from
Mar 11, 2024

Conversation

Copy link
Contributor

github-actions bot commented Mar 9, 2024

ruff-ecosystem results

Linter (stable)

ℹ️ ecosystem check detected linter changes. (+8 -0 violations, +0 -0 fixes in 4 projects; 39 projects unchanged)

DisnakeDev/disnake (+2 -0 violations, +0 -0 fixes)

+ disnake/backoff.py:45:16: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ disnake/colour.py:135:44: S311 Standard pseudo-random generators are not suitable for cryptographic purposes

apache/airflow (+2 -0 violations, +0 -0 fixes)

ruff check --no-cache --exit-zero --ignore RUF9 --output-format concise --no-preview --select ALL

+ airflow/dag_processing/manager.py:1156:13: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/dag_processing/test_job_runner.py:363:9: S311 Standard pseudo-random generators are not suitable for cryptographic purposes

model-bakers/model_bakery (+1 -0 violations, +0 -0 fixes)

+ model_bakery/random_gen.py:30:16: S311 Standard pseudo-random generators are not suitable for cryptographic purposes

zulip/zulip (+3 -0 violations, +0 -0 fixes)

ruff check --no-cache --exit-zero --ignore RUF9 --output-format concise --no-preview --select ALL

+ analytics/lib/fixtures.py:39:11: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tools/lib/provision.py:280:60: S605 Starting a process with a shell: seems safe, but may be changed in the future; consider rewriting without `shell`
+ tools/lib/provision.py:280:60: S607 Starting a process with a partial executable path

Changes by rule (3 rules affected)

code total + violation - violation + fix - fix
S311 6 6 0 0 0
S605 1 1 0 0 0
S607 1 1 0 0 0

Linter (preview)

ℹ️ ecosystem check detected linter changes. (+8 -0 violations, +0 -0 fixes in 4 projects; 39 projects unchanged)

DisnakeDev/disnake (+2 -0 violations, +0 -0 fixes)

ruff check --no-cache --exit-zero --ignore RUF9 --output-format concise --preview

+ disnake/backoff.py:45:16: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ disnake/colour.py:135:44: S311 Standard pseudo-random generators are not suitable for cryptographic purposes

apache/airflow (+2 -0 violations, +0 -0 fixes)

ruff check --no-cache --exit-zero --ignore RUF9 --output-format concise --preview --select ALL

+ airflow/dag_processing/manager.py:1156:13: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/dag_processing/test_job_runner.py:363:9: S311 Standard pseudo-random generators are not suitable for cryptographic purposes

model-bakers/model_bakery (+1 -0 violations, +0 -0 fixes)

ruff check --no-cache --exit-zero --ignore RUF9 --output-format concise --preview

+ model_bakery/random_gen.py:30:16: S311 Standard pseudo-random generators are not suitable for cryptographic purposes

zulip/zulip (+3 -0 violations, +0 -0 fixes)

ruff check --no-cache --exit-zero --ignore RUF9 --output-format concise --preview --select ALL

+ analytics/lib/fixtures.py:39:11: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tools/lib/provision.py:280:60: S605 Starting a process with a shell: seems safe, but may be changed in the future; consider rewriting without `shell`
+ tools/lib/provision.py:280:60: S607 Starting a process with a partial executable path

Changes by rule (3 rules affected)

code total + violation - violation + fix - fix
S311 6 6 0 0 0
S605 1 1 0 0 0
S607 1 1 0 0 0

Formatter (stable)

✅ ecosystem check detected no format changes.

Formatter (preview)

✅ ecosystem check detected no format changes.

@mkniewallner mkniewallner marked this pull request as ready for review March 9, 2024 13:59
@mkniewallner
Copy link
Contributor Author

mkniewallner commented Mar 9, 2024

Not sure why there is a new match for S607 on zulip in the ecosystem check as it was not changed.

@charliermarsh charliermarsh self-requested a review March 11, 2024 20:48
@charliermarsh charliermarsh added the rule Implementing or modifying a lint rule label Mar 11, 2024
Copy link
Member

@charliermarsh charliermarsh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, this looks great -- thanks!

@charliermarsh
Copy link
Member

Not sure why there is a new match for S607 on zulip in the ecosystem check as it was not changed.

I think it's because you added getstatusoutput to the list of shell-like calls.

@charliermarsh charliermarsh enabled auto-merge (squash) March 11, 2024 20:58
@charliermarsh charliermarsh merged commit bc693ea into astral-sh:main Mar 11, 2024
17 checks passed
@mkniewallner
Copy link
Contributor Author

Not sure why there is a new match for S607 on zulip in the ecosystem check as it was not changed.

I think it's because you added getstatusoutput to the list of shell-like calls.

Oh yeah sorry, I did not know what S607 was exactly, and didn't see that this change would also apply to this rule. But it does seem legit to handle this new case for S607, as this is the core logic to detect shell invocations, so all good it seems!

@mkniewallner mkniewallner deleted the feat/update-bandit-rules branch March 11, 2024 21:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
rule Implementing or modifying a lint rule
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants