feat: Add bandit ci pipeline (#1200)

* feat: Add bandit ci pipeline * feat: add useforsecurty false for bandit pipeline * feat: Add report only for High severity issues
crewAIInc · Aug 15, 2024 · d0707fa · d0707fa
1 parent 92a77e5
commit d0707fa
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 3 deletions.
diff --git a/.github/workflows/security-checker.yml b/.github/workflows/security-checker.yml
@@ -0,0 +1,23 @@
+name: Security Checker
+
+on: [pull_request]
+
+jobs:
+  security-check:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.11.9"
+
+      - name: Install dependencies
+        run: pip install bandit
+
+      - name: Run Bandit
+        run: bandit -c pyproject.toml -r src/ -lll
+
diff --git a/pyproject.toml b/pyproject.toml
@@ -62,6 +62,9 @@ ignore_missing_imports = true
 disable_error_code = 'import-untyped'
 exclude = ["cli/templates"]
 
+[tool.bandit]
+exclude_dirs = ["src/crewai/cli/templates"]
+
 [build-system]
 requires = ["poetry-core"]
 build-backend = "poetry.core.masonry.api"
diff --git a/src/crewai/agents/agent_builder/base_agent.py b/src/crewai/agents/agent_builder/base_agent.py
@@ -170,7 +170,7 @@ def set_private_attrs(self):
     @property
     def key(self):
         source = [self.role, self.goal, self.backstory]
-        return md5("|".join(source).encode()).hexdigest()
+        return md5("|".join(source).encode(), usedforsecurity=False).hexdigest()
 
     @abstractmethod
     def execute_task(

diff --git a/src/crewai/crew.py b/src/crewai/crew.py
@@ -363,7 +363,7 @@ def key(self) -> str:
         source = [agent.key for agent in self.agents] + [
             task.key for task in self.tasks
         ]
-        return md5("|".join(source).encode()).hexdigest()
+        return md5("|".join(source).encode(), usedforsecurity=False).hexdigest()
 
     def _setup_from_config(self):
         assert self.config is not None, "Config should not be None."

diff --git a/src/crewai/task.py b/src/crewai/task.py
@@ -185,7 +185,7 @@ def key(self) -> str:
         expected_output = self._original_expected_output or self.expected_output
         source = [description, expected_output]
 
-        return md5("|".join(source).encode()).hexdigest()
+        return md5("|".join(source).encode(), usedforsecurity=False).hexdigest()
 
     def execute_async(
         self,