Address security issues identified by bandit #1386
Labels
good first issue
This issue is simpler to address
Comments
2 tasks
This was referenced Feb 17, 2021
MoseleyS
pushed a commit
to MoseleyS/improver
that referenced
this issue
Aug 22, 2024
…pv#1421) * Process weather symbols using nested lists of constraints instead of strings. This avoids the need for eval. * Sort imports * Put process method at end of class * Check that second element of result is correct. * Use np.isclose for matching thresholds within tolerance * Fix threshold coord name for vicinity cubes * Fix comment * Fix merge mistake * Minor updates to comments and tests * Remove unused code; construct_extract_constraint now only accepts single diagnostics, not lists * Change some references to tolerance properties of WeatherSymbols to instead use the current instance * Add test for bad input * Remove unused code * Fix test * Fix tests * Fix formatting * Change reference to tolerance properties to use self * Add test
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bandit has identified three security related code issues - see PR #1385 and associated Github actions run.
The two assert statements should be easy to replace with a raised exception.
The eval usage will need some investigation in order to determine another approach to implement the same functionality while avoiding use of eval.
The text was updated successfully, but these errors were encountered: