From 7ca4c0ddc901ed389987fc0ee371a3715f197835 Mon Sep 17 00:00:00 2001 From: Nicolas Vuillamy Date: Sun, 26 Mar 2023 12:42:36 +0200 Subject: [PATCH] Allow bandit to use pyproject.toml (#2475) * Allow bandit to use pyproject.toml Fixes https://github.com/oxsecurity/megalinter/issues/2465 * [MegaLinter] Apply linters fixes * [MegaLinter] Apply linters fixes --------- Co-authored-by: nvuillam --- CHANGELOG.md | 1 + Dockerfile | 2 +- docs/mega-linter-runner.md | 2 +- flavors/python/Dockerfile | 2 +- flavors/security/Dockerfile | 2 +- linters/python_bandit/Dockerfile | 2 +- megalinter/descriptors/python.megalinter-descriptor.yml | 1 + 7 files changed, 7 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4aa639ea916..9451554e26a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l - [phpcs](https://megalinter.io/latest/descriptors/php_phpcs/): Add regex in descriptor to be able to extract the number of found errors - Use docker image to install phpstan - Avoid cspell error on readonly workspaces + - Allow bandit to use pyproject.toml - Core - Run CI linter jobs only on Pull requests to avoid doubling jobs diff --git a/Dockerfile b/Dockerfile index 699b2cb6c77..d884056d931 100644 --- a/Dockerfile +++ b/Dockerfile @@ -164,7 +164,7 @@ RUN PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir --upgrade pip virtuale && mkdir -p "/venvs/black" && cd "/venvs/black" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir black && deactivate && cd ./../.. \ && mkdir -p "/venvs/flake8" && cd "/venvs/flake8" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir flake8 && deactivate && cd ./../.. \ && mkdir -p "/venvs/isort" && cd "/venvs/isort" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir isort black && deactivate && cd ./../.. \ - && mkdir -p "/venvs/bandit" && cd "/venvs/bandit" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir bandit bandit_sarif_formatter && deactivate && cd ./../.. \ + && mkdir -p "/venvs/bandit" && cd "/venvs/bandit" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir bandit bandit_sarif_formatter bandit[toml] && deactivate && cd ./../.. \ && mkdir -p "/venvs/mypy" && cd "/venvs/mypy" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir mypy && deactivate && cd ./../.. \ && mkdir -p "/venvs/pyright" && cd "/venvs/pyright" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir pyright && deactivate && cd ./../.. \ && mkdir -p "/venvs/checkov" && cd "/venvs/checkov" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir packaging checkov && deactivate && cd ./../.. \ diff --git a/docs/mega-linter-runner.md b/docs/mega-linter-runner.md index 4215287681f..c6ba9b98f8d 100644 --- a/docs/mega-linter-runner.md +++ b/docs/mega-linter-runner.md @@ -78,7 +78,7 @@ mega-linter-runner [OPTIONS] [FILES] The options are only related to mega-linter-runner. For MegaLinter options, please use a `.mega-linter.yml` [configuration file](#configuration) | Option | Description | Default | -| ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | +|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------| | `-p`
`--path` | Directory containing the files to lint | current directory | | `-f`
`--flavor` | Set this parameter to use a [MegaLinter flavor](https://megalinter.io/flavors/) | `all` | | `-d`
`--image` | You can override the used docker image, including if it is on another docker registry | | diff --git a/flavors/python/Dockerfile b/flavors/python/Dockerfile index cd984eda28f..0c5be4c3478 100644 --- a/flavors/python/Dockerfile +++ b/flavors/python/Dockerfile @@ -103,7 +103,7 @@ RUN PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir --upgrade pip virtuale && mkdir -p "/venvs/black" && cd "/venvs/black" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir black && deactivate && cd ./../.. \ && mkdir -p "/venvs/flake8" && cd "/venvs/flake8" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir flake8 && deactivate && cd ./../.. \ && mkdir -p "/venvs/isort" && cd "/venvs/isort" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir isort black && deactivate && cd ./../.. \ - && mkdir -p "/venvs/bandit" && cd "/venvs/bandit" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir bandit bandit_sarif_formatter && deactivate && cd ./../.. \ + && mkdir -p "/venvs/bandit" && cd "/venvs/bandit" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir bandit bandit_sarif_formatter bandit[toml] && deactivate && cd ./../.. \ && mkdir -p "/venvs/mypy" && cd "/venvs/mypy" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir mypy && deactivate && cd ./../.. \ && mkdir -p "/venvs/pyright" && cd "/venvs/pyright" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir pyright && deactivate && cd ./../.. \ && mkdir -p "/venvs/checkov" && cd "/venvs/checkov" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir packaging checkov && deactivate && cd ./../.. \ diff --git a/flavors/security/Dockerfile b/flavors/security/Dockerfile index ba27344f494..816b4ac83ea 100644 --- a/flavors/security/Dockerfile +++ b/flavors/security/Dockerfile @@ -94,7 +94,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin || true && \ RUN PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir --upgrade pip virtualenv \ && mkdir -p "/venvs/ansible-lint" && cd "/venvs/ansible-lint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir ansible-lint && deactivate && cd ./../.. \ && mkdir -p "/venvs/cfn-lint" && cd "/venvs/cfn-lint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir cfn-lint && deactivate && cd ./../.. \ - && mkdir -p "/venvs/bandit" && cd "/venvs/bandit" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir bandit bandit_sarif_formatter && deactivate && cd ./../.. \ + && mkdir -p "/venvs/bandit" && cd "/venvs/bandit" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir bandit bandit_sarif_formatter bandit[toml] && deactivate && cd ./../.. \ && mkdir -p "/venvs/checkov" && cd "/venvs/checkov" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir packaging checkov && deactivate && cd ./../.. \ && mkdir -p "/venvs/semgrep" && cd "/venvs/semgrep" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir semgrep && deactivate && cd ./../.. \ && find . | grep -E "(/__pycache__$|\.pyc$|\.pyo$)" | xargs rm -rf && rm -rf /root/.cache diff --git a/linters/python_bandit/Dockerfile b/linters/python_bandit/Dockerfile index 11fc1088852..c7c91583b4e 100644 --- a/linters/python_bandit/Dockerfile +++ b/linters/python_bandit/Dockerfile @@ -70,7 +70,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin || true && \ #PIPVENV__START RUN PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir --upgrade pip virtualenv \ - && mkdir -p "/venvs/bandit" && cd "/venvs/bandit" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir bandit bandit_sarif_formatter && deactivate && cd ./../.. \ + && mkdir -p "/venvs/bandit" && cd "/venvs/bandit" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir bandit bandit_sarif_formatter bandit[toml] && deactivate && cd ./../.. \ && find . | grep -E "(/__pycache__$|\.pyc$|\.pyo$)" | xargs rm -rf && rm -rf /root/.cache ENV PATH="${PATH}":/venvs/bandit/bin #PIPVENV__END diff --git a/megalinter/descriptors/python.megalinter-descriptor.yml b/megalinter/descriptors/python.megalinter-descriptor.yml index 914bf11a1a5..103b9302588 100644 --- a/megalinter/descriptors/python.megalinter-descriptor.yml +++ b/megalinter/descriptors/python.megalinter-descriptor.yml @@ -209,6 +209,7 @@ linters: pip: - bandit - bandit_sarif_formatter + - bandit[toml] ide: atom: - name: bandit-lint