Upgrade pre-commit hooks and introduce bandit hook
All checks were successful
ci/woodpecker/manual/woodpecker Pipeline was successful
ci/woodpecker/tag/woodpecker Pipeline was successful

This commit is contained in:
Benjamin Renard 2023-11-29 18:47:47 +01:00
parent dba77147a5
commit 487d38eafe
Signed by: bn8
GPG key ID: 3E2E1CE1907115BC
2 changed files with 36 additions and 31 deletions

View file

@ -1,26 +1,13 @@
# Pre-commit hooks to run tests and ensure code is cleaned. # Pre-commit hooks to run tests and ensure code is cleaned.
# See https://pre-commit.com for more information # See https://pre-commit.com for more information
repos: repos:
- repo: local
hooks:
- id: pylint
name: pylint
entry: pylint
language: system
types: [python]
require_serial: true
- repo: https://github.com/PyCQA/flake8
rev: 6.0.0
hooks:
- id: flake8
args: ['--max-line-length=100']
- repo: https://github.com/asottile/pyupgrade - repo: https://github.com/asottile/pyupgrade
rev: v3.3.1 rev: v3.15.0
hooks: hooks:
- id: pyupgrade - id: pyupgrade
args: ['--keep-percent-format', '--py37-plus'] args: ['--keep-percent-format', '--py37-plus']
- repo: https://github.com/psf/black - repo: https://github.com/psf/black
rev: 22.12.0 rev: 23.11.0
hooks: hooks:
- id: black - id: black
args: ['--target-version', 'py37', '--line-length', '100'] args: ['--target-version', 'py37', '--line-length', '100']
@ -29,3 +16,21 @@ repos:
hooks: hooks:
- id: isort - id: isort
args: ['--profile', 'black', '--line-length', '100'] args: ['--profile', 'black', '--line-length', '100']
- repo: https://github.com/PyCQA/flake8
rev: 6.1.0
hooks:
- id: flake8
args: ['--max-line-length=100']
- repo: local
hooks:
- id: pylint
name: pylint
entry: pylint
language: system
types: [python]
require_serial: true
- repo: https://github.com/PyCQA/bandit
rev: 1.7.5
hooks:
- id: bandit
args: [--skip, "B101", --recursive, "mylib"]

View file

@ -21,7 +21,7 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
import argparse import argparse
import logging import logging
import re import re
import subprocess import subprocess # nosec
import sys import sys
import requests import requests
@ -59,7 +59,7 @@ logging.debug("Command use to retreive current version of Forgejo: %s", " ".join
OUTPUT = None OUTPUT = None
EXCEPTION = None EXCEPTION = None
try: try:
OUTPUT = subprocess.check_output(cmd) OUTPUT = subprocess.check_output(cmd) # nosec
logging.debug("Output:\n%s", OUTPUT) logging.debug("Output:\n%s", OUTPUT)
m = re.search("version ([^ ]+) built", OUTPUT.decode("utf8", errors="ignore")) m = re.search("version ([^ ]+) built", OUTPUT.decode("utf8", errors="ignore"))
if m: if m:
@ -106,7 +106,7 @@ try:
LATEST_INT = version_int LATEST_INT = version_int
else: else:
logging.debug("Version %s considered as oldest than %s", version, LATEST) logging.debug("Version %s considered as oldest than %s", version, LATEST)
except Exception: # pylint: disable=broad-except except Exception: # pylint: disable=broad-except # nosec
pass pass
logging.debug("Latest version: %s", LATEST) logging.debug("Latest version: %s", LATEST)