Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

implement experimental configuration file to enable flake8-bandit #59

Open
moylop260 opened this issue Sep 22, 2022 · 1 comment
Open

implement experimental configuration file to enable flake8-bandit #59

moylop260 opened this issue Sep 22, 2022 · 1 comment
Assignees
@antonag32
Labels
on-hold

Comments

@moylop260
Copy link
Collaborator

Currenlty, we have 3 steps and 3 pre-commit-config.*.yaml files:

  1. Autofixes .pre-commit-config-autofix.yaml
  2. Optional .pre-commit-config-optional.yaml
  3. Mandatory .pre-commit-config.yaml

We need an extra feature to test na ew feature but without affecting any build status

I mean,

  1. Mandatory .pre-commit-config-experimental.yaml

We have already considered from -t, --precommit-hooks-type [mandatory|optional|fix|experimental|all|-mandatory|-optional|-fix|-experimental] but unused yet

I saw the following cool features:

Running the following command:

flake8 --select=S --exclude=__init__.py --exclude=migrations *

It raises the following errors:

  • S608 Possible SQL injection vector through string-based query construction.
    • But it is duplicated from pylint-odoo plugin
  • S101 Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
    • Maybe valid case
  • S410 Using objectify to parse untrusted XML data is known to be vulnerable to XML attacks. Replace objectify with the equivalent defusedxml package.
    • Maybe valid case
  • S310 Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
    • Maybe valid case

We need to see the output from a few projects and configure fine grain to enable/disable the correct ones for us

After this we could move it from experimental to optional or mandatory in the future

Even if this is raising this kind of errors the summary result should be:

  • Experimental <green>error</green>
+=======================================
|  Tests summary:
|---------------------------------------
| Mandatory checks            Failed  # RED COLOR
| Optional checks             Failed  # YELLOW COLOR
| Experimental checks             Failed  #  GREEN COLOR
+=======================================

Screen Shot 2022-09-21 at 23 00 48
@moylop260
Copy link
Collaborator Author

Olivier Dony said me good point to avoid using it

Since lxml was updated the security issues

So, we need to be sure what checks we need to enable

For now, set on-hold

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@antonag32 antonag32

Labels
on-hold
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@moylop260 @antonag32