From 47e33f9d922e0bed9fd863f40677712112caa431 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Skytt=C3=A4?= Date: Sun, 15 Aug 2021 14:07:01 +0300 Subject: [PATCH] test(pre-commit): use flake8-bandit For one config block fewer, run also by tools only aware of flake8 and not bandit specifically. Too bad the `nosec: B101` does not seem enough when ran through flake8-bandit, https://github.com/tylerwince/flake8-bandit/issues/20 Leaving both in for now so raw CLI `bandit` runs get it filtered, too. --- .pre-commit-config.yaml | 7 ++----- test_hashpipe.py | 24 +++++++++++++++--------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 13a55c8..2a67fbd 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -5,11 +5,6 @@ repos: hooks: - id: black - - repo: https://github.com/PyCQA/bandit - rev: 1.7.0 - hooks: - - id: bandit - - repo: https://github.com/PyCQA/flake8 rev: 3.9.2 hooks: @@ -17,6 +12,8 @@ repos: additional_dependencies: - pycodestyle==2.7.0 - pyflakes==2.3.1 + - flake8-bandit==2.1.2 + - bandit==1.7.0 - flake8-bugbear==21.4.3 - flake8-docstrings==1.6.0 - pydocstyle==6.1.1 diff --git a/test_hashpipe.py b/test_hashpipe.py index ac9b412..fc748e9 100644 --- a/test_hashpipe.py +++ b/test_hashpipe.py @@ -139,7 +139,9 @@ def test_ref_nongrouping() -> None: expected = _format_hash(hash_) hashpipe = Hashpipe(pattern=case.pattern, algorithm=algorithm, key=case.key) - assert hashpipe.hash_matches(case.data) == expected # nosec: B101 + assert ( # noqa: S101 # nosec: B101 + hashpipe.hash_matches(case.data) == expected + ) outbuf = BytesIO() with patch( @@ -154,7 +156,7 @@ def test_ref_nongrouping() -> None: ], ): main(in_=(case.data,), out=outbuf) - assert outbuf.getvalue() == expected # nosec: B101 + assert outbuf.getvalue() == expected # noqa: S101 # nosec: B101 def test_grouping() -> None: @@ -206,7 +208,9 @@ def test_grouping() -> None: hashpipe = Hashpipe( pattern=case.pattern, algorithm=case.algorithm, key=case.key ) - assert hashpipe.hash_matches(case.data) == case.result # nosec: B101 + assert ( # noqa: S101 # nosec: B101 + hashpipe.hash_matches(case.data) == case.result + ) outbuf = BytesIO() with patch( @@ -221,7 +225,7 @@ def test_grouping() -> None: ], ): main(in_=(case.data,), out=outbuf) - assert outbuf.getvalue() == case.result # nosec: B101 + assert outbuf.getvalue() == case.result # noqa: S101 # nosec: B101 def test_prefixing() -> None: @@ -236,7 +240,7 @@ def test_prefixing() -> None: hashpipe = Hashpipe( pattern=re.compile(b".*"), algorithm=algorithm, key=key, prefix=prefix ) - assert hashpipe.hash_matches(data) == expected # nosec: B101 + assert hashpipe.hash_matches(data) == expected # noqa: S101 # nosec: B101 outbuf = BytesIO() with patch( @@ -253,7 +257,7 @@ def test_prefixing() -> None: ], ): main(in_=(b"",), out=outbuf) - assert outbuf.getvalue() == expected # nosec: B101 + assert outbuf.getvalue() == expected # noqa: S101 # nosec: B101 def test_invalid_cli_regex() -> None: @@ -267,8 +271,10 @@ def test_available_algorithms() -> None: """Test finding available algorithms.""" avail = _available_algorithms() # Some found? - assert avail # nosec: B101 + assert avail # noqa: S101 # nosec: B101 # Ones containing "with" have been excluded? - assert not any("with" in x for x in avail) # nosec: B101 + assert not any("with" in x for x in avail) # noqa: S101 # nosec: B101 # Non-lowercase variants have been excluded? - assert not any(x.lower() in avail for x in avail if x != x.lower()) # nosec: B101 + assert not any( # noqa: S101 # nosec: B101 + x.lower() in avail for x in avail if x != x.lower() + )