From 6238bb8c0fe8474e5847d010181802524ab66587 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Brunner?= Date: Tue, 8 Oct 2024 12:16:44 +0200 Subject: [PATCH] Fix for new Prospector version --- acceptance_tests/.prospector.yaml | 21 ++- acceptance_tests/acceptance/file/conftest.py | 4 +- .../acceptance/inline/conftest.py | 4 +- .../acceptance/normal/conftest.py | 4 +- .../acceptance/normal/test_workflow.py | 2 +- acceptance_tests/poetry.lock | 26 ++- acceptance_tests/pyproject.toml | 2 + app/.bandit.yaml | 3 + app/.prospector.yaml | 33 ++-- app/poetry.lock | 150 +++++++++++++++++- app/pyproject.toml | 4 +- app/shared_config_manager/services.py | 4 +- app/shared_config_manager/sources/base.py | 8 +- app/shared_config_manager/sources/registry.py | 6 +- .../template_engines/base.py | 2 +- .../template_engines/mako.py | 2 +- .../template_engines/shell.py | 4 +- app/shared_config_manager/views.py | 6 +- 18 files changed, 228 insertions(+), 57 deletions(-) create mode 100644 app/.bandit.yaml diff --git a/acceptance_tests/.prospector.yaml b/acceptance_tests/.prospector.yaml index 3be3d886..ec97a189 100644 --- a/acceptance_tests/.prospector.yaml +++ b/acceptance_tests/.prospector.yaml @@ -1,13 +1,18 @@ ---- -max-line-length: 110 +inherits: + - utils:base + - utils:no-design-checks + - utils:fix + - duplicated pylint: disable: - - wrong-import-order - - no-else-return - - broad-except - - unused-argument - - missing-timeout # Default timeout set by c2cwsgiutils + - missing-timeout # Done by c2cwsgiutils -mccabe: +mypy: + run: false + +bandit: + run: false + +pyroma: run: false diff --git a/acceptance_tests/acceptance/file/conftest.py b/acceptance_tests/acceptance/file/conftest.py index a457dff4..43f7772a 100644 --- a/acceptance_tests/acceptance/file/conftest.py +++ b/acceptance_tests/acceptance/file/conftest.py @@ -10,6 +10,7 @@ def composition(request): """ Fixture that will wait that the composition is started, used for all the tests. """ + del request for slave in ("api",): path = os.path.join("/config", slave) os.makedirs(path, exist_ok=True) @@ -20,8 +21,9 @@ def composition(request): @pytest.fixture -def app_connection(composition): +def app_connection(composition): # pylint: disable=redefined-outer-name """ Fixture that returns a connection to a running batch container. """ + del composition return Connection(base_url="http://api_file:8080/scm/", origin="http://example.com/") diff --git a/acceptance_tests/acceptance/inline/conftest.py b/acceptance_tests/acceptance/inline/conftest.py index 095c6a47..81376a0d 100644 --- a/acceptance_tests/acceptance/inline/conftest.py +++ b/acceptance_tests/acceptance/inline/conftest.py @@ -10,6 +10,7 @@ def composition(request): """ Fixture that will wait that the composition is started, used for all the tests. """ + del request for slave in ("api",): path = os.path.join("/config", slave) os.makedirs(path, exist_ok=True) @@ -20,8 +21,9 @@ def composition(request): @pytest.fixture -def app_connection(composition): +def app_connection(composition): # pylint: disable=redefined-outer-name """ Fixture that returns a connection to a running batch container. """ + del composition return Connection(base_url="http://api_inline:8080/scm/", origin="http://example.com/") diff --git a/acceptance_tests/acceptance/normal/conftest.py b/acceptance_tests/acceptance/normal/conftest.py index a2921734..c7572114 100644 --- a/acceptance_tests/acceptance/normal/conftest.py +++ b/acceptance_tests/acceptance/normal/conftest.py @@ -44,6 +44,7 @@ def composition(request): """ Fixture that will wait that the composition is started, used for all the tests. """ + del request for slave in ("api", "slave", "slave-others"): path = os.path.join("/config", slave) os.makedirs(path, exist_ok=True) @@ -55,8 +56,9 @@ def composition(request): @pytest.fixture -def app_connection(composition: None): +def app_connection(composition: None): # pylint: disable=redefined-outer-name """ Fixture that returns a connection to a running batch container. """ + del composition return Connection(base_url="http://api:8080/scm/", origin="http://example.com/") diff --git a/acceptance_tests/acceptance/normal/test_workflow.py b/acceptance_tests/acceptance/normal/test_workflow.py index 7eb21f92..d37aa296 100644 --- a/acceptance_tests/acceptance/normal/test_workflow.py +++ b/acceptance_tests/acceptance/normal/test_workflow.py @@ -77,7 +77,7 @@ def git_source(app_connection: Connection): assert not os.path.exists(os.path.join("/config", slave, "other")) -def test_ok(app_connection, git_source): +def test_ok(app_connection, git_source): # pylint: disable=redefined-outer-name time.sleep(0.1) for slave in ("api", "slave"): diff --git a/acceptance_tests/poetry.lock b/acceptance_tests/poetry.lock index dc68c784..0181c1a5 100644 --- a/acceptance_tests/poetry.lock +++ b/acceptance_tests/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 1.6.1 and should not be changed by hand. +# This file is automatically @generated by Poetry 1.8.3 and should not be changed by hand. [[package]] name = "alembic" @@ -1292,6 +1292,28 @@ with-pyright = ["pyright (>=1.1.3)"] with-pyroma = ["pyroma (>=2.4)"] with-vulture = ["vulture (>=1.5)"] +[[package]] +name = "prospector-profile-duplicated" +version = "1.6.0" +description = "Profile that can be used to disable the duplicated or conflict rules between Prospector and other tools" +optional = false +python-versions = "*" +files = [ + {file = "prospector_profile_duplicated-1.6.0-py2.py3-none-any.whl", hash = "sha256:bf6a6aae0c7de48043b95e4d42e23ccd090c6c7115b6ee8c8ca472ffb1a2022b"}, + {file = "prospector_profile_duplicated-1.6.0.tar.gz", hash = "sha256:9c2d541076537405e8b2484cb6222276a2df17492391b6af1b192695770aab83"}, +] + +[[package]] +name = "prospector-profile-utils" +version = "1.8.0" +description = "Some utility Prospector profiles." +optional = false +python-versions = "*" +files = [ + {file = "prospector_profile_utils-1.8.0-py2.py3-none-any.whl", hash = "sha256:dfc3009033d952dc2beb45da6c59e18e6f6b97cc91e6226ebd0d016156952d08"}, + {file = "prospector_profile_utils-1.8.0.tar.gz", hash = "sha256:d496253930542ebb820b335ca20b20975884889d02f8b168f7401669f2669a3a"}, +] + [[package]] name = "psycopg2" version = "2.9.9" @@ -2345,4 +2367,4 @@ test = ["zope.testing"] [metadata] lock-version = "2.0" python-versions = ">=3.9,<3.11" -content-hash = "43c362e8a58ac97f63499c5bdd5f1a26baafc18b1f2e898050c58649d8de1c14" +content-hash = "46b85fa311f1eb648535a19534b64f936f0119fdcfbccf8ea4c7b31c8a7c3ab6" diff --git a/acceptance_tests/pyproject.toml b/acceptance_tests/pyproject.toml index d6cc1b63..44abf5a0 100644 --- a/acceptance_tests/pyproject.toml +++ b/acceptance_tests/pyproject.toml @@ -8,6 +8,8 @@ authors = [] python = ">=3.9,<3.11" pytest-cov = "5.0.0" prospector = "1.12.0" +prospector-profile-duplicated = "1.6.0" +prospector-profile-utils = "1.8.0" typing-extensions = "4.12.2" c2cwsgiutils = { version = "6.0.8", extras = ["standard", "test_images"] } requests = "2.32.3" diff --git a/app/.bandit.yaml b/app/.bandit.yaml new file mode 100644 index 00000000..25873d3a --- /dev/null +++ b/app/.bandit.yaml @@ -0,0 +1,3 @@ +skips: + - B101 # Use of assert detected. The enclosed code will be removed when compiling to optimized byte code. + - B113 # Call to requests without timeout diff --git a/app/.prospector.yaml b/app/.prospector.yaml index c33095ae..e87062b7 100644 --- a/app/.prospector.yaml +++ b/app/.prospector.yaml @@ -1,28 +1,13 @@ ---- -strictness: veryhigh - -max-line-length: 110 +inherits: + - utils:base + - utils:no-design-checks + - utils:fix + - duplicated pylint: disable: - - too-many-locals - - too-many-branches - - too-many-arguments - - too-many-instance-attributes - - too-many-statements - - too-few-public-methods - - wrong-import-order - - no-else-return - - broad-except - - raising-format-tuple - - missing-timeout # Default timeout set by c2cwsgiutils - -pyflakes: - disable: - - F401 # imported but unused, done by pylint - -mccabe: - run: false + - missing-timeout # Done by c2cwsgiutils -mypy: - run: true +bandit: + options: + config: .bandit.yaml diff --git a/app/poetry.lock b/app/poetry.lock index ed79f809..75d5c51b 100644 --- a/app/poetry.lock +++ b/app/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 1.6.1 and should not be changed by hand. +# This file is automatically @generated by Poetry 1.8.3 and should not be changed by hand. [[package]] name = "alembic" @@ -68,6 +68,31 @@ test = ["beautifulsoup4 (>=4.8.0)", "coverage (>=4.5.4)", "fixtures (>=3.0.0)", toml = ["tomli (>=1.1.0)"] yaml = ["PyYAML"] +[[package]] +name = "build" +version = "1.2.2.post1" +description = "A simple, correct Python build frontend" +optional = false +python-versions = ">=3.8" +files = [ + {file = "build-1.2.2.post1-py3-none-any.whl", hash = "sha256:1d61c0887fa860c01971625baae8bdd338e517b836a2f70dd1f7aa3a6b2fc5b5"}, + {file = "build-1.2.2.post1.tar.gz", hash = "sha256:b36993e92ca9375a219c99e606a122ff365a760a2d4bba0caa09bd5278b608b7"}, +] + +[package.dependencies] +colorama = {version = "*", markers = "os_name == \"nt\""} +importlib-metadata = {version = ">=4.6", markers = "python_full_version < \"3.10.2\""} +packaging = ">=19.1" +pyproject_hooks = "*" +tomli = {version = ">=1.1.0", markers = "python_version < \"3.11\""} + +[package.extras] +docs = ["furo (>=2023.08.17)", "sphinx (>=7.0,<8.0)", "sphinx-argparse-cli (>=1.5)", "sphinx-autodoc-typehints (>=1.10)", "sphinx-issues (>=3.0.0)"] +test = ["build[uv,virtualenv]", "filelock (>=3)", "pytest (>=6.2.4)", "pytest-cov (>=2.12)", "pytest-mock (>=2)", "pytest-rerunfailures (>=9.1)", "pytest-xdist (>=1.34)", "setuptools (>=42.0.0)", "setuptools (>=56.0.0)", "setuptools (>=56.0.0)", "setuptools (>=67.8.0)", "wheel (>=0.36.0)"] +typing = ["build[uv]", "importlib-metadata (>=5.1)", "mypy (>=1.9.0,<1.10.0)", "tomli", "typing-extensions (>=3.7.4.3)"] +uv = ["uv (>=0.1.18)"] +virtualenv = ["virtualenv (>=20.0.35)"] + [[package]] name = "c2cwsgiutils" version = "6.0.8" @@ -370,6 +395,17 @@ files = [ graph = ["objgraph (>=1.7.2)"] profile = ["gprof2dot (>=2022.7.29)"] +[[package]] +name = "docutils" +version = "0.21.2" +description = "Docutils -- Python Documentation Utilities" +optional = false +python-versions = ">=3.9" +files = [ + {file = "docutils-0.21.2-py3-none-any.whl", hash = "sha256:dafca5b9e384f0e419294eb4d2ff9fa826435bf15f15b7bd45723e8ad76811b2"}, + {file = "docutils-0.21.2.tar.gz", hash = "sha256:3a6b18732edf182daa3cd12775bbb338cf5691468f91eeeb109deff6ebfa986f"}, +] + [[package]] name = "dodgy" version = "0.2.1" @@ -593,6 +629,29 @@ files = [ [package.extras] all = ["flake8 (>=7.1.1)", "mypy (>=1.11.2)", "pytest (>=8.3.2)", "ruff (>=0.6.2)"] +[[package]] +name = "importlib-metadata" +version = "8.5.0" +description = "Read metadata from Python packages" +optional = false +python-versions = ">=3.8" +files = [ + {file = "importlib_metadata-8.5.0-py3-none-any.whl", hash = "sha256:45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b"}, + {file = "importlib_metadata-8.5.0.tar.gz", hash = "sha256:71522656f0abace1d072b9e5481a48f07c138e00f079c38c8f883823f9c26bd7"}, +] + +[package.dependencies] +zipp = ">=3.20" + +[package.extras] +check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1)"] +cover = ["pytest-cov"] +doc = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-lint"] +enabler = ["pytest-enabler (>=2.2)"] +perf = ["ipython"] +test = ["flufl.flake8", "importlib-resources (>=1.3)", "jaraco.test (>=5.4)", "packaging", "pyfakefs", "pytest (>=6,!=8.1.*)", "pytest-perf (>=0.9.2)"] +type = ["pytest-mypy"] + [[package]] name = "iniconfig" version = "2.0.0" @@ -1175,6 +1234,7 @@ pylint-celery = "0.3" pylint-django = ">=2.5,<2.6" pylint-flask = "0.6" pylint-plugin-utils = ">=0.7,<0.8" +pyroma = {version = ">=2.4", optional = true, markers = "extra == \"with-pyroma\" or extra == \"with_everything\""} PyYAML = "*" requirements-detector = ">=1.2.0" setoptconf-tmp = ">=0.3.1,<0.4.0" @@ -1188,6 +1248,28 @@ with-pyright = ["pyright (>=1.1.3)"] with-pyroma = ["pyroma (>=2.4)"] with-vulture = ["vulture (>=1.5)"] +[[package]] +name = "prospector-profile-duplicated" +version = "1.6.0" +description = "Profile that can be used to disable the duplicated or conflict rules between Prospector and other tools" +optional = false +python-versions = "*" +files = [ + {file = "prospector_profile_duplicated-1.6.0-py2.py3-none-any.whl", hash = "sha256:bf6a6aae0c7de48043b95e4d42e23ccd090c6c7115b6ee8c8ca472ffb1a2022b"}, + {file = "prospector_profile_duplicated-1.6.0.tar.gz", hash = "sha256:9c2d541076537405e8b2484cb6222276a2df17492391b6af1b192695770aab83"}, +] + +[[package]] +name = "prospector-profile-utils" +version = "1.9.0" +description = "Some utility Prospector profiles." +optional = false +python-versions = "*" +files = [ + {file = "prospector_profile_utils-1.9.0-py2.py3-none-any.whl", hash = "sha256:dcea1587fa9f852a9cfedc257881f60fa10ba70519dec037ad1306f5b21c89fa"}, + {file = "prospector_profile_utils-1.9.0.tar.gz", hash = "sha256:5bc95572217936829bff70ba62ee3b265917e714d445e8617b1b7477c5d6a0e8"}, +] + [[package]] name = "psycopg2" version = "2.9.9" @@ -1367,6 +1449,17 @@ files = [ [package.dependencies] pylint = ">=1.7" +[[package]] +name = "pyproject-hooks" +version = "1.2.0" +description = "Wrappers to call pyproject.toml-based build backend hooks." +optional = false +python-versions = ">=3.7" +files = [ + {file = "pyproject_hooks-1.2.0-py3-none-any.whl", hash = "sha256:9e5c6bfa8dcc30091c74b0cf803c81fdd29d94f01992a7707bc97babb1141913"}, + {file = "pyproject_hooks-1.2.0.tar.gz", hash = "sha256:1e859bd5c40fae9448642dd871adf459e5e2084186e8d2c2a79a824c970da1f8"}, +] + [[package]] name = "pyramid" version = "2.0.2" @@ -1431,6 +1524,29 @@ transaction = ">=2.0" docs = ["Sphinx (>=1.8.1)", "pylons-sphinx-themes (>=1.0.9)"] testing = ["WebTest", "coverage (>=5.0)", "pytest", "pytest-cov"] +[[package]] +name = "pyroma" +version = "4.2" +description = "Test your project's packaging friendliness" +optional = false +python-versions = ">=3.7" +files = [ + {file = "pyroma-4.2-py3-none-any.whl", hash = "sha256:a59854b6f8a72b55384cc1de42410e5c5ac59d0c40a92e84fd8364aa6cec3e37"}, + {file = "pyroma-4.2.tar.gz", hash = "sha256:6c727dc4a7a10e12274faed5fb47ebd499ca0821995befec98e3cfcaf1e7383c"}, +] + +[package.dependencies] +build = ">=0.7.0" +docutils = "*" +packaging = "*" +pygments = "*" +requests = "*" +setuptools = ">=42" +trove-classifiers = ">=2022.6.26" + +[package.extras] +test = ["setuptools (>=60)", "zest.releaser[recommended]"] + [[package]] name = "pytest" version = "8.3.3" @@ -1980,6 +2096,17 @@ files = [ [package.extras] docs = ["Sphinx (>=1.3.1)", "docutils", "pylons-sphinx-themes"] +[[package]] +name = "trove-classifiers" +version = "2024.9.12" +description = "Canonical source for classifiers on PyPI (pypi.org)." +optional = false +python-versions = "*" +files = [ + {file = "trove_classifiers-2024.9.12-py3-none-any.whl", hash = "sha256:f88a27a892891c87c5f8bbdf110710ae9e0a4725ea8e0fb45f1bcadf088a491f"}, + {file = "trove_classifiers-2024.9.12.tar.gz", hash = "sha256:4b46b3e134a4d01999ac5bc6e528afcc10cc48f0f724f185f267e276005768f4"}, +] + [[package]] name = "types-pyyaml" version = "6.0.12.20240917" @@ -2150,6 +2277,25 @@ files = [ docs = ["Sphinx (>=1.7.5)", "pylons-sphinx-themes"] testing = ["coverage", "pytest (>=3.1.0)", "pytest-cov", "pytest-xdist"] +[[package]] +name = "zipp" +version = "3.20.2" +description = "Backport of pathlib-compatible object wrapper for zip files" +optional = false +python-versions = ">=3.8" +files = [ + {file = "zipp-3.20.2-py3-none-any.whl", hash = "sha256:a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350"}, + {file = "zipp-3.20.2.tar.gz", hash = "sha256:bc9eb26f4506fda01b81bcde0ca78103b6e62f991b381fec825435c836edbc29"}, +] + +[package.extras] +check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1)"] +cover = ["pytest-cov"] +doc = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-lint"] +enabler = ["pytest-enabler (>=2.2)"] +test = ["big-O", "importlib-resources", "jaraco.functools", "jaraco.itertools", "jaraco.test", "more-itertools", "pytest (>=6,!=8.1.*)", "pytest-ignore-flaky"] +type = ["pytest-mypy"] + [[package]] name = "zope-deprecation" version = "5.0" @@ -2243,4 +2389,4 @@ test = ["zope.testing"] [metadata] lock-version = "2.0" python-versions = ">=3.9,<3.11" -content-hash = "6c88f9643da40ebe1b9c7de5ee98f97436c9f5481dac3dd4d69b92411889f977" +content-hash = "cbf2e16e4733334ef680b53cab65d948581e179967b41e64503ab1842e9eeda2" diff --git a/app/pyproject.toml b/app/pyproject.toml index 11dec9f2..c65c9277 100644 --- a/app/pyproject.toml +++ b/app/pyproject.toml @@ -20,7 +20,9 @@ c2cwsgiutils = { version = "6.0.8", extras = ["broadcast", "standard", "oauth2", pyramid-mako = "1.1.0" [tool.poetry.dev-dependencies] -prospector = { extras = ["with_mypy", "with_bandit"], version = "1.12.0" } +prospector = { extras = ["with_mypy", "with_bandit", "with_pyroma"], version = "1.12.0" } +prospector-profile-duplicated = "1.6.0" +prospector-profile-utils = "1.9.0" pytest-cov = "5.0.0" types-pyyaml = "6.0.12.20240917" types-requests = "2.32.0.20240914" diff --git a/app/shared_config_manager/services.py b/app/shared_config_manager/services.py index 45bf666d..fa60db65 100644 --- a/app/shared_config_manager/services.py +++ b/app/shared_config_manager/services.py @@ -1,7 +1,7 @@ import logging import os.path import re -import subprocess +import subprocess # nosec from collections.abc import Iterable from typing import Any, Optional, Union, cast @@ -177,7 +177,7 @@ def _tarball(request: pyramid.request.Request) -> pyramid.response.Response: files.remove(".gitstats") files.append(".gitstats") - proc = subprocess.Popen( # pylint: disable=consider-using-with + proc = subprocess.Popen( # pylint: disable=consider-using-with # nosec ["tar", "--create", "--gzip"] + files, cwd=path, bufsize=4096, stdout=subprocess.PIPE ) response.content_type = "application/x-gtar" diff --git a/app/shared_config_manager/sources/base.py b/app/shared_config_manager/sources/base.py index 77b42d53..4df6a959 100644 --- a/app/shared_config_manager/sources/base.py +++ b/app/shared_config_manager/sources/base.py @@ -3,7 +3,7 @@ import os import pathlib import shutil -import subprocess +import subprocess # nosec import time from typing import Any, Optional, cast @@ -125,7 +125,7 @@ def _do_fetch(self) -> None: if os.path.exists(path): shutil.rmtree(path) os.makedirs(path, exist_ok=True) - with subprocess.Popen( + with subprocess.Popen( # nosec [ "tar", "--extract", @@ -142,7 +142,7 @@ def _do_fetch(self) -> None: tar.stdin.close() # type: ignore assert tar.wait() == 0 return - except Exception as exception: + except Exception as exception: # pylint: disable=broad-exception-caught _DO_FETCH_ERROR_COUNTER.labels(self.get_id()).inc() retry_message = f" (will retry in {_RETRY_DELAY}s)" if i else " (failed)" _LOG.warning( @@ -230,7 +230,7 @@ def _exec(*args: Any, **kwargs: Any) -> str: args_ = list(map(str, args)) _LOG.debug("Running: %s", " ".join(args_)) output: str = ( - subprocess.run( + subprocess.run( # nosec args_, check=True, stdout=subprocess.PIPE, diff --git a/app/shared_config_manager/sources/registry.py b/app/shared_config_manager/sources/registry.py index 4f0abad7..fa740407 100644 --- a/app/shared_config_manager/sources/registry.py +++ b/app/shared_config_manager/sources/registry.py @@ -1,7 +1,7 @@ import logging import os import pathlib -import subprocess +import subprocess # nosec import tempfile from collections.abc import Mapping from threading import Thread @@ -118,7 +118,7 @@ def _do_handle_master_config(config: Config) -> tuple[int, int]: _SOURCES[id_] = _create_source(id_, source_config) _SOURCES[id_].refresh_or_fetch() success += 1 - except Exception: + except Exception: # pylint: disable=broad-exception-caught _LOG.error("Cannot load the %s config", id_, exc_info=True) errors += 1 return success, errors @@ -149,7 +149,7 @@ def _prepare_ssh() -> None: other_ssh = home.joinpath(".ssh2") if other_ssh.is_dir(): ssh = home.joinpath(".ssh") - subprocess.check_call( + subprocess.check_call( # nosec [ "rsync", "--recursive", diff --git a/app/shared_config_manager/template_engines/base.py b/app/shared_config_manager/template_engines/base.py index baf1e03d..6b4a299a 100644 --- a/app/shared_config_manager/template_engines/base.py +++ b/app/shared_config_manager/template_engines/base.py @@ -45,7 +45,7 @@ def evaluate(self, root_dir: str, files: list[str]) -> None: try: self._evaluate_file(src_path, dest_path) _ERROR_GAUGE.labels(source=self._source_id, type=self.get_type()).set(0) - except Exception: + except Exception: # pylint: disable=broad-exception-caught _LOG.warning( "Failed applying the %s template: %s", self._config["type"], src_path, exc_info=True ) diff --git a/app/shared_config_manager/template_engines/mako.py b/app/shared_config_manager/template_engines/mako.py index 6c62185d..f9cd73de 100644 --- a/app/shared_config_manager/template_engines/mako.py +++ b/app/shared_config_manager/template_engines/mako.py @@ -9,6 +9,6 @@ def __init__(self, source_id: str, config: TemplateEnginesConfig) -> None: super().__init__(source_id, config, "mako") def _evaluate_file(self, src_path: str, dst_path: str) -> None: - template = mako.template.Template(filename=src_path) + template = mako.template.Template(filename=src_path) # nosec with open(dst_path, "w", encoding="utf-8") as output: output.write(template.render(**self._data)) diff --git a/app/shared_config_manager/template_engines/shell.py b/app/shared_config_manager/template_engines/shell.py index bd23f23b..157ca53d 100644 --- a/app/shared_config_manager/template_engines/shell.py +++ b/app/shared_config_manager/template_engines/shell.py @@ -1,4 +1,4 @@ -import subprocess +import subprocess # nosec from shared_config_manager.configuration import TemplateEnginesConfig from shared_config_manager.template_engines.base import BaseEngine @@ -10,4 +10,4 @@ def __init__(self, source_id: str, config: TemplateEnginesConfig) -> None: def _evaluate_file(self, src_path: str, dst_path: str) -> None: with open(src_path, encoding="utf-8") as input_, open(dst_path, "w", encoding="utf-8") as output: - subprocess.check_call(["envsubst"], stdin=input_, stdout=output, env=self._data) + subprocess.run(["envsubst"], stdin=input_, stdout=output, env=self._data, check=True) # nosec diff --git a/app/shared_config_manager/views.py b/app/shared_config_manager/views.py index 8da8908a..6d756b45 100644 --- a/app/shared_config_manager/views.py +++ b/app/shared_config_manager/views.py @@ -2,7 +2,7 @@ import math import os.path import re -import subprocess +import subprocess # nosec from typing import Any, Union, cast import pyramid.request @@ -128,7 +128,7 @@ def key_format(key: str) -> str: else: commit_details = ( - subprocess.run( # type: ignore + subprocess.run( # type: ignore[assignment] # nosec ["git", "show", "--quiet", slave["hash"]], cwd=os.path.join("/repos", source.get_id()), check=True, @@ -138,7 +138,7 @@ def key_format(key: str) -> str: .split("\n") ) _slave_status.append((slave, commit_details)) - except Exception: + except Exception: # pylint: disable=broad-exception-caught _LOG.warning("Unable to get the commit status for %s", slave.get("hash"), exc_info=True) _slave_status.append((slave, []))