From 259a6fe69601816fb8c5b453f5d431b587c814ff Mon Sep 17 00:00:00 2001 From: s3lph <1375407-s3lph@users.noreply.gitlab.com> Date: Mon, 30 May 2022 02:22:05 +0200 Subject: [PATCH 1/4] Add gitlab SAST and dependency scanning --- .gitlab-ci.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b96e205..8abb64b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -37,6 +37,16 @@ mypy: - mypy --install-types --non-interactive multischleuder - mypy multischleuder +sast: + stage: test + include: + - template: Security/SAST.gitlab-ci.yml + +dependencies: + stage: test + include: + - template: Security/Dependency-Scanning.gitlab-ci.yml + schleuder: stage: test script: From 72a8a67dbf00a0f858d9f86d82f7e352639e85af Mon Sep 17 00:00:00 2001 From: s3lph <1375407-s3lph@users.noreply.gitlab.com> Date: Mon, 30 May 2022 02:25:16 +0200 Subject: [PATCH 2/4] Add gitlab SAST and dependency scanning --- .gitlab-ci.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8abb64b..c2a39c1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -39,13 +39,9 @@ mypy: sast: stage: test - include: - - template: Security/SAST.gitlab-ci.yml - -dependencies: - stage: test - include: - - template: Security/Dependency-Scanning.gitlab-ci.yml +include: + - template: Security/SAST.gitlab-ci.yml + - template: Security/Dependency-Scanning.gitlab-ci.yml schleuder: stage: test From 1060c8e8d0af8c8df07ec80052ae69dd025a2509 Mon Sep 17 00:00:00 2001 From: s3lph <1375407-s3lph@users.noreply.gitlab.com> Date: Mon, 30 May 2022 02:33:59 +0200 Subject: [PATCH 3/4] Add gitlab SAST and dependency scanning --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c2a39c1..6f5bc75 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -39,6 +39,8 @@ mypy: sast: stage: test +bandit-sast: + before_script: [''] include: - template: Security/SAST.gitlab-ci.yml - template: Security/Dependency-Scanning.gitlab-ci.yml From a160d22789c54d953bf13e8caf57fb22a25b4bda Mon Sep 17 00:00:00 2001 From: s3lph <1375407-s3lph@users.noreply.gitlab.com> Date: Mon, 30 May 2022 17:46:48 +0200 Subject: [PATCH 4/4] Add bandit code annotations --- multischleuder/api.py | 2 +- multischleuder/conflict.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/multischleuder/api.py b/multischleuder/api.py index f5a9b89..aef04f4 100644 --- a/multischleuder/api.py +++ b/multischleuder/api.py @@ -49,7 +49,7 @@ class SchleuderApi: context = None # Perform the actual request req = urllib.request.Request(url, data=payload, method=method, headers=self._headers) - resp = urllib.request.urlopen(req, context=context) + resp = urllib.request.urlopen(req, context=context) # nosec B310 baseurl is trusted respdata: str = resp.read().decode() if len(respdata) > 0: return json.loads(respdata) diff --git a/multischleuder/conflict.py b/multischleuder/conflict.py index 628065f..3aca7dd 100644 --- a/multischleuder/conflict.py +++ b/multischleuder/conflict.py @@ -174,7 +174,7 @@ class KeyConflictResolution: # Sort so the hash stays the same if the set of subscriptions is the same. # There is no guarantee that the subs are in any specific order. subs: List[SchleuderSubscriber] = sorted(candidates, key=lambda x: x.schleuder) - h = hashlib.new('sha1') + h = hashlib.new('sha1') # nosec B324 # Include the chosen email an source sub-list h.update(struct.pack('!sd', chosen.email.encode(), @@ -191,7 +191,7 @@ class KeyConflictResolution: # Sort so the hash stays the same if the set of subscriptions is the same. # There is no guarantee that the subs are in any specific order. subs: List[SchleuderSubscriber] = sorted(candidates, key=lambda x: x.schleuder) - h = hashlib.new('sha1') + h = hashlib.new('sha1') # nosec B324 assert chosen.key is not None # Make mypy happy; it can't know that chosen.key can't be None # Include the chosen email an source sub-list h.update(struct.pack('!ssd',