ci(ruff): add bandit checks (#575)

Added bandit checks to continuous integration. Updated sources to pass bandit checks: - replaced asserts - added timeouts to requests - added checks for process command execution - changed to 127.0.0.1 as default IP address for EOS and EOSdash for security reasons Added a rudimentary check for outdated config files. BREAKING CHANGE: Default IP address for EOS and EOSdash changed to 127.0.0.1 Signed-off-by: Bobby Noelte <b0661n0e17e@gmail.com>
2025-09-13 07:21:16 +00:00 · 2025-06-03 08:30:37 +02:00
parent aa39ff475c
commit 3421b2303b
34 changed files with 163 additions and 86 deletions
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -43,12 +43,18 @@ profile = "black"

 [tool.ruff]
 line-length = 100
+exclude = [
+    "tests",
+    "scripts",
+]
+output-format = "full"

 [tool.ruff.lint]
 select = [
    "F",      # Enable all `Pyflakes` rules.
    "D",      # Enable all `pydocstyle` rules, limiting to those that adhere to the
              # Google convention via `convention = "google"`, below.
+    "S",      # Enable all `flake8-bandit` rules.
 ]
 ignore = [
   # Prevent errors due to ruff false positives