ci(ruff): add bandit checks (#575)

Added bandit checks to continuous integration. Updated sources to pass bandit checks: - replaced asserts - added timeouts to requests - added checks for process command execution - changed to 127.0.0.1 as default IP address for EOS and EOSdash for security reasons Added a rudimentary check for outdated config files. BREAKING CHANGE: Default IP address for EOS and EOSdash changed to 127.0.0.1 Signed-off-by: Bobby Noelte <b0661n0e17e@gmail.com>
2025-09-20 10:41:14 +00:00 · 2025-06-03 08:30:37 +02:00
parent aa39ff475c
commit 3421b2303b
34 changed files with 163 additions and 86 deletions
--- a/src/akkudoktoreos/core/cache.py
+++ b/src/akkudoktoreos/core/cache.py
@@ -956,7 +956,7 @@ def cache_in_file(
                    logger.debug("Used cache file for function: " + func.__name__)
                    cache_file.seek(0)
                    if "b" in mode:
-                        result = pickle.load(cache_file)
+                        result = pickle.load(cache_file)  # noqa: S301
                    else:
                        result = cache_file.read()
                except Exception as e:
--- a/src/akkudoktoreos/core/decorators.py
+++ b/src/akkudoktoreos/core/decorators.py
@@ -34,7 +34,7 @@ class classproperty:
                                      argument and returns a value.

    Raises:
-        AssertionError: If `fget` is not defined when `__get__` is called.
+        RuntimeError: If `fget` is not defined when `__get__` is called.
    """

    def __init__(self, fget: Callable[[Any], Any]) -> None:
@@ -43,5 +43,6 @@ class classproperty:
    def __get__(self, _: Any, owner_cls: Optional[type[Any]] = None) -> Any:
        if owner_cls is None:
            return self
-        assert self.fget is not None
+        if self.fget is None:
+            raise RuntimeError("'fget' not defined when `__get__` is called")
        return self.fget(owner_cls)
--- a/src/akkudoktoreos/core/ems.py
+++ b/src/akkudoktoreos/core/ems.py
@@ -393,7 +393,8 @@ class EnergyManagement(SingletonMixin, ConfigMixin, PredictionMixin, PydanticBas

        # Fetch objects
        battery = self.battery
-        assert battery  # to please mypy
+        if battery is None:
+            raise ValueError(f"battery not set: {battery}")
        ev = self.ev
        home_appliance = self.home_appliance
        inverter = self.inverter
--- a/src/akkudoktoreos/core/pydantic.py
+++ b/src/akkudoktoreos/core/pydantic.py
@@ -450,8 +450,8 @@ class PydanticBaseModel(BaseModel, PydanticModelNestedValueMixin):
        if expected_type is pendulum.DateTime or expected_type is AwareDatetime:
            try:
                value = to_datetime(value)
-            except:
-                pass
+            except Exception as e:
+                raise ValueError(f"Cannot convert {value!r} to datetime: {e}")
        return value

    # Override Pydantic’s serialization for all DateTime fields