ci(ruff): add bandit checks (#575)

Added bandit checks to continuous integration. Updated sources to pass bandit checks: - replaced asserts - added timeouts to requests - added checks for process command execution - changed to 127.0.0.1 as default IP address for EOS and EOSdash for security reasons Added a rudimentary check for outdated config files. BREAKING CHANGE: Default IP address for EOS and EOSdash changed to 127.0.0.1 Signed-off-by: Bobby Noelte <b0661n0e17e@gmail.com>
2025-09-13 07:21:16 +00:00 · 2025-06-03 08:30:37 +02:00
parent aa39ff475c
commit 3421b2303b
34 changed files with 163 additions and 86 deletions
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -429,7 +429,7 @@ def server(xprocess, config_eos, config_default_dirs) -> Generator[str, None, No
    Provides URL of the server.
    """
    # create url/port info to the server
-    url = "http://0.0.0.0:8503"
+    url = "http://127.0.0.1:8503"

    class Starter(ProcessStarter):
        # Set environment before any subprocess run, to keep custom config dir
--- a/tests/test_doc.py
+++ b/tests/test_doc.py
@@ -28,8 +28,6 @@ def test_openapi_spec_current(config_eos):
        spec = generate_openapi.generate_openapi()
        spec_str = json.dumps(spec, indent=4, sort_keys=True)

-    if os.name == "nt":
-        spec_str = spec_str.replace("127.0.0.1", "0.0.0.0")
    with new_spec_path.open("w", encoding="utf-8", newline="\n") as f_new:
        f_new.write(spec_str)

@@ -62,8 +60,6 @@ def test_openapi_md_current(config_eos):

        spec_md = generate_openapi_md.generate_openapi_md()

-    if os.name == "nt":
-        spec_md = spec_md.replace("127.0.0.1", "0.0.0.0")
    with new_spec_md_path.open("w", encoding="utf-8", newline="\n") as f_new:
        f_new.write(spec_md)

@@ -94,7 +90,7 @@ def test_config_md_current(config_eos):
        config_md = generate_config_md.generate_config_md(config_eos)

    if os.name == "nt":
-        config_md = config_md.replace("127.0.0.1", "0.0.0.0").replace("\\\\", "/")
+        config_md = config_md.replace("\\\\", "/")
    with new_config_md_path.open("w", encoding="utf-8", newline="\n") as f_new:
        f_new.write(config_md)

--- a/tests/test_eosdashconfig.py
+++ b/tests/test_eosdashconfig.py
@@ -83,7 +83,7 @@ class TestEOSdashConfig:
            item["name"] == "server.eosdash_port" and item["value"] == "8504" for item in config
        )
        assert any(
-            item["name"] == "server.eosdash_host" and item["value"] == '"0.0.0.0"'
+            item["name"] == "server.eosdash_host" and item["value"] == '"127.0.0.1"'
            for item in config
        )

--- a/tests/test_pydantic.py
+++ b/tests/test_pydantic.py
@@ -152,7 +152,7 @@ class TestPydanticBaseModel:
        assert model.datetime_field == dt

    def test_invalid_datetime_string(self):
-        with pytest.raises(ValidationError, match="Input should be an instance of DateTime"):
+        with pytest.raises(ValidationError, match="Cannot convert 'invalid_datetime' to datetime"):
            PydanticTestModel(datetime_field="invalid_datetime")

    def test_iso8601_serialization(self):
--- a/tests/testdata/eosserver_config_1.json
+++ b/tests/testdata/eosserver_config_1.json
@@ -75,9 +75,9 @@
  },
  "server": {
    "startup_eosdash": true,
-    "host": "0.0.0.0",
+    "host": "127.0.0.1",
    "port": 8503,
-    "eosdash_host": "0.0.0.0",
+    "eosdash_host": "127.0.0.1",
    "eosdash_port": 8504
  },
  "weather": {