diff --git a/.gitignore b/.gitignore index 187779e..f451b99 100644 --- a/.gitignore +++ b/.gitignore @@ -140,3 +140,4 @@ nginx.conf test_app/ myenv/ myenv3_8/ +bandit_report.txt diff --git a/packages/requirements-dev.txt b/packages/requirements-dev.txt index cb521a6..c60c0f2 100644 --- a/packages/requirements-dev.txt +++ b/packages/requirements-dev.txt @@ -1,9 +1,11 @@ alabaster==0.7.13 ; python_version >= "3.8" and python_version < "4.0" +appdirs==1.4.4 ; python_version >= "3.8" and python_version < "4.0" argcomplete==3.5.0 ; python_version >= "3.8" and python_version < "4.0" asgiref==3.8.1 ; python_version >= "3.8" and python_version < "4.0" astroid==3.2.4 ; python_version >= "3.8" and python_version < "4.0" babel==2.16.0 ; python_version >= "3.8" and python_version < "4.0" backports-zoneinfo==0.2.1 ; python_version >= "3.8" and python_version < "3.9" +bandit[toml]==1.7.9 ; python_version >= "3.8" and python_version < "4.0" black==24.8.0 ; python_version >= "3.8" and python_version < "4.0" cachetools==5.5.0 ; python_version >= "3.8" and python_version < "4.0" certifi==2024.7.4 ; python_version >= "3.8" and python_version < "4.0" @@ -17,6 +19,8 @@ coverage[toml]==7.6.1 ; python_version >= "3.8" and python_version < "4.0" decli==0.6.2 ; python_version >= "3.8" and python_version < "4.0" dill==0.3.8 ; python_version >= "3.8" and python_version < "4.0" distlib==0.3.8 ; python_version >= "3.8" and python_version < "4.0" +django-debug-toolbar==4.4.6 ; python_version >= "3.8" and python_version < "4.0" +django-migration-linter==5.1.0 ; python_version >= "3.8" and python_version < "4.0" django-stubs-ext==5.0.4 ; python_version >= "3.8" and python_version < "4.0" django-stubs==5.0.4 ; python_version >= "3.8" and python_version < "4.0" django==4.2.15 ; python_version >= "3.8" and python_version < "3.10" @@ -32,13 +36,16 @@ importlib-metadata==8.4.0 ; python_version >= "3.8" and python_version < "3.10" iniconfig==2.0.0 ; python_version >= "3.8" and python_version < "4.0" isort==5.13.2 ; python_version >= "3.8" and python_version < "4.0" jinja2==3.1.4 ; python_version >= "3.8" and python_version < "4.0" +markdown-it-py==3.0.0 ; python_version >= "3.8" and python_version < "4.0" markupsafe==2.1.5 ; python_version >= "3.8" and python_version < "4.0" mccabe==0.7.0 ; python_version >= "3.8" and python_version < "4.0" +mdurl==0.1.2 ; python_version >= "3.8" and python_version < "4.0" mypy-extensions==1.0.0 ; python_version >= "3.8" and python_version < "4.0" mypy==1.11.2 ; python_version >= "3.8" and python_version < "4.0" nodeenv==1.9.1 ; python_version >= "3.8" and python_version < "4.0" packaging==24.1 ; python_version >= "3.8" and python_version < "4.0" pathspec==0.12.1 ; python_version >= "3.8" and python_version < "4.0" +pbr==6.1.0 ; python_version >= "3.8" and python_version < "4.0" platformdirs==4.2.2 ; python_version >= "3.8" and python_version < "4.0" pluggy==1.5.0 ; python_version >= "3.8" and python_version < "4.0" pre-commit==3.5.0 ; python_version >= "3.8" and python_version < "4.0" @@ -55,6 +62,7 @@ pytz==2024.1 ; python_version >= "3.8" and python_version < "3.9" pyyaml==6.0.2 ; python_version >= "3.8" and python_version < "4.0" questionary==2.0.1 ; python_version >= "3.8" and python_version < "4.0" requests==2.32.3 ; python_version >= "3.8" and python_version < "4.0" +rich==13.8.0 ; python_version >= "3.8" and python_version < "4.0" ruff==0.5.7 ; python_version >= "3.8" and python_version < "4.0" snowballstemmer==2.2.0 ; python_version >= "3.8" and python_version < "4.0" sphinx-rtd-theme==2.0.0 ; python_version >= "3.8" and python_version < "4.0" @@ -67,7 +75,9 @@ sphinxcontrib-jsmath==1.0.1 ; python_version >= "3.8" and python_version < "4.0" sphinxcontrib-qthelp==1.0.3 ; python_version >= "3.8" and python_version < "4.0" sphinxcontrib-serializinghtml==1.1.5 ; python_version >= "3.8" and python_version < "4.0" sqlparse==0.5.1 ; python_version >= "3.8" and python_version < "4.0" +stevedore==5.3.0 ; python_version >= "3.8" and python_version < "4.0" termcolor==2.4.0 ; python_version >= "3.8" and python_version < "4.0" +toml==0.10.2 ; python_version >= "3.8" and python_version < "4.0" tomli==2.0.1 ; python_version >= "3.8" and python_full_version <= "3.11.0a6" tomlkit==0.13.2 ; python_version >= "3.8" and python_version < "4.0" tox==4.18.0 ; python_version >= "3.8" and python_version < "4.0" @@ -78,4 +88,4 @@ untokenize==0.1.1 ; python_version >= "3.8" and python_version < "4.0" urllib3==2.2.2 ; python_version >= "3.8" and python_version < "4.0" virtualenv==20.26.3 ; python_version >= "3.8" and python_version < "4.0" wcwidth==0.2.13 ; python_version >= "3.8" and python_version < "4.0" -zipp==3.20.0 ; python_version >= "3.8" and python_version < "3.10" +zipp==3.20.1 ; python_version >= "3.8" and python_version < "3.10" diff --git a/poetry.lock b/poetry.lock index ed905ae..d6edc54 100644 --- a/poetry.lock +++ b/poetry.lock @@ -11,6 +11,17 @@ files = [ {file = "alabaster-0.7.13.tar.gz", hash = "sha256:a27a4a084d5e690e16e01e03ad2b2e552c61a65469419b907243193de1a84ae2"}, ] +[[package]] +name = "appdirs" +version = "1.4.4" +description = "A small Python module for determining appropriate platform-specific dirs, e.g. a \"user data dir\"." +optional = false +python-versions = "*" +files = [ + {file = "appdirs-1.4.4-py2.py3-none-any.whl", hash = "sha256:a841dacd6b99318a741b166adb07e19ee71a274450e68237b4650ca1055ab128"}, + {file = "appdirs-1.4.4.tar.gz", hash = "sha256:7d5d0167b2b1ba821647616af46a749d1c653740dd0d2415100fe26e27afdf41"}, +] + [[package]] name = "argcomplete" version = "3.5.0" @@ -101,6 +112,31 @@ files = [ [package.extras] tzdata = ["tzdata"] +[[package]] +name = "bandit" +version = "1.7.9" +description = "Security oriented static analyser for python code." +optional = false +python-versions = ">=3.8" +files = [ + {file = "bandit-1.7.9-py3-none-any.whl", hash = "sha256:52077cb339000f337fb25f7e045995c4ad01511e716e5daac37014b9752de8ec"}, + {file = "bandit-1.7.9.tar.gz", hash = "sha256:7c395a436743018f7be0a4cbb0a4ea9b902b6d87264ddecf8cfdc73b4f78ff61"}, +] + +[package.dependencies] +colorama = {version = ">=0.3.9", markers = "platform_system == \"Windows\""} +PyYAML = ">=5.3.1" +rich = "*" +stevedore = ">=1.20.0" +tomli = {version = ">=1.1.0", optional = true, markers = "python_version < \"3.11\" and extra == \"toml\""} + +[package.extras] +baseline = ["GitPython (>=3.1.30)"] +sarif = ["jschema-to-python (>=1.2.3)", "sarif-om (>=1.0.4)"] +test = ["beautifulsoup4 (>=4.8.0)", "coverage (>=4.5.4)", "fixtures (>=3.0.0)", "flake8 (>=4.0.0)", "pylint (==1.9.4)", "stestr (>=2.5.0)", "testscenarios (>=0.5.0)", "testtools (>=2.3.0)"] +toml = ["tomli (>=1.1.0)"] +yaml = ["PyYAML"] + [[package]] name = "black" version = "24.8.0" @@ -504,6 +540,40 @@ tzdata = {version = "*", markers = "sys_platform == \"win32\""} argon2 = ["argon2-cffi (>=19.1.0)"] bcrypt = ["bcrypt"] +[[package]] +name = "django-debug-toolbar" +version = "4.4.6" +description = "A configurable set of panels that display various debug information about the current request/response." +optional = false +python-versions = ">=3.8" +files = [ + {file = "django_debug_toolbar-4.4.6-py3-none-any.whl", hash = "sha256:3beb671c9ec44ffb817fad2780667f172bd1c067dbcabad6268ce39a81335f45"}, + {file = "django_debug_toolbar-4.4.6.tar.gz", hash = "sha256:36e421cb908c2f0675e07f9f41e3d1d8618dc386392ec82d23bcfcd5d29c7044"}, +] + +[package.dependencies] +django = ">=4.2.9" +sqlparse = ">=0.2" + +[[package]] +name = "django-migration-linter" +version = "5.1.0" +description = "Detect backward incompatible migrations for your django project" +optional = false +python-versions = ">=3.7" +files = [ + {file = "django-migration-linter-5.1.0.tar.gz", hash = "sha256:638a6f39b0109fb95a747f10cb3ae4362b4ca46e7f45eee9546d3dd4c322b83a"}, + {file = "django_migration_linter-5.1.0-py3-none-any.whl", hash = "sha256:eefdca0cd60b0bacdf61420b0779b2c680dd29d3b43e9ccb0d8d2aa89f036474"}, +] + +[package.dependencies] +appdirs = ">=1.4.3" +django = ">=2.2" +toml = ">=0.10.2" + +[package.extras] +test = ["coverage (>=7.2.7)", "django-add-default-value (>=0.4.0)", "mysqlclient (>=2.1.1)", "psycopg2 (>=2.9.6)", "tox (>=4.6.3)"] + [[package]] name = "django-stubs" version = "5.0.4" @@ -699,6 +769,30 @@ MarkupSafe = ">=2.0" [package.extras] i18n = ["Babel (>=2.7)"] +[[package]] +name = "markdown-it-py" +version = "3.0.0" +description = "Python port of markdown-it. Markdown parsing, done right!" +optional = false +python-versions = ">=3.8" +files = [ + {file = "markdown-it-py-3.0.0.tar.gz", hash = "sha256:e3f60a94fa066dc52ec76661e37c851cb232d92f9886b15cb560aaada2df8feb"}, + {file = "markdown_it_py-3.0.0-py3-none-any.whl", hash = "sha256:355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1"}, +] + +[package.dependencies] +mdurl = ">=0.1,<1.0" + +[package.extras] +benchmarking = ["psutil", "pytest", "pytest-benchmark"] +code-style = ["pre-commit (>=3.0,<4.0)"] +compare = ["commonmark (>=0.9,<1.0)", "markdown (>=3.4,<4.0)", "mistletoe (>=1.0,<2.0)", "mistune (>=2.0,<3.0)", "panflute (>=2.3,<3.0)"] +linkify = ["linkify-it-py (>=1,<3)"] +plugins = ["mdit-py-plugins"] +profiling = ["gprof2dot"] +rtd = ["jupyter_sphinx", "mdit-py-plugins", "myst-parser", "pyyaml", "sphinx", "sphinx-copybutton", "sphinx-design", "sphinx_book_theme"] +testing = ["coverage", "pytest", "pytest-cov", "pytest-regressions"] + [[package]] name = "markupsafe" version = "2.1.5" @@ -779,6 +873,17 @@ files = [ {file = "mccabe-0.7.0.tar.gz", hash = "sha256:348e0240c33b60bbdf4e523192ef919f28cb2c3d7d5c7794f74009290f236325"}, ] +[[package]] +name = "mdurl" +version = "0.1.2" +description = "Markdown URL utilities" +optional = false +python-versions = ">=3.7" +files = [ + {file = "mdurl-0.1.2-py3-none-any.whl", hash = "sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8"}, + {file = "mdurl-0.1.2.tar.gz", hash = "sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba"}, +] + [[package]] name = "mypy" version = "1.11.2" @@ -870,6 +975,17 @@ files = [ {file = "pathspec-0.12.1.tar.gz", hash = "sha256:a482d51503a1ab33b1c67a6c3813a26953dbdc71c31dacaef9a838c4e29f5712"}, ] +[[package]] +name = "pbr" +version = "6.1.0" +description = "Python Build Reasonableness" +optional = false +python-versions = ">=2.6" +files = [ + {file = "pbr-6.1.0-py2.py3-none-any.whl", hash = "sha256:a776ae228892d8013649c0aeccbb3d5f99ee15e005a4cbb7e61d55a067b28a2a"}, + {file = "pbr-6.1.0.tar.gz", hash = "sha256:788183e382e3d1d7707db08978239965e8b9e4e5ed42669bf4758186734d5f24"}, +] + [[package]] name = "platformdirs" version = "4.2.2" @@ -1194,6 +1310,25 @@ urllib3 = ">=1.21.1,<3" socks = ["PySocks (>=1.5.6,!=1.5.7)"] use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"] +[[package]] +name = "rich" +version = "13.8.0" +description = "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal" +optional = false +python-versions = ">=3.7.0" +files = [ + {file = "rich-13.8.0-py3-none-any.whl", hash = "sha256:2e85306a063b9492dffc86278197a60cbece75bcb766022f3436f567cae11bdc"}, + {file = "rich-13.8.0.tar.gz", hash = "sha256:a5ac1f1cd448ade0d59cc3356f7db7a7ccda2c8cbae9c7a90c28ff463d3e91f4"}, +] + +[package.dependencies] +markdown-it-py = ">=2.2.0" +pygments = ">=2.13.0,<3.0.0" +typing-extensions = {version = ">=4.0.0,<5.0", markers = "python_version < \"3.9\""} + +[package.extras] +jupyter = ["ipywidgets (>=7.5.1,<9)"] + [[package]] name = "ruff" version = "0.5.7" @@ -1404,6 +1539,20 @@ files = [ dev = ["build", "hatch"] doc = ["sphinx"] +[[package]] +name = "stevedore" +version = "5.3.0" +description = "Manage dynamic plugins for Python applications" +optional = false +python-versions = ">=3.8" +files = [ + {file = "stevedore-5.3.0-py3-none-any.whl", hash = "sha256:1efd34ca08f474dad08d9b19e934a22c68bb6fe416926479ba29e5013bcc8f78"}, + {file = "stevedore-5.3.0.tar.gz", hash = "sha256:9a64265f4060312828151c204efbe9b7a9852a0d9228756344dbc7e4023e375a"}, +] + +[package.dependencies] +pbr = ">=2.0.0" + [[package]] name = "termcolor" version = "2.4.0" @@ -1418,6 +1567,17 @@ files = [ [package.extras] tests = ["pytest", "pytest-cov"] +[[package]] +name = "toml" +version = "0.10.2" +description = "Python Library for Tom's Obvious, Minimal Language" +optional = false +python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" +files = [ + {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"}, + {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"}, +] + [[package]] name = "tomli" version = "2.0.1" @@ -1560,20 +1720,24 @@ files = [ [[package]] name = "zipp" -version = "3.20.0" +version = "3.20.1" description = "Backport of pathlib-compatible object wrapper for zip files" optional = false python-versions = ">=3.8" files = [ - {file = "zipp-3.20.0-py3-none-any.whl", hash = "sha256:58da6168be89f0be59beb194da1250516fdaa062ccebd30127ac65d30045e10d"}, - {file = "zipp-3.20.0.tar.gz", hash = "sha256:0145e43d89664cfe1a2e533adc75adafed82fe2da404b4bbb6b026c0157bdb31"}, + {file = "zipp-3.20.1-py3-none-any.whl", hash = "sha256:9960cd8967c8f85a56f920d5d507274e74f9ff813a0ab8889a5b5be2daf44064"}, + {file = "zipp-3.20.1.tar.gz", hash = "sha256:c22b14cc4763c5a5b04134207736c107db42e9d3ef2d9779d465f5f1bcba572b"}, ] [package.extras] +check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1)"] +cover = ["pytest-cov"] doc = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-lint"] -test = ["big-O", "importlib-resources", "jaraco.functools", "jaraco.itertools", "jaraco.test", "more-itertools", "pytest (>=6,!=8.1.*)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=2.2)", "pytest-ignore-flaky", "pytest-mypy", "pytest-ruff (>=0.2.1)"] +enabler = ["pytest-enabler (>=2.2)"] +test = ["big-O", "importlib-resources", "jaraco.functools", "jaraco.itertools", "jaraco.test", "more-itertools", "pytest (>=6,!=8.1.*)", "pytest-ignore-flaky"] +type = ["pytest-mypy"] [metadata] lock-version = "2.0" python-versions = ">=3.8,<4.0" -content-hash = "61d149273d2a2bdca0cec9aeecc0d93ea45f7c4fa65430c3146ed7298f18decc" +content-hash = "9dbfbc3936c9be66e90d23efbc3dcf0681848cd45031411183d864cce826a249" diff --git a/pyproject.toml b/pyproject.toml index 82c072c..17d61b8 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -41,6 +41,28 @@ pylint = "^3.2.6" pylint-django = "^2.5.5" docformatter = "^1.7.5" commitizen = "^3.28.0" +bandit = {extras = ["toml"], version = "^1.7.9"} +django-debug-toolbar = "^4.4.6" +django-migration-linter = "^5.1.0" + +[tool.bandit] +targets = ["./iranian_cities"] +exclude_dirs = [ + "tests", + "migrations", +] +severity = "medium" +confidence = "medium" +max_lines = 500 +progress = true +reports = true +output_format = "screen" +output_file = "bandit_report.txt" +include = ["B101", "B102"] +exclude_tests = ["B301", "B302"] + +[tool.bandit.plugins] +B104 = { check_typed_list = true } [tool.black] line-length = 88