From cac574c7015d254536e5b39b88c6c5378c02b00f Mon Sep 17 00:00:00 2001 From: ARYAN-NIKNEZHAD Date: Thu, 29 Aug 2024 14:44:08 +0430 Subject: [PATCH 1/2] :wrench: chore: Update pyproject.toml config - Add bandit config in toml - Add django-migrations-linter&debug-toolbar - Update lock file --- packages/requirements-dev.txt | 14 ++- poetry.lock | 182 ++++++++++++++++++++++++++++++++-- pyproject.toml | 24 ++++- 3 files changed, 208 insertions(+), 12 deletions(-) diff --git a/packages/requirements-dev.txt b/packages/requirements-dev.txt index 2d473ef..adf33af 100644 --- a/packages/requirements-dev.txt +++ b/packages/requirements-dev.txt @@ -1,10 +1,12 @@ alabaster==0.7.13 ; python_version >= "3.8" and python_version < "4.0" +appdirs==1.4.4 ; python_version >= "3.8" and python_version < "4.0" argcomplete==3.5.0 ; python_version >= "3.8" and python_version < "4.0" arichuvadi==0.0.6 ; python_version >= "3.8" and python_version < "4.0" asgiref==3.8.1 ; python_version >= "3.8" and python_version < "4.0" astroid==3.2.4 ; python_version >= "3.8" and python_version < "4.0" babel==2.16.0 ; python_version >= "3.8" and python_version < "4.0" backports-zoneinfo==0.2.1 ; python_version >= "3.8" and python_version < "3.9" +bandit[toml]==1.7.9 ; python_version >= "3.8" and python_version < "4.0" black==24.8.0 ; python_version >= "3.8" and python_version < "4.0" cachetools==5.5.0 ; python_version >= "3.8" and python_version < "4.0" certifi==2024.7.4 ; python_version >= "3.8" and python_version < "4.0" @@ -20,6 +22,8 @@ decli==0.6.2 ; python_version >= "3.8" and python_version < "4.0" dill==0.3.8 ; python_version >= "3.8" and python_version < "4.0" distlib==0.3.8 ; python_version >= "3.8" and python_version < "4.0" django-colorfield==0.11.0 ; python_version >= "3.8" and python_version < "4.0" +django-debug-toolbar==4.4.6 ; python_version >= "3.8" and python_version < "4.0" +django-migration-linter==5.1.0 ; python_version >= "3.8" and python_version < "4.0" django-polymorphic==3.1.0 ; python_version >= "3.8" and python_version < "4.0" django==4.2.15 ; python_version >= "3.8" and python_version < "4.0" djangorestframework==3.15.2 ; python_version >= "3.8" and python_version < "4.0" @@ -27,15 +31,17 @@ docutils==0.19 ; python_version >= "3.8" and python_version < "4.0" exceptiongroup==1.2.2 ; python_version >= "3.8" and python_version < "3.11" filelock==3.15.4 ; python_version >= "3.8" and python_version < "4.0" identify==2.6.0 ; python_version >= "3.8" and python_version < "4.0" -idna==3.7 ; python_version >= "3.8" and python_version < "4.0" +idna==3.8 ; python_version >= "3.8" and python_version < "4.0" imagesize==1.4.1 ; python_version >= "3.8" and python_version < "4.0" importlib-metadata==8.4.0 ; python_version >= "3.8" and python_version < "3.10" iniconfig==2.0.0 ; python_version >= "3.8" and python_version < "4.0" isort==5.13.2 ; python_version >= "3.8" and python_version < "4.0" jinja2==3.1.4 ; python_version >= "3.8" and python_version < "4.0" libusb1==3.1.0 ; python_version >= "3.8" and python_version < "4.0" +markdown-it-py==3.0.0 ; python_version >= "3.8" and python_version < "4.0" markupsafe==2.1.5 ; python_version >= "3.8" and python_version < "4.0" mccabe==0.7.0 ; python_version >= "3.8" and python_version < "4.0" +mdurl==0.1.2 ; python_version >= "3.8" and python_version < "4.0" mypy-extensions==1.0.0 ; python_version >= "3.8" and python_version < "4.0" ndef==0.2 ; python_version >= "3.8" and python_version < "4.0" ndeflib==0.3.3 ; python_version >= "3.8" and python_version < "4.0" @@ -43,6 +49,7 @@ nfcpy==1.0.4 ; python_version >= "3.8" and python_version < "4.0" nodeenv==1.9.1 ; python_version >= "3.8" and python_version < "4.0" packaging==24.1 ; python_version >= "3.8" and python_version < "4.0" pathspec==0.12.1 ; python_version >= "3.8" and python_version < "4.0" +pbr==6.1.0 ; python_version >= "3.8" and python_version < "4.0" pillow==10.4.0 ; python_version >= "3.8" and python_version < "4.0" platformdirs==4.2.2 ; python_version >= "3.8" and python_version < "4.0" pluggy==1.5.0 ; python_version >= "3.8" and python_version < "4.0" @@ -64,6 +71,7 @@ pyyaml==6.0.2 ; python_version >= "3.8" and python_version < "4.0" qrcode-artistic==3.0.2 ; python_version >= "3.8" and python_version < "4.0" questionary==2.0.1 ; python_version >= "3.8" and python_version < "4.0" requests==2.32.3 ; python_version >= "3.8" and python_version < "4.0" +rich==13.8.0 ; python_version >= "3.8" and python_version < "4.0" ruff==0.5.7 ; python_version >= "3.8" and python_version < "4.0" segno==1.6.1 ; python_version >= "3.8" and python_version < "4.0" sengo==0.0.2 ; python_version >= "3.8" and python_version < "4.0" @@ -79,7 +87,9 @@ sphinxcontrib-jsmath==1.0.1 ; python_version >= "3.8" and python_version < "4.0" sphinxcontrib-qthelp==1.0.3 ; python_version >= "3.8" and python_version < "4.0" sphinxcontrib-serializinghtml==1.1.5 ; python_version >= "3.8" and python_version < "4.0" sqlparse==0.5.1 ; python_version >= "3.8" and python_version < "4.0" +stevedore==5.3.0 ; python_version >= "3.8" and python_version < "4.0" termcolor==2.4.0 ; python_version >= "3.8" and python_version < "4.0" +toml==0.10.2 ; python_version >= "3.8" and python_version < "4.0" tomli==2.0.1 ; python_version >= "3.8" and python_full_version <= "3.11.0a6" tomlkit==0.13.2 ; python_version >= "3.8" and python_version < "4.0" tox==4.18.0 ; python_version >= "3.8" and python_version < "4.0" @@ -88,4 +98,4 @@ tzdata==2024.1 ; python_version >= "3.8" and python_version < "4.0" and sys_plat urllib3==2.2.2 ; python_version >= "3.8" and python_version < "4.0" virtualenv==20.26.3 ; python_version >= "3.8" and python_version < "4.0" wcwidth==0.2.13 ; python_version >= "3.8" and python_version < "4.0" -zipp==3.20.0 ; python_version >= "3.8" and python_version < "3.10" +zipp==3.20.1 ; python_version >= "3.8" and python_version < "3.10" diff --git a/poetry.lock b/poetry.lock index 90bb597..c92b675 100644 --- a/poetry.lock +++ b/poetry.lock @@ -11,6 +11,17 @@ files = [ {file = "alabaster-0.7.13.tar.gz", hash = "sha256:a27a4a084d5e690e16e01e03ad2b2e552c61a65469419b907243193de1a84ae2"}, ] +[[package]] +name = "appdirs" +version = "1.4.4" +description = "A small Python module for determining appropriate platform-specific dirs, e.g. a \"user data dir\"." +optional = false +python-versions = "*" +files = [ + {file = "appdirs-1.4.4-py2.py3-none-any.whl", hash = "sha256:a841dacd6b99318a741b166adb07e19ee71a274450e68237b4650ca1055ab128"}, + {file = "appdirs-1.4.4.tar.gz", hash = "sha256:7d5d0167b2b1ba821647616af46a749d1c653740dd0d2415100fe26e27afdf41"}, +] + [[package]] name = "argcomplete" version = "3.5.0" @@ -111,6 +122,31 @@ files = [ [package.extras] tzdata = ["tzdata"] +[[package]] +name = "bandit" +version = "1.7.9" +description = "Security oriented static analyser for python code." +optional = false +python-versions = ">=3.8" +files = [ + {file = "bandit-1.7.9-py3-none-any.whl", hash = "sha256:52077cb339000f337fb25f7e045995c4ad01511e716e5daac37014b9752de8ec"}, + {file = "bandit-1.7.9.tar.gz", hash = "sha256:7c395a436743018f7be0a4cbb0a4ea9b902b6d87264ddecf8cfdc73b4f78ff61"}, +] + +[package.dependencies] +colorama = {version = ">=0.3.9", markers = "platform_system == \"Windows\""} +PyYAML = ">=5.3.1" +rich = "*" +stevedore = ">=1.20.0" +tomli = {version = ">=1.1.0", optional = true, markers = "python_version < \"3.11\" and extra == \"toml\""} + +[package.extras] +baseline = ["GitPython (>=3.1.30)"] +sarif = ["jschema-to-python (>=1.2.3)", "sarif-om (>=1.0.4)"] +test = ["beautifulsoup4 (>=4.8.0)", "coverage (>=4.5.4)", "fixtures (>=3.0.0)", "flake8 (>=4.0.0)", "pylint (==1.9.4)", "stestr (>=2.5.0)", "testscenarios (>=0.5.0)", "testtools (>=2.3.0)"] +toml = ["tomli (>=1.1.0)"] +yaml = ["PyYAML"] + [[package]] name = "black" version = "24.8.0" @@ -508,6 +544,40 @@ files = [ [package.dependencies] Pillow = ">=9.0.0" +[[package]] +name = "django-debug-toolbar" +version = "4.4.6" +description = "A configurable set of panels that display various debug information about the current request/response." +optional = false +python-versions = ">=3.8" +files = [ + {file = "django_debug_toolbar-4.4.6-py3-none-any.whl", hash = "sha256:3beb671c9ec44ffb817fad2780667f172bd1c067dbcabad6268ce39a81335f45"}, + {file = "django_debug_toolbar-4.4.6.tar.gz", hash = "sha256:36e421cb908c2f0675e07f9f41e3d1d8618dc386392ec82d23bcfcd5d29c7044"}, +] + +[package.dependencies] +django = ">=4.2.9" +sqlparse = ">=0.2" + +[[package]] +name = "django-migration-linter" +version = "5.1.0" +description = "Detect backward incompatible migrations for your django project" +optional = false +python-versions = ">=3.7" +files = [ + {file = "django-migration-linter-5.1.0.tar.gz", hash = "sha256:638a6f39b0109fb95a747f10cb3ae4362b4ca46e7f45eee9546d3dd4c322b83a"}, + {file = "django_migration_linter-5.1.0-py3-none-any.whl", hash = "sha256:eefdca0cd60b0bacdf61420b0779b2c680dd29d3b43e9ccb0d8d2aa89f036474"}, +] + +[package.dependencies] +appdirs = ">=1.4.3" +django = ">=2.2" +toml = ">=0.10.2" + +[package.extras] +test = ["coverage (>=7.2.7)", "django-add-default-value (>=0.4.0)", "mysqlclient (>=2.1.1)", "psycopg2 (>=2.9.6)", "tox (>=4.6.3)"] + [[package]] name = "django-polymorphic" version = "3.1.0" @@ -594,13 +664,13 @@ license = ["ukkonen"] [[package]] name = "idna" -version = "3.7" +version = "3.8" description = "Internationalized Domain Names in Applications (IDNA)" optional = false -python-versions = ">=3.5" +python-versions = ">=3.6" files = [ - {file = "idna-3.7-py3-none-any.whl", hash = "sha256:82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0"}, - {file = "idna-3.7.tar.gz", hash = "sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc"}, + {file = "idna-3.8-py3-none-any.whl", hash = "sha256:050b4e5baadcd44d760cedbd2b8e639f2ff89bbc7a5730fcc662954303377aac"}, + {file = "idna-3.8.tar.gz", hash = "sha256:d838c2c0ed6fced7693d5e8ab8e734d5f8fda53a039c0164afb0b82e771e3603"}, ] [[package]] @@ -688,6 +758,30 @@ files = [ {file = "libusb1-3.1.0.tar.gz", hash = "sha256:4ee9b0a55f8bd0b3ea7017ae919a6c1f439af742c4a4b04543c5fd7af89b828c"}, ] +[[package]] +name = "markdown-it-py" +version = "3.0.0" +description = "Python port of markdown-it. Markdown parsing, done right!" +optional = false +python-versions = ">=3.8" +files = [ + {file = "markdown-it-py-3.0.0.tar.gz", hash = "sha256:e3f60a94fa066dc52ec76661e37c851cb232d92f9886b15cb560aaada2df8feb"}, + {file = "markdown_it_py-3.0.0-py3-none-any.whl", hash = "sha256:355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1"}, +] + +[package.dependencies] +mdurl = ">=0.1,<1.0" + +[package.extras] +benchmarking = ["psutil", "pytest", "pytest-benchmark"] +code-style = ["pre-commit (>=3.0,<4.0)"] +compare = ["commonmark (>=0.9,<1.0)", "markdown (>=3.4,<4.0)", "mistletoe (>=1.0,<2.0)", "mistune (>=2.0,<3.0)", "panflute (>=2.3,<3.0)"] +linkify = ["linkify-it-py (>=1,<3)"] +plugins = ["mdit-py-plugins"] +profiling = ["gprof2dot"] +rtd = ["jupyter_sphinx", "mdit-py-plugins", "myst-parser", "pyyaml", "sphinx", "sphinx-copybutton", "sphinx-design", "sphinx_book_theme"] +testing = ["coverage", "pytest", "pytest-cov", "pytest-regressions"] + [[package]] name = "markupsafe" version = "2.1.5" @@ -768,6 +862,17 @@ files = [ {file = "mccabe-0.7.0.tar.gz", hash = "sha256:348e0240c33b60bbdf4e523192ef919f28cb2c3d7d5c7794f74009290f236325"}, ] +[[package]] +name = "mdurl" +version = "0.1.2" +description = "Markdown URL utilities" +optional = false +python-versions = ">=3.7" +files = [ + {file = "mdurl-0.1.2-py3-none-any.whl", hash = "sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8"}, + {file = "mdurl-0.1.2.tar.gz", hash = "sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba"}, +] + [[package]] name = "mypy-extensions" version = "1.0.0" @@ -854,6 +959,17 @@ files = [ {file = "pathspec-0.12.1.tar.gz", hash = "sha256:a482d51503a1ab33b1c67a6c3813a26953dbdc71c31dacaef9a838c4e29f5712"}, ] +[[package]] +name = "pbr" +version = "6.1.0" +description = "Python Build Reasonableness" +optional = false +python-versions = ">=2.6" +files = [ + {file = "pbr-6.1.0-py2.py3-none-any.whl", hash = "sha256:a776ae228892d8013649c0aeccbb3d5f99ee15e005a4cbb7e61d55a067b28a2a"}, + {file = "pbr-6.1.0.tar.gz", hash = "sha256:788183e382e3d1d7707db08978239965e8b9e4e5ed42669bf4758186734d5f24"}, +] + [[package]] name = "pillow" version = "10.4.0" @@ -1330,6 +1446,25 @@ urllib3 = ">=1.21.1,<3" socks = ["PySocks (>=1.5.6,!=1.5.7)"] use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"] +[[package]] +name = "rich" +version = "13.8.0" +description = "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal" +optional = false +python-versions = ">=3.7.0" +files = [ + {file = "rich-13.8.0-py3-none-any.whl", hash = "sha256:2e85306a063b9492dffc86278197a60cbece75bcb766022f3436f567cae11bdc"}, + {file = "rich-13.8.0.tar.gz", hash = "sha256:a5ac1f1cd448ade0d59cc3356f7db7a7ccda2c8cbae9c7a90c28ff463d3e91f4"}, +] + +[package.dependencies] +markdown-it-py = ">=2.2.0" +pygments = ">=2.13.0,<3.0.0" +typing-extensions = {version = ">=4.0.0,<5.0", markers = "python_version < \"3.9\""} + +[package.extras] +jupyter = ["ipywidgets (>=7.5.1,<9)"] + [[package]] name = "ruff" version = "0.5.7" @@ -1579,6 +1714,20 @@ files = [ dev = ["build", "hatch"] doc = ["sphinx"] +[[package]] +name = "stevedore" +version = "5.3.0" +description = "Manage dynamic plugins for Python applications" +optional = false +python-versions = ">=3.8" +files = [ + {file = "stevedore-5.3.0-py3-none-any.whl", hash = "sha256:1efd34ca08f474dad08d9b19e934a22c68bb6fe416926479ba29e5013bcc8f78"}, + {file = "stevedore-5.3.0.tar.gz", hash = "sha256:9a64265f4060312828151c204efbe9b7a9852a0d9228756344dbc7e4023e375a"}, +] + +[package.dependencies] +pbr = ">=2.0.0" + [[package]] name = "termcolor" version = "2.4.0" @@ -1593,6 +1742,17 @@ files = [ [package.extras] tests = ["pytest", "pytest-cov"] +[[package]] +name = "toml" +version = "0.10.2" +description = "Python Library for Tom's Obvious, Minimal Language" +optional = false +python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" +files = [ + {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"}, + {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"}, +] + [[package]] name = "tomli" version = "2.0.1" @@ -1714,18 +1874,22 @@ files = [ [[package]] name = "zipp" -version = "3.20.0" +version = "3.20.1" description = "Backport of pathlib-compatible object wrapper for zip files" optional = false python-versions = ">=3.8" files = [ - {file = "zipp-3.20.0-py3-none-any.whl", hash = "sha256:58da6168be89f0be59beb194da1250516fdaa062ccebd30127ac65d30045e10d"}, - {file = "zipp-3.20.0.tar.gz", hash = "sha256:0145e43d89664cfe1a2e533adc75adafed82fe2da404b4bbb6b026c0157bdb31"}, + {file = "zipp-3.20.1-py3-none-any.whl", hash = "sha256:9960cd8967c8f85a56f920d5d507274e74f9ff813a0ab8889a5b5be2daf44064"}, + {file = "zipp-3.20.1.tar.gz", hash = "sha256:c22b14cc4763c5a5b04134207736c107db42e9d3ef2d9779d465f5f1bcba572b"}, ] [package.extras] +check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1)"] +cover = ["pytest-cov"] doc = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-lint"] -test = ["big-O", "importlib-resources", "jaraco.functools", "jaraco.itertools", "jaraco.test", "more-itertools", "pytest (>=6,!=8.1.*)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=2.2)", "pytest-ignore-flaky", "pytest-mypy", "pytest-ruff (>=0.2.1)"] +enabler = ["pytest-enabler (>=2.2)"] +test = ["big-O", "importlib-resources", "jaraco.functools", "jaraco.itertools", "jaraco.test", "more-itertools", "pytest (>=6,!=8.1.*)", "pytest-ignore-flaky"] +type = ["pytest-mypy"] [extras] docs = [] @@ -1733,4 +1897,4 @@ docs = [] [metadata] lock-version = "2.0" python-versions = "^3.8" -content-hash = "a3337569b6a4014a3656fbd9ea9cd5dd920db135e7fbee0cba2d729781ce6218" +content-hash = "5e15204c3430fee5fe47317470fdcf6ae7b5debb54018e1436528280f9769a69" diff --git a/pyproject.toml b/pyproject.toml index 4eb0991..bdc55fb 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -37,12 +37,15 @@ pytest = "^8.3.2" pytest-cov = "^5.0.0" ruff = "^0.5.7" commitizen = "^3.29.0" +bandit = {extras = ["toml"], version = "^1.7.9"} +django-debug-toolbar = "^4.4.6" +django-migration-linter = "^5.1.0" [tool.poetry.extras] docs = ["sphinx", "sphinx-rtd-theme"] [tool.pytest.ini_options] -addopts = "--cov=. --cov-report=term-missing --cov-report=html" +addopts = "--cov --cov-report=term-missing --cov-report=html --cov-fail-under=90" DJANGO_SETTINGS_MODULE = "kernel.settings" python_files = ["tests.py", "test_*.py"] testpaths = ["tests"] @@ -59,6 +62,25 @@ norecursedirs = [ "kernel" ] +[tool.bandit] +targets = ["./sage_newsletter"] +exclude_dirs = [ + "tests", + "migrations", +] +severity = "medium" +confidence = "medium" +max_lines = 500 +progress = true +reports = true +output_format = "screen" +output_file = "bandit_report.txt" +include = ["B101", "B102"] +exclude_tests = ["B301", "B302"] + +[tool.bandit.plugins] +B104 = { check_typed_list = true } + [tool.coverage.run] omit = [ "*/migrations/*", From 3a0e008d1fcc5464210c11f8b67087b7de637a81 Mon Sep 17 00:00:00 2001 From: ARYAN-NIKNEZHAD Date: Thu, 29 Aug 2024 14:44:29 +0430 Subject: [PATCH 2/2] :wrench: chore: Update pyproject.toml config - Add bandit config in toml - Add django-migrations-linter&debug-toolbar - Update lock file --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index bdc55fb..73b27d8 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -63,7 +63,7 @@ norecursedirs = [ ] [tool.bandit] -targets = ["./sage_newsletter"] +targets = ["./sage_qrcode"] exclude_dirs = [ "tests", "migrations",