10000 [fix] bandit reports by motorina0 · Pull Request #2994 · lnbits/lnbits · GitHub
[go: up one dir, main page]
Skip to content

[fix] bandit reports #2994

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 35 commits into from
Closed

[fix] bandit reports #2994

wants to merge 35 commits into from

Conversation

motorina0
Copy link
Collaborator
@motorina0 motorina0 commented Feb 24, 2025
edited
Loading

https://github.com/PyCQA/bandit

poetry run bandit -r -v -r . -c "pyproject.toml"

Temp excluded skips = ["B101"] (should be added back in)

Issue: [B101:assert_used] Use of assert detected. 
The enclosed code will be removed when compiling to optimised byte code.

@motorina0 motorina0 requested a review from dni February 24, 2025 13:35
motorina0
motorina0 commented Feb 24, 2025
View reviewed changes
@codecov Codecov
Copy link
codecov bot commented Feb 24, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 54.70588% with 77 lines in your changes missing coverage. Please review.

Project coverage is 61.45%. Comparing base (ec77a00) to head (9351c10).
Report is 132 commits behind head on dev.

Files with missing lines Patch % Lines
lnbits/wallets/blink.py 20.00% 8 Missing ⚠️
lnbits/core/services/lnurl.py 0.00% 6 Missing ⚠️
lnbits/commands.py 0.00% 5 Missing ⚠️
lnbits/utils/nostr.py 64.28% 5 Missing ⚠️
lnbits/core/migrations.py 0.00% 4 Missing ⚠️
lnbits/core/models/extensions.py 0.00% 4 Missing ⚠️
lnbits/core/services/extensions.py 0.00% 4 Missing ⚠️
lnbits/wallets/corelightningrest.py 63.63% 4 Missing ⚠️
lnbits/wallets/lntips.py 0.00% 4 Missing ⚠️
lnbits/core/crud/payments.py 57.14% 3 Missing ⚠️
... and 17 more
Additional details and impacted files 
@@            Coverage Diff             @@
##              dev    #2994      +/-   ##
==========================================
- Coverage   61.71%   61.45%   -0.26%     
==========================================
  Files         104      104              
  Lines       13128    13168      +40     
==========================================
- Hits         8102     8093       -9     
- Misses       5026     5075      +49

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

motorina0 and others added 19 commits March 3, 2025 22:24
@motorina0 @dni
feat: add bandit
085a3f7
@motorina0 @dni
fix: some bandit reports
5603007
@motorina0 @dni
fix: bandit issues
d210c13
@motorina0 @dni
chore: code clean-up
2c52722
@dni
ignore .venv
7d44cf1
@dni
add bandit to makefile
69511a8
@dni
fix dbdump
f819370
@dni
dont use urlopen
efe38aa
@dni
work on sql issues
8fdbb11
@dni
rename username and password trigger, hardcoded pw warning
9dcf701
@dni
run bandit rules through ruff
959bb94
@dni
remove bandit config
ea29809
@dni
fix: python versions were defined incorrectly and remove 3.9 (#3006)
aa683e9 
* chore: update requirements to python3.10
* chore: format RUF007 rule for py310
* wrongly specified python version
python3.13 there is a greenlet build error
@motorina0 @dni
feat: add bandit
6d24c1b
@dni
run bandit rules through ruff
b978fe0
@dni
ignore hardcoded pws in test_ath
bc94d31
@dni
fix ignore
71bc586
@dni
fix renaming, more faingrained ignores
6e05894
@dni
fix unsafe random
66acf21
@dni dni marked this pull request as ready for review March 3, 2025 22:47
@dni
Copy link
Member
dni commented Mar 3, 2025

bandit runs in ci now and you can just run it with ruff make ruff

@motorina0 motorina0 marked this pull request as draft April 11, 2025 10:48
@motorina0
Copy link
Collaborator Author

closed in favor of: #3241

@motorina0 motorina0 closed this Jul 4, 2025
@dni dni deleted the add_bandit branch July 8, 2025 06:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dni dni dni approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@motorina0 @dni
0