Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[flake8-bandit] Report all references to suspicious functions (S3) #15541

Merged
merged 7 commits into from
Jan 20, 2025
Merged

[flake8-bandit] Report all references to suspicious functions (S3) #15541

merged 7 commits into from
Jan 20, 2025
+789 −30

Conversation

InSyncWithFoo
Copy link
Contributor

Summary

Resolves #15522.

Test Plan

cargo nextest run and cargo insta test.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 17, 2025
edited
Loading

ruff-ecosystem results

Linter (stable)

✅ ecosystem check detected no linter changes.

Linter (preview)

ℹ️ ecosystem check detected linter changes. (+8 -0 violations, +0 -0 fixes in 2 projects; 53 projects unchanged)

apache/airflow (+7 -0 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --no-fix --output-format concise --preview --select ALL

+ providers/src/airflow/providers/ftp/hooks/ftp.py:66:24: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ providers/src/airflow/providers/ftp/operators/ftp.py:201:24: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ providers/src/airflow/providers/ftp/sensors/ftp.py:84:20: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ providers/tests/ftp/sensors/test_ftp.py:54:28: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ providers/tests/ftp/sensors/test_ftp.py:67:28: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ providers/tests/ftp/sensors/test_ftp.py:80:28: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ tests/decorators/test_python.py:74:26: S307 Use of possibly insecure function; consider using `ast.literal_eval`

apache/superset (+1 -0 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --no-fix --output-format concise --preview --select ALL

+ superset/migrations/versions/2023-05-01_12-03_9c2a5681ddfd_convert_key_value_entries_to_json.py:46:27: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue

Changes by rule (3 rules affected)

code total + violation - violation + fix - fix
S321 6 6 0 0 0
S307 1 1 0 0 0
S301 1 1 0 0 0

@InSyncWithFoo InSyncWithFoo marked this pull request as draft January 17, 2025 00:31
@InSyncWithFoo InSyncWithFoo changed the title [flake8-bandit] Report all references (S3) [flake8-bandit] Report all references to suspicious functions (S3) Jan 17, 2025
@InSyncWithFoo InSyncWithFoo marked this pull request as ready for review January 17, 2025 02:30
@InSyncWithFoo
Copy link
Contributor Author

The ecosystem changes are mostly as expected, except for this:

@apache/airflow:

class FTPSHook(FTPHook):
    def get_conn(self) -> ftplib.FTP:
#                         ^^^^^^^^^^

Should references in type hints be reported?

@dhruvmanila
Copy link
Member

Should references in type hints be reported?

I think we should ignore them which, I think, is what you've done as well in this PR.

@dhruvmanila dhruvmanila added rule Implementing or modifying a lint rule preview Related to preview mode features labels Jan 17, 2025
@dhruvmanila dhruvmanila enabled auto-merge (squash) January 20, 2025 08:38
@dhruvmanila dhruvmanila disabled auto-merge January 20, 2025 08:38
@dhruvmanila
Copy link
Member

Updating the docs with the new preview behavior and then will merge.

@dhruvmanila dhruvmanila enabled auto-merge (squash) January 20, 2025 08:59
@dhruvmanila dhruvmanila merged commit 5cd1f79 into astral-sh:main Jan 20, 2025
20 checks passed
@dhruvmanila dhruvmanila mentioned this pull request Jan 20, 2025
Merged
dhruvmanila added a commit that referenced this pull request Jan 20, 2025
@dhruvmanila
Avoid large closure to make rustfmt work (#15609)
d8cabf6 
## Summary

I noticed this while reviewing
#15541 that the code inside the
large closure cannot be formatted by the Rust formatter. This PR
extracts the qualified name and inlines the match expression.

## Test Plan

`cargo clippy` and `cargo insta`
@InSyncWithFoo InSyncWithFoo deleted the S307 branch January 20, 2025 12:58
@BrewTestBot BrewTestBot mentioned this pull request Jan 23, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhruvmanila dhruvmanila dhruvmanila approved these changes

Assignees
No one assigned
Labels
preview Related to preview mode features rule Implementing or modifying a lint rule
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

flake8-bandit rules does not check eval in callback position
2 participants
@InSyncWithFoo @dhruvmanila