Skip to content

Commit

Permalink
Update Github actions
Browse files Browse the repository at this point in the history
  • Loading branch information
@cherriae
cherriae committed Nov 19, 2024
1 parent 408e150 commit 61190a9
Show file tree
Hide file tree
Showing 13 changed files with 167 additions and 273 deletions.
161 changes: 23 additions & 138 deletions .github/workflows/bandit.yml
View file
Original file line number Diff line number Diff line change
@@ -1,144 +1,29 @@
name: Bandit by PyCQA
description: The official Bandit Action developed by PyCQA
author: '@PyCQA'
name: Bandit Code Security

branding:
icon: 'shield'
color: 'black'
on: [push, pull_request]

inputs:
configfile:
description: |
Optional config file to use for selecting plugins and overriding defaults
required: false
default: 'DEFAULT'
profile:
description: |
Profile to use (defaults to executing all tests)
required: false
default: 'DEFAULT'
tests:
description: |
Comma-separated list of test IDs to run
required: false
default: 'DEFAULT'
skips:
description: |
Comma-separated list of test IDs to skip
required: false
default: 'DEFAULT'
severity:
description: |
Report only issues of a given severity level or higher. "all" and "low"
are likely to produce the same results, but it is possible for rules to
be undefined which will not be listed in "low". Options include:
{all, high, medium, low}
required: false
default: 'DEFAULT'
confidence:
description: |
Report only issues of a given confidence level or higher. "all" and "low"
are likely to produce the same results, but it is possible for rules to
be undefined which will not be listed in "low". Options include:
{all, high, medium, low}
required: false
default: 'DEFAULT'
exclude:
description: |
Comma-separated list of paths (glob patterns supported) to exclude from
scan (note that these are in addition to the excluded paths provided in
the config file)
required: false
default: '.svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg'
baseline:
description: |
Path of a baseline report to compare against (only JSON-formatted files
are accepted)
required: false
default: 'DEFAULT'
ini:
description: |
Path to a .bandit file that supplies command line arguments
required: false
default: 'DEFAULT'
targets:
description: |
Source file(s) or directory(s) to be tested
required: true
default: '.'
jobs:
bandit:
runs-on: ubuntu-latest
steps:
- name: Set up Python 3.9
uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install Bandit
shell: bash
run: pip install bandit[sarif]

runs:
using: composite
steps:
- name: Set up Python 3.9
uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Checkout repository
uses: actions/checkout@v4

- name: Install Bandit
shell: bash
run: pip install bandit[sarif]
- name: Scan
shell: bash
run: bandit -c bandit.yml -r -f sarif -o resulat.sarif .

- name: Checkout repository
uses: actions/checkout@v4
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif

- name: Run Bandit
shell: bash
run: |
if [ "$INPUT_CONFIGFILE" == "DEFAULT" ]; then
CONFIGFILE=""
else
CONFIGFILE="-c $INPUT_CONFIGFILE"
fi
if [ "$INPUT_PROFILE" == "DEFAULT" ]; then
PROFILE=""
else
PROFILE="-p $INPUT_PROFILE"
fi
if [ "$INPUT_TESTS" == "DEFAULT" ]; then
TESTS=""
else
TESTS="-t $INPUT_TESTS"
fi
if [ "$INPUT_SKIPS" == "DEFAULT" ]; then
SKIPS=""
else
SKIPS="-s $INPUT_SKIPS"
fi
if [ "$INPUT_SEVERITY" == "DEFAULT" ]; then
SEVERITY=""
else
SEVERITY="--severity-level $INPUT_SEVERITY"
fi
if [ "$INPUT_CONFIDENCE" == "DEFAULT" ]; then
CONFIDENCE=""
else
CONFIDENCE="--confidence-level $INPUT_CONFIDENCE"
fi
if [ "$INPUT_BASELINE" == "DEFAULT" ]; then
BASELINE=""
else
BASELINE="-b $INPUT_BASELINE"
fi
if [ "$INPUT_INI" == "DEFAULT" ]; then
INI=""
else
INI="--ini $INPUT_INI"
fi
bandit $CONFIGFILE $PROFILE $TESTS $SKIPS $SEVERITY $CONFIDENCE -x $INPUT_EXCLUDE $BASELINE $INI -r $INPUT_TARGETS -f sarif -o results.sarif || true
env:
INPUT_CONFIGFILE: ${{ inputs.configfile }}
INPUT_PROFILE: ${{ inputs.profile }}
INPUT_TESTS: ${{ inputs.tests }}
INPUT_SKIPS: ${{ inputs.skips }}
INPUT_SEVERITY: ${{ inputs.severity }}
INPUT_CONFIDENCE: ${{ inputs.confidence }}
INPUT_EXCLUDE: ${{ inputs.exclude }}
INPUT_BASELINE: ${{ inputs.baseline }}
INPUT_INI: ${{ inputs.ini }}
INPUT_TARGETS: ${{ inputs.targets }}

- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif

26 changes: 0 additions & 26 deletions .github/workflows/mypy.yml
View file

This file was deleted.

23 changes: 0 additions & 23 deletions .github/workflows/pylint.yml
View file

This file was deleted.

11 changes: 7 additions & 4 deletions app/app.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,16 +11,18 @@
mongo = PyMongo()
login_manager = LoginManager()


def create_app():
app = Flask(__name__, static_folder='static', template_folder='templates')

# Load config
load_dotenv()
app.config.update(
SECRET_KEY=os.getenv('SECRET_KEY', 'team334'),
SESSION_COOKIE_HTTPONLY=True,
SESSION_COOKIE_SECURE=True,
MONGO_URI=os.getenv('MONGO_URI', 'mongodb://localhost:27017/scouting_app')
MONGO_URI=os.getenv(
'MONGO_URI', 'mongodb://localhost:27017/scouting_app')
)

mongo.init_app(app)
Expand Down Expand Up @@ -61,9 +63,10 @@ def load_user(user_id):
@app.route('/')
def index():
return render_template('index.html')

return app


if __name__ == '__main__':
app = create_app()
app.run(debug=True)
app.run()
2 changes: 1 addition & 1 deletion app/auth/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,4 @@
'UserManager',
'init_auth_routes',
'auth_bp',
]
]
17 changes: 12 additions & 5 deletions app/auth/auth_utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)


def with_mongodb_retry(retries=3, delay=2):
def decorator(f):
@wraps(f)
Expand All @@ -21,14 +22,17 @@ async def wrapper(*args, **kwargs):
except (ServerSelectionTimeoutError, ConnectionFailure) as e:
last_error = e
if attempt < retries - 1: # don't sleep on last attempt
logger.warning(f"Attempt {attempt + 1} failed: {str(e)}. Retrying...")
logger.warning(
f"Attempt {attempt + 1} failed: {str(e)}. Retrying...")
time.sleep(delay)
else:
logger.error(f"All {retries} attempts failed: {str(e)}")
logger.error(
f"All {retries} attempts failed: {str(e)}")
raise last_error
return wrapper
return decorator


async def check_password_strength(password):
"""
Check if password meets minimum requirements:
Expand All @@ -38,6 +42,7 @@ async def check_password_strength(password):
return False, "Password must be at least 8 characters long"
return True, "Password meets all requirements"


class UserManager:
def __init__(self, mongo_uri):
self.mongo_uri = mongo_uri
Expand All @@ -49,7 +54,8 @@ def connect(self):
"""Establish connection to MongoDB with basic error handling"""
try:
if self.client is None:
self.client = MongoClient(self.mongo_uri, serverSelectionTimeoutMS=5000)
self.client = MongoClient(
self.mongo_uri, serverSelectionTimeoutMS=5000)
# Test the connection
self.client.server_info()
self.db = self.client.get_default_database()
Expand All @@ -72,7 +78,8 @@ def ensure_connected(self):
# Test if connection is still alive
self.client.server_info()
except Exception:
logger.warning("Lost connection to MongoDB, attempting to reconnect...")
logger.warning(
"Lost connection to MongoDB, attempting to reconnect...")
self.connect()

@with_mongodb_retry(retries=3, delay=2)
Expand Down Expand Up @@ -149,4 +156,4 @@ def get_user_by_id(self, user_id):
def __del__(self):
"""Cleanup MongoDB connection"""
if self.client:
self.client.close()
self.client.close()
Loading

0 comments on commit 61190a9

Please sign in to comment.