Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[flake8-bandit] Report all references to suspicious functions (S3) #15541

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

[flake8-bandit] Report all references to suspicious functions (S3) #15541

wants to merge 5 commits into from

Conversation

InSyncWithFoo
Copy link
Contributor

Summary

Resolves #15522.

Test Plan

cargo nextest run and cargo insta test.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 17, 2025
edited
Loading

ruff-ecosystem results

Linter (stable)

✅ ecosystem check detected no linter changes.

Linter (preview)

ℹ️ ecosystem check detected linter changes. (+8 -0 violations, +0 -0 fixes in 2 projects; 53 projects unchanged)

apache/airflow (+7 -0 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --no-fix --output-format concise --preview --select ALL

+ providers/src/airflow/providers/ftp/hooks/ftp.py:66:24: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ providers/src/airflow/providers/ftp/operators/ftp.py:201:24: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ providers/src/airflow/providers/ftp/sensors/ftp.py:84:20: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ providers/tests/ftp/sensors/test_ftp.py:54:28: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ providers/tests/ftp/sensors/test_ftp.py:67:28: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ providers/tests/ftp/sensors/test_ftp.py:80:28: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ tests/decorators/test_python.py:74:26: S307 Use of possibly insecure function; consider using `ast.literal_eval`

apache/superset (+1 -0 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --no-fix --output-format concise --preview --select ALL

+ superset/migrations/versions/2023-05-01_12-03_9c2a5681ddfd_convert_key_value_entries_to_json.py:46:27: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue

Changes by rule (3 rules affected)

code total + violation - violation + fix - fix
S321 6 6 0 0 0
S307 1 1 0 0 0
S301 1 1 0 0 0

@InSyncWithFoo InSyncWithFoo marked this pull request as draft January 17, 2025 00:31
@InSyncWithFoo InSyncWithFoo changed the title [flake8-bandit] Report all references (S3) [flake8-bandit] Report all references to suspicious functions (S3) Jan 17, 2025
@InSyncWithFoo InSyncWithFoo marked this pull request as ready for review January 17, 2025 02:30
@InSyncWithFoo
Copy link
Contributor Author

The ecosystem changes are mostly as expected, except for this:

@apache/airflow:

class FTPSHook(FTPHook):
    def get_conn(self) -> ftplib.FTP:
#                         ^^^^^^^^^^

Should references in type hints be reported?

@dhruvmanila
Copy link
Member

Should references in type hints be reported?

I think we should ignore them which, I think, is what you've done as well in this PR.

@dhruvmanila dhruvmanila added rule Implementing or modifying a lint rule preview Related to preview mode features labels Jan 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhruvmanila dhruvmanila dhruvmanila left review comments

Assignees
No one assigned
Labels
preview Related to preview mode features rule Implementing or modifying a lint rule
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

flake8-bandit rules does not check eval in callback position
2 participants
@InSyncWithFoo @dhruvmanila