Merge branch 'feature_bandit_#30' into 'master'

aleksandr-kotlyar · aleksandr-kotlyar · commit d78c03b68019 · 2020-11-05T20:29:01.000Z
Integrate bandit as pipeline security stage job. #30

Closes #36 and #30

See merge request aleksandr-kotlyar/python_and_gitlab!76
diff --git a/.gitlab/.gitlab-ci.yml b/.gitlab/.gitlab-ci.yml
@@ -1,4 +1,4 @@
-image: registry.gitlab.com/aleksandr-kotlyar/python_and_gitlab/python-3.7.6-alpine-req:ver-13-ssl-fix
+image: registry.gitlab.com/aleksandr-kotlyar/python_and_gitlab/python-3.7.6-alpine-req:ver-14-mimesis-4.1.2
 
 stages:
   - build
diff --git a/.gitlab/security.yml b/.gitlab/security.yml
@@ -27,3 +27,13 @@ Trivy:
     - trivy filesystem --exit-code 1 --skip-dirs /builds/gitlab-org-forks/ --cache-dir .trivycache/ /
   tags:
     - gitlab-org
+
+Bandit:
+  stage: security
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" || $CI_PIPELINE_SOURCE == "push"'
+  script:
+    - pip3 install bandit
+    - bandit -x $(pwd)/.venv/ -r $(pwd) -s B101
+  tags:
+    - gitlab-org
diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,10 @@
 FROM python:3.7.6-alpine
-COPY requirements.txt /app/requirements.txt
 WORKDIR /app
 RUN apk --no-cache -U add curl \
     gcc \
     libc-dev \
     libcrypto1.1=1.1.1g-r0 \
     libssl1.1=1.1.1g-r0 \
     sqlite-libs=3.30.1-r2
+COPY requirements.txt /app/requirements.txt
 RUN pip3 install --no-cache-dir -r requirements.txt
diff --git a/requirements.txt b/requirements.txt
@@ -11,4 +11,5 @@ anybadge==1.6.2
 voluptuous==0.11.7
 pytest-voluptuous==1.1.0
 curlify==2.2.1
-webdriver_manager==2.3.0
+webdriver_manager==2.3.0
+mimesis==4.1.2
diff --git a/src/test/test_duplicates.py b/src/test/test_duplicates.py
@@ -1,9 +1,9 @@
 import logging
-import random
 from collections import defaultdict
 from logging import info
 
 from assertpy import soft_assertions, assert_that
+from mimesis.random import Random
 from pytest import mark
 
 SOMETHING = [
@@ -36,14 +36,10 @@ def test_list_of_dictionaries_does_not_duplicate_by_some_key_value():
                 f'key "{key}"" has duplicates "{new_some_view[key]}"').is_less_than_or_equal_to(1)
 
 
-def random_list(start, stop, _len):
-    return [random.randint(start, stop) for i in range(_len)]
-
-
 @mark.parametrize('some_list', [
-    ([20, 30, 20, 30, 40, 50, 15, 11, 20, 40, 50, 15, 6, 7]),
-    ([9, 5, 4]),
-    random_list(start=0, stop=4, _len=4),
+    [20, 30, 20, 30, 40, 50, 15, 11, 20, 40, 50, 15, 6, 7],
+    [9, 5, 4],
+    Random().randints(20, 0, 10),
 ])
 def test_list_doesnt_have_duplicates(some_list):
     some_list.sort()

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-image: registry.gitlab.com/aleksandr-kotlyar/python_and_gitlab/python-3.7.6-alpine-req:ver-13-ssl-fix`
	`1`	`+image: registry.gitlab.com/aleksandr-kotlyar/python_and_gitlab/python-3.7.6-alpine-req:ver-14-mimesis-4.1.2`
`2`	`2`
`3`	`3`	`stages:`
`4`	`4`	`- build`