counterweight/arbret
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add bandit for Python security linting

Browse source 
- Add bandit as dev dependency
- Configure in pyproject.toml (exclude venv/tests)
- Skip B101 (assert) and B311 (random for non-crypto)
- Add Makefile target: security-backend
This commit is contained in:
counterweight 2025-12-21 21:56:46 +01:00
parent 6a2d7155cb
commit 30583805cd
Signed by: counterweight
GPG key ID: 883EDBAA726BD96C
2 changed files with 12 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Makefile
View file

@ -1,4 +1,4 @@
.PHONY: install-backend install-frontend install setup-hooks backend frontend db db-stop db-ready db-seed dev test test-backend test-frontend test-e2e typecheck generate-types generate-types-standalone check-types-fresh check-constants lint-backend format-backend fix-backend .PHONY: install-backend install-frontend install setup-hooks backend frontend db db-stop db-ready db-seed dev test test-backend test-frontend test-e2e typecheck generate-types generate-types-standalone check-types-fresh check-constants lint-backend format-backend fix-backend security-backend
-include .env -include .env
export export
@ -102,3 +102,6 @@ format-backend:
fix-backend: fix-backend:
cd backend && uv run ruff check --fix . && uv run ruff format . cd backend && uv run ruff check --fix . && uv run ruff format .
security-backend:
cd backend && uv run bandit -r . -c pyproject.toml

8
backend/pyproject.toml
View file

@ -22,6 +22,7 @@ dev = [
"mypy>=1.13.0", "mypy>=1.13.0",
"ruff>=0.14.10", "ruff>=0.14.10",
"pytest-cov>=7.0.0", "pytest-cov>=7.0.0",
"bandit>=1.9.2",
] ]
[tool.mypy] [tool.mypy]
@ -68,3 +69,10 @@ exclude_lines = [
] ]
show_missing = true show_missing = true
[tool.bandit]
exclude_dirs = ["tests", ".venv"]
skips = [
"B101", # assert warnings (used in tests)
"B311", # random for non-security purposes (invite codes)
]