Merge pull request #3 from ilbumi/add_safety_checks

Add safety checks

Author: ilbumi

project/config/bandit.toml

@@ -0,0 +1,3 @@
+[tool.bandit]
+exclude_dirs = ["tests"]
+skips = ["B101"]

project/noxfile.py.jinja

@@ -1,24 +1,22 @@
 """File with common jobs definitions. Run them with 'pdm run nox -e [job_name]'."""
 import os
+import tempfile
 
 import nox
 from nox.sessions import Session
 
 os.environ.update(PDM_IGNORE_SAVED_PYTHON="1", PDM_USE_VENV="1")
 
-PYSRC = [
-    "src/",
-    "noxfile.py",
-    "tests/"
-]
+PYSRC = ["src/", "noxfile.py", "tests/"]
+
 
 @nox.session
 def test(session: Session) -> None:
     """Run tests.
 
     Args:
         session (Session): nox session object
-    """      
+    """
     session.run_always("pdm", "install", "-G", "ci-tests", external=True)
     session.run("pytest", "tests/")
 
@@ -56,3 +54,18 @@ def check_types(session: Session) -> None:
     session.run_always("pdm", "install", "-G", "ci-quality", external=True)
     session.run("mypy", "--config-file", "config/mypy.ini", *PYSRC)
 
+
+@nox.session
+def check_safety(session: Session) -> None:
+    """Run safety checks.
+
+    Args:
+        session (Session): nox session object
+    """
+    session.run_always("pdm", "install", "-G", "ci-quality", external=True)
+    session.run("bandit", "--configfile", "config/bandit.toml", *PYSRC)
+    with tempfile.NamedTemporaryFile() as requirements:
+        session.run(
+            "pdm", "export", "-f", "requirements", "-o", requirements.name, "--without-hashes", external=True
+        )
+        session.run("safety", "check", f"--file={requirements.name}", "--full-report")

tests/test_generate.sh

@@ -21,6 +21,7 @@ echo
 pdm run nox -e format
 pdm run nox -e check_types
 pdm run nox -e lint
+pdm run nox -e check_safety
 
 popd
 rm -rf $DEST