Fix quality tooling (#802)

* Fix Black Black wants it different now. * Fix problem after requests update requests changed the error message * Fix Bandit - Bandit is a bit too eager flagging hardcoded secrets. - Bandit 1.7.3 breaks with Py 3.9 PyCQA/bandit#838 * Update pylama.ini complexity check of mccabe seems to ignore configuration, so ignore for now
CZ-NIC · Feb 28, 2022 · a1acf4c · a1acf4c
1 parent bd510e4
commit a1acf4c
Show file tree

Hide file tree

Showing 9 changed files with 10 additions and 11 deletions.
diff --git a/oidc_example/rp2/oidc.py b/oidc_example/rp2/oidc.py
@@ -37,7 +37,7 @@ def __init__(self, attribute_map=None, authenticating_authority=None,
  self.authenticating_authority = authenticating_authority
  self.name = name
  self.client_id = ""
- self.client_secret = ""
+ self.client_secret = "" # nosec
 
  for param in ["client_id", "client_secret"]:
  try:

diff --git a/oidc_example/rp2/rp2.py b/oidc_example/rp2/rp2.py
@@ -215,7 +215,7 @@ def application(environ, start_response):
  return resp(environ, start_response)
 
  RP.srv_discovery_url = link
- h = hashlib.sha256()
+ h = hashlib.new('sha256')
  h.update(link.encode("utf-8"))
  opkey = base64.b16encode(h.digest()).decode("utf-8")
  session['callback'] = True

diff --git a/pylama.ini b/pylama.ini
@@ -2,7 +2,7 @@
 linters = pyflakes,eradicate,pycodestyle,mccabe
 # D203/D204 and D212/D213 are mutually exclusive, pick one
 # E203 is not PEP8 compliant in pycodestyle
-ignore = D203,D212,E203
+ignore = D203,D212,E203,C901
 
 [pylama:pycodestyle]
 max_line_length = 120

diff --git a/src/oic/oauth2/__init__.py b/src/oic/oauth2/__init__.py
@@ -277,7 +277,7 @@ def get_client_secret(self) -> str:
 
  def set_client_secret(self, val: str):
  if not val:
- self._c_secret = ""
+ self._c_secret = "" # nosec
  else:
  self._c_secret = val
  # client uses it for signing

diff --git a/src/oic/oauth2/consumer.py b/src/oic/oauth2/consumer.py
@@ -1,7 +1,7 @@
+import hashlib
 import logging
 import time
 import warnings
-from hashlib import sha256
 from typing import Dict
 
 from oic import rndstr
@@ -46,7 +46,7 @@ def stateID(url, seed):
  pass
 
  # Mostly cargo cult, we could just use rndstr(16)
- ident = sha256()
+ ident = hashlib.new("sha256")
  ident.update(repr(time.time()).encode())
  ident.update(url.encode())
  ident.update(seed)

diff --git a/src/oic/oic/__init__.py b/src/oic/oic/__init__.py
@@ -855,7 +855,7 @@ def user_info_request(self, method="GET", state="", scope="", **kwargs):
  if kwargs["token"]:
  uir["access_token"] = kwargs["token"]
  token = Token()
- token.token_type = "Bearer"
+ token.token_type = "Bearer" # nosec
  token.access_token = kwargs["token"]
  kwargs["behavior"] = "use_authorization_header"
  else:
@@ -1326,7 +1326,7 @@ def generate_request_uris(self, request_dir):
 
  :return: A list of uris
  """
- m = hashlib.sha256()
+ m = hashlib.new("sha256")
  m.update(as_bytes(self.provider_info["issuer"]))
  m.update(as_bytes(self.base_url))
  return "{}{}/{}".format(self.base_url, request_dir, m.hexdigest())

diff --git a/src/oic/oic/consumer.py b/src/oic/oic/consumer.py
@@ -189,7 +189,7 @@ def __init__(
  self.request_uri = ""
  self.user_info = None
  self.registration_expires_at = 0
- self.secret_type = "Bearer"
+ self.secret_type = "Bearer" # nosec
 
  def update(self, sid):
  """

diff --git a/src/oic/utils/userinfo/aa_info.py b/src/oic/utils/userinfo/aa_info.py
@@ -12,7 +12,6 @@
  class AaUserInfo(UserInfo):
  pass
 
-
 else:
 
  class AaUserInfo(UserInfo): # type: ignore

diff --git a/tests/test_oic_provider.py b/tests/test_oic_provider.py
@@ -1351,7 +1351,7 @@ def test_verify_sector_identifier_no_scheme(self):
  # First log record is from server...
  assert isinstance(logcap.records[1].msg, MissingSchema)
  error = (
- "Invalid URL 'example.com': No schema supplied. Perhaps you meant "
+ "Invalid URL 'example.com': No scheme supplied. Perhaps you meant "
  "http://example.com?"
  )
  assert str(logcap.records[1].msg) == error