added bandit

btr1975 · btr1975 · commit e5047af63e1b · 2025-03-22T14:21:32.000-05:00
diff --git a/Makefile b/Makefile
@@ -3,15 +3,15 @@
 # Version: 1.0.0
 #
 
-.PHONY: all info coverage pytest black
+.PHONY: all info coverage pytest black security
 
 info:
 	@echo "make options"
 	@echo "    black     To format code with black"
 	@echo "    coverage  To run coverage and display ASCII and output to htmlcov"
 	@echo "    pytest    To run pytest with verbose option"
 
-all: coverage black pylint
+all: black pylint coverage security vulnerabilities
 
 coverage:
 	@pytest --cov --cov-report=html -vvv
@@ -25,3 +25,9 @@ pylint:
 black:
 	@black hooks/
 	@black tests/
+
+security:
+	@bandit -c pyproject.toml -r .
+
+vulnerabilities:
+	@pip-audit -r requirements.txt
diff --git a/cookiecutter.json b/cookiecutter.json
@@ -43,7 +43,7 @@
         "https"
     ],
     "__template_repo": "https://github.com/btr1975/cookiecutter-python-fastapi-openapi",
-    "__template_version": "1.0.12",
+    "__template_version": "1.0.13",
     "_new_lines": "\n",
     "_copy_without_render": [
         "{{cookiecutter.__app_name}}/templates",
diff --git a/make.bat b/make.bat
@@ -5,10 +5,12 @@ REM Version: 1.0.0
 REM
 
 IF "%1" == "all" (
-    pytest --cov --cov-report=html -vvv
     black hooks\
     black tests\
     pylint hooks\
+    pytest --cov --cov-report=html -vvv
+    bandit -c pyproject.toml -r .
+    pip-audit -r requirements.txt
     GOTO END
 )
 
@@ -33,6 +35,16 @@ IF "%1" == "black" (
     GOTO END
 )
 
+IF "%1" == "security" (
+    bandit -c pyproject.toml -r .
+    GOTO END
+)
+
+IF "%1" == "vulnerabilities" (
+    pip-audit -r requirements.txt
+    GOTO END
+)
+
 @ECHO make options
 @ECHO     coverage  To run coverage and display ASCII and output to htmlcov
 @ECHO     black     To format the code with black
diff --git a/pyproject.toml b/pyproject.toml
@@ -27,3 +27,11 @@ fail-under = 9.9
 
 [tool.black]
 line-length = 120
+
+[tool.bandit]
+exclude_dirs = [
+    "tests",
+    "venv",
+    "docs",
+    "{{cookiecutter.git_repo_name}}",
+]
diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -4,3 +4,5 @@ pytest-cookies~=0.7.0
 pylint~=3.0.2
 pip-audit~=2.7.3
 black~=24.10.0
+bandit~=1.8.3
+pip-audit~=2.7.3
diff --git a/requirements.txt b/requirements.txt
@@ -1 +1 @@
-cookiecutter~=2.5.0
+cookiecutter~=2.6.0
diff --git a/{{cookiecutter.git_repo_name}}/Makefile b/{{cookiecutter.git_repo_name}}/Makefile
@@ -4,14 +4,15 @@
 #
 
 .PHONY: all info build build-container coverage format pylint pytest gh-pages build dev-run start-container \
-	stop-container remove-container check-vuln
+	stop-container remove-container check-vuln check-security
 
 info:
 	@echo "make options"
 	@echo "    all                 To run coverage, format, pylint, and check-vuln"
 	@echo "    build               To build a distribution"
 	@echo "    build-container     To build a container image"
 	@echo "    check-vuln          To check for vulnerabilities in the dependencies"
+	@echo "    check-security      To check for vulnerabilities in the code"
 	@echo "    coverage            To run coverage and display ASCII and output to htmlcov"
 	@echo "    dev-run             To run the app"
 	@echo "    format              To format the code with black"
@@ -22,7 +23,7 @@ info:
 	@echo "    remove-container    To remove the container"
 {% if cookiecutter.app_documents_location == 'github-pages' %}	@echo "    gh-pages           To create the GitHub pages"{% endif %}
 
-all: coverage format pylint check-vuln
+all: format pylint coverage check-security check-vuln
 
 build:
 	@python -m build
@@ -84,3 +85,6 @@ remove-container:
 
 check-vuln:
 	@pip-audit -r requirements.txt
+
+check-security:
+	@bandit -c pyproject.toml -r .
diff --git a/{{cookiecutter.git_repo_name}}/make.bat b/{{cookiecutter.git_repo_name}}/make.bat
@@ -1,72 +1,93 @@
 @ECHO OFF
 REM Makefile for project needs
 REM Author: Ben Trachtenberg
-REM Version: 1.0.6
+REM Version: 1.0.7
 REM
 
-IF "%1" == "all" (
-    pytest --cov --cov-report=html -vvv
+SET option=%1
+
+IF "%option%" == "" (
+    GOTO BAD_OPTIONS
+)
+
+IF "%option%" == "all" (
     black {{cookiecutter.__app_name}}/
     black tests/
     pylint {{cookiecutter.__app_name}}\
+    pytest --cov --cov-report=html -vvv
+    bandit -c pyproject.toml -r .
     pip-audit -r requirements.txt
     GOTO END
 )
 
-IF "%1" == "build" (
+IF "%option%" == "build" (
     python -m build
     GOTO END
 )
 
-IF "%1" == "coverage" (
+IF "%option%" == "coverage" (
     pytest --cov --cov-report=html -vvv
     GOTO END
 )
 
-IF "%1" == "pylint" (
+IF "%option%" == "pylint" (
     pylint {{cookiecutter.__app_name}}\
     GOTO END
 )
 
-IF "%1" == "pytest" (
+IF "%option%" == "pytest" (
     pytest --cov -vvv
     GOTO END
 )
 
-IF "%1" == "dev-run" (
+IF "%option%" == "dev-run" (
     python -c "from {{cookiecutter.__app_name}} import cli;cli()" start -p 8080 -r
     GOTO END
 )
 
-IF "%1" == "format" (
+IF "%option%" == "format" (
     black {{cookiecutter.__app_name}}/
     black tests/
     GOTO END
 )
 
-IF "%1" == "check-vuln" (
+IF "%option%" == "check-vuln" (
     pip-audit -r requirements.txt
     GOTO END
 )
 
+IF "%option%" == "check-security" (
+    bandit -c pyproject.toml -r .
+    GOTO END
+)
+
 {% if cookiecutter.app_documents_location == 'github-pages' %}
-IF "%1" == "gh-pages" (
+IF "%option%" == "gh-pages" (
     rmdir /s /q docs\source\code
     sphinx-apidoc -o ./docs/source/code ./{{cookiecutter.__app_name}}
     sphinx-build ./docs ./docs/gh-pages
     GOTO END
 )
 {% endif %}
 
+:OPTIONS
 @ECHO make options
-@ECHO     all                 To run coverage, format, pylint, and check-vuln
-@ECHO     build               To build a distribution
-@ECHO     check-vuln          To check for vulnerabilities
-@ECHO     coverage            To run coverage and display ASCII and output to htmlcov
-@ECHO     dev-run             To run the app
-@ECHO     format              To format the code with black
-@ECHO     pylint              To run pylint
-@ECHO     pytest              To run pytest with verbose option
+@ECHO     all             To run coverage, format, pylint, and check-vuln
+@ECHO     build           To build a distribution
+@ECHO     coverage        To run coverage and display ASCII and output to htmlcov
+@ECHO     dev-run         To run the app
+@ECHO     check-vuln      To check for vulnerabilities in the dependencies
+@ECHO     check-security  To check for vulnerabilities in the code
+@ECHO     format          To format the code with black
+@ECHO     pylint          To run pylint
+@ECHO     pytest          To run pytest with verbose option
 {% if cookiecutter.app_documents_location == 'github-pages' %}@ECHO     gh-pages  To create the GitHub pages{% endif %}
+GOTO END
+
+:BAD_OPTIONS
+@ECHO Argument is missing
+@ECHO Usage: make.bat option
+@ECHO.
+GOTO OPTIONS
 
 :END
diff --git a/{{cookiecutter.git_repo_name}}/pyproject.toml b/{{cookiecutter.git_repo_name}}/pyproject.toml
@@ -100,3 +100,10 @@ fail-under = 9.9
 
 [tool.black]
 line-length = 120
+
+[tool.bandit]
+exclude_dirs = [
+    "tests",
+    "venv",
+    "docs",
+]
diff --git a/{{cookiecutter.git_repo_name}}/requirements-dev.txt b/{{cookiecutter.git_repo_name}}/requirements-dev.txt
@@ -14,4 +14,5 @@ sphinx_rtd_theme
 sphinxcontrib-mermaid
 httpx
 twine
+bandit
 {% if cookiecutter.use_requests == 'y' %}requests-mock{% endif %}

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-cookiecutter~=2.5.0`
	`1`	`+cookiecutter~=2.6.0`