-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathpyproject.toml
147 lines (126 loc) · 5.13 KB
/
pyproject.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
[tool.poetry]
name = 'squarecloud-api'
version = '3.7.2'
description = 'SquareCloud API wrapper'
authors = ['Robert Nogueira <robertlucasnogueira@gmail.com>']
repository = 'https://github.com/squarecloudofc/wrapper-api-py'
documentation = 'https://docs.squarecloud.app/sdks/py'
license = 'MIT License'
readme = 'README.md'
packages = [{ include = "squarecloud" }]
[tool.poetry.dependencies]
python = '^3.13'
typing-extensions = "^4.12.2"
aiohttp = "^3.11.14"
isort = "^6.0.1"
pre-commit = "^4.2.0"
pytest = "^8.3.5"
pytest-asyncio = "^0.26.0"
pytest-cov = "^6.0.0"
pytest-rerunfailures = "^15.0"
ruff = "^0.11.2"
taskipy = "^1.14.1"
pydantic = "2.9.2"
bandit = {extras = ["toml"], version = "^1.8.3"}
cz-conventional-gitmoji = "^0.7.0"
[tool.poetry.extras]
pydantic = ["pydantic"]
[tool.poetry.group.dev.dependencies]
memory-profiler = '^0.61.0'
requests = '^2.31.0'
python-dotenv = "^1.0.1"
safety = "^3.3.1"
vulture = "^2.14"
mypy-extensions = "^1.0.0"
commitizen = "^4.5.1"
bandit = "^1.8.3"
[build-system]
requires = ['poetry-core']
build-backend = 'poetry.core.masonry.api'
[tool.pytest.ini_options]
asyncio_mode = 'auto'
markers = [
'app',
'app_data',
'listeners',
'capture_listener',
'request_listener',
'files',
'upload',
]
[tool.isort]
profile = 'black'
line_length = 79
[tool.taskipy.tasks]
lint = 'isort . && blue . && ruff check .'
pre_test = 'task lint'
test = 'pytest -vv -s --reruns 5 --only-rerun TooManyRequests --reruns-delay 90 -x --cov=tests tests'
post_test = 'coverage html'
publish-test = 'poetry publish -r pypi-test --build'
install-test = 'pip install -i https://test.pypi.org/pypi/ --extra-index-url https://pypi.org/simple --upgrade squarecloud-api'
clear-test-apps = 'python -m scripts.clear_test_apps'
[tool.ruff]
line-length = 79
exclude = ['env', 'tests']
[tool.bandit]
exclude_dirs = ["docs", "venv", "migrations", "examples", "tests"]
skips = ["B101", "B311"]
severity_threshold = "low"
confidence_threshold = "low"
recursive = true
quiet = false
[tool.bandit.tests]
B102 = "exec_used" # Use of 'exec' detected
B103 = "set_bad_file_permissions" # Insecure file permissions
B104 = "hardcoded_bind_all_interfaces" # Binding to all interfaces
B105 = "hardcoded_password_string" # Hardcoded password in a string
B106 = "hardcoded_password_funcarg" # Hardcoded password in function argument
B107 = "hardcoded_password_default" # Hardcoded password in a default argument
B108 = "hardcoded_tmp_directory" # Use of hardcoded temporary directory
B109 = "password_config_option_not_marked_secret" # Password config not marked as secret
B110 = "try_except_pass" # 'try-except-pass' pattern detected
B111 = "execute_with_run_as_root_equals_true" # Executing with 'run_as_root=True'
B112 = "try_except_continue" # 'try-except-continue' pattern detected
B113 = "request_without_timeout" # HTTP request without a timeout
# Security vulnerabilities in web applications
B201 = "flask_debug_true" # Flask app running with 'debug=True'
B202 = "tarfile_unsafe_members" # Tarfile extract with unsafe members
# Cryptography-related issues
B324 = "hashlib" # Weak or insecure hash function
# SSL/TLS issues
B501 = "request_with_no_cert_validation" # Requests without certificate validation
B502 = "ssl_with_bad_version" # Use of outdated SSL versions
B503 = "ssl_with_bad_defaults" # Insecure SSL defaults
B504 = "ssl_with_no_version" # SSL/TLS without specifying a version
B505 = "weak_cryptographic_key" # Weak cryptographic key detected
# Serialization & data handling
B506 = "yaml_load" # Use of unsafe 'yaml.load'
B507 = "ssh_no_host_key_verification" # SSH without host key verification
B508 = "snmp_insecure_version" # Insecure SNMP version used
B509 = "snmp_weak_cryptography" # Weak SNMP cryptography used
# Process execution risks
B601 = "paramiko_calls" # Use of Paramiko library detected
B602 = "subprocess_popen_with_shell_equals_true" # Popen with 'shell=True'
B603 = "subprocess_without_shell_equals_true" # Popen without 'shell=True'
B604 = "any_other_function_with_shell_equals_true" # Dangerous shell execution function
B605 = "start_process_with_a_shell" # Starting a process with a shell
B606 = "start_process_with_no_shell" # Process started without shell
B607 = "start_process_with_partial_path" # Process started with a partial path
# Database security
B608 = "hardcoded_sql_expressions" # Hardcoded SQL expressions detected
B609 = "linux_commands_wildcard_injection" # Linux command injection via wildcards
B610 = "django_extra_used" # Use of Django's 'extra()' method
B611 = "django_rawsql_used" # Use of raw SQL in Django
B612 = "logging_config_insecure_listen" # Insecure logging configuration
# Miscellaneous security issues
B613 = "trojansource" # Trojan Source attack patterns detected
B614 = "pytorch_load" # Use of 'torch.load', which can be unsafe
# Template security risks
B701 = "jinja2_autoescape_false" # Jinja2 autoescape disabled
B702 = "use_of_mako_templates" # Use of Mako templates detected
B703 = "django_mark_safe" # Use of Django's 'mark_safe'
B704 = "markupsafe_markup_xss" # Potential XSS via MarkupSafe
[tool.commitizen]
name = "cz_gitmoji"
[tool.ruff.lint.per-file-ignores]
'__init__.py' = ['F401']