Merge pull request #143 from Deltares/fix/DEI-261-Fix-sonar-qube-cloud-and-security-issues

Dei-261 fix sonar qube cloud and security issues

Author: HiddeElzinga

Dockerfile

@@ -1,21 +1,20 @@
-FROM python:3.11-slim
-
-LABEL org.opencontainers.image.source="https://github.com/Deltares/D-EcoImpact"
-
-WORKDIR /decoimpact
-
-# Copy files in local working directory to docker working directory
-COPY . .
-
-# Update the package source list, update system packages
-RUN apt-get update && apt-get upgrade -y
-
-# install poetry (/usr/local/bin/poetry)
-RUN pip install poetry
-
-# Install Poetry dependencies without creating poetry environment
-## Packages are installed in "/usr/local/lib/python/site-packages/" when the environment is not created,
-## which corresponds to the local installation of Python "/usr/local/bin/python" in the base Docker image
-RUN poetry config virtualenvs.create false
-RUN poetry install
-RUN apt-get clean autoclean
+FROM python:3.11-slim
+
+LABEL org.opencontainers.image.source="https://github.com/Deltares/D-EcoImpact"
+
+WORKDIR /decoimpact
+
+# Copy files in local working directory to docker working directory
+COPY . .
+
+# Update the package source list, update system packages
+RUN apt-get update && apt-get upgrade -y \
+    && pip install poetry
+
+# Install Poetry dependencies without creating poetry environment
+## Packages are installed in "/usr/local/lib/python/site-packages/" when the environment is not created,
+## which corresponds to the local installation of Python "/usr/local/bin/python" in the base Docker image
+RUN poetry config virtualenvs.create false \
+    && poetry install \
+    && apt-get clean autoclean
+

decoimpact/business/entities/rule_processor.py

@@ -251,7 +251,6 @@ def _process_by_cell(
         result_variable = _np.zeros_like(np_array)
 
         # define variables to count value exceedings (for some rules): min and max
-        warning_counter = [0, 0]
         warning_counter_total = [0, 0]
 
         # execute rule and gather warnings for exceeded values (for some rules)
@@ -384,7 +383,7 @@ def _expand_dimensions_of_variable(
         # Let the user know which variables will be broadcast to all dimensions
         dims_orig = var_orig.dims
         dims_result = ref_var.dims
-        dims_diff = list(str(x) for x in dims_result if x not in dims_orig)
+        dims_diff = [str(x) for x in dims_result if x not in dims_orig]
         str_dims_broadcasted = ",".join(dims_diff)
         logger.log_info(
             f"""Variable {var_orig.name} will be expanded to the following \

decoimpact/business/entities/rules/formula_rule.py

@@ -48,7 +48,7 @@ def validate(self, logger: ILogger) -> bool:
                 filename="<inline code>",
                 mode="exec",
             )
-            local_variables = {name: 1.0 for name in self.input_variable_names}
+            local_variables = dict.fromkeys(self.input_variable_names, 1.0)
             exec(byte_code, self._global_variables, local_variables)
 
         except (SyntaxError, NameError) as exception:

decoimpact/business/entities/rules/time_operation_settings.py

@@ -28,7 +28,7 @@ def __init__(
             raise ValueError("The time_scale_mapping does not contain any values")
 
         self._time_scale_mapping = time_scale_mapping
-        self._time_scale = next(i for i in time_scale_mapping.keys())
+        self._time_scale = next(iter(time_scale_mapping.keys()))
         self._operation_type = TimeOperationType.AVERAGE
         self._percentile_value = 0.0
 

decoimpact/data/entities/data_access_layer.py

@@ -213,19 +213,29 @@ def __create_yaml_loader(self):
 
         loader = _yaml.FullLoader
         loader.add_constructor("!include", self.yaml_include_constructor)
+
         # Add support for scientific notation (example 1e5=100000)
+        # Define the YAML float tag and regex pattern for scientific notation
+        float_decimal = r"[-+]?(?:\d[\d_]*)\.[0-9_]*(?:[eE][-+]?\d+)?"
+        float_exponent = r"[-+]?(?:\d[\d_]*)(?:[eE][-+]?\d+)"
+        float_leading_dot = r"\.[\d_]+(?:[eE][-+]\d+)?"
+        float_time = r"[-+]?\d[\d_]*(?::[0-5]?\d)+\.[\d_]*"
+        float_inf = r"[-+]?\.(?:inf|Inf|INF)"
+        float_nan = r"\.(?:nan|NaN|NAN)"
+
+        float_regex_pattern = rf"""^(?:
+            {float_decimal}
+            |{float_exponent}
+            |{float_leading_dot}
+            |{float_time}
+            |{float_inf}
+            |{float_nan})$"""
+
+        float_regex = re.compile(float_regex_pattern, re.X)
+
         loader.add_implicit_resolver(
             "tag:yaml.org,2002:float",
-            re.compile(
-                """^(?:
-            [-+]?(?:[0-9][0-9_]*)\\.[0-9_]*(?:[eE][-+]?[0-9]+)?
-            |[-+]?(?:[0-9][0-9_]*)(?:[eE][-+]?[0-9]+)
-            |\\.[0-9_]+(?:[eE][-+][0-9]+)?
-            |[-+]?[0-9][0-9_]*(?::[0-5]?[0-9])+\\.[0-9_]*
-            |[-+]?\\.(?:inf|Inf|INF)
-            |\\.(?:nan|NaN|NAN))$""",
-                re.X,
-            ),
+            float_regex,
             list("-+0123456789."),
         )
 

decoimpact/data/parsers/parser_response_curve_rule.py

@@ -47,7 +47,7 @@ def parse_dict(self, dictionary: Dict[str, Any], logger: ILogger) -> IRuleData:
         output_values = response_table["output"]
 
         # check that response table has exactly two columns:
-        if not len(response_table) == 2:
+        if len(response_table) != 2:
             raise ValueError("ERROR: response table should have exactly 2 columns")
 
         # validate input values to be int/float

decoimpact/data/parsers/validation_utils.py

@@ -77,7 +77,7 @@ def validate_start_before_end(start_list: List[str], end_list: List[str]):
         start_str = datetime.strptime(start, r"%d-%m")
         end_str = datetime.strptime(end, r"%d-%m").replace()
 
-        if not start_str < end_str:
+        if start_str >= end_str:
             message = (
                 f"All start dates should be before the end dates. "
                 f"ERROR in position {index} where start: "