Merge pull request #50 from cibere/bandit

Update Workflows + Bandit Changes

Author: cibere

.github/workflows/build.yml

@@ -11,16 +11,16 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: [ '3.11', '3.12', '3.13' ]
+        python-version: ${{ fromJson(vars.PYTHON_VERSIONS) }}
 
     name: docs on ${{ matrix.python-version }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Set up CPython ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -39,16 +39,16 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: [ '3.11', '3.12', '3.13' ]
+        python-version: ${{ fromJson(vars.PYTHON_VERSIONS) }}
 
     name: dist on ${{ matrix.python-version }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Set up CPython ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
 

.github/workflows/format.yml

@@ -11,16 +11,16 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: [ '3.11', '3.12', '3.13' ]
+        python-version: ${{ fromJson(vars.PYTHON_VERSIONS) }}
 
     name: Black on ${{ matrix.python-version }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Set up CPython ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -40,16 +40,16 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: [ '3.11', '3.12', '3.13' ]
+        python-version: ${{ fromJson(vars.PYTHON_VERSIONS) }}
 
     name: Ruff on ${{ matrix.python-version }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Set up CPython ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
 

.github/workflows/lint.yml

@@ -11,16 +11,16 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: [ '3.11', '3.12', '3.13' ]
+        python-version: ${{ fromJson(vars.PYTHON_VERSIONS) }}
 
     name: Pyright on ${{ matrix.python-version }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Set up CPython ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -41,16 +41,16 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: [ '3.11', '3.12', '3.13' ]
+        python-version: ${{ fromJson(vars.PYTHON_VERSIONS) }}
 
     name: Ruff on ${{ matrix.python-version }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Set up CPython ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -62,4 +62,33 @@ jobs:
       
       - name: Run Ruff Linter
         if: ${{ always() && steps.install-deps.outcome == 'success' }}
-        uses: astral-sh/ruff-action@v3
+        uses: astral-sh/ruff-action@v3
+
+  bandit:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ${{ fromJson(vars.PYTHON_VERSIONS) }}
+
+    name: Bandit on ${{ matrix.python-version }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up CPython ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        id: install-deps
+        run: |
+          pip install .[tests]
+          pip install bandit
+
+      - name: Run Bandit
+        run: |
+          bandit -c pyproject.toml -r flogin
+          bandit -c pyproject.toml -r tests --skip B101

.github/workflows/tests.yml

@@ -11,7 +11,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: [ '3.11', '3.12', '3.13' ]
+        python-version: ${{ fromJson(vars.PYTHON_VERSIONS) }}
 
     name: check ${{ matrix.python-version }}
     steps:

flogin/jsonrpc/results.py

@@ -1,7 +1,7 @@
 from __future__ import annotations
 
 import logging
-import random
+import secrets
 from typing import (
     TYPE_CHECKING,
     Any,
@@ -437,11 +437,7 @@ def create_with_partial(
 
     @cached_property
     def slug(self) -> str:
-        return "".join(
-            random.choices(
-                "QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm1234567890", k=15
-            )
-        )
+        return secrets.token_hex(15)
 
     def __repr__(self) -> str:
         return f"<{self.__class__.__name__} {self.title=} {self.sub=} {self.icon=} {self.title_highlight_data=} {self.title_tooltip=} {self.sub_tooltip=} {self.copy_text=} {self.score=} {self.auto_complete_text=} {self.preview=} {self.progress_bar=} {self.rounded_icon=} {self.glyph=}>"

flogin/testing/plugin_tester.py

@@ -2,7 +2,6 @@
 
 import json
 import os
-import random
 import sys
 import uuid
 from typing import TYPE_CHECKING, Any, Generic
@@ -81,7 +80,6 @@ def __init__(
                 )
             with open("plugin.json") as f:
                 metadata = json.load(f)
-            assert metadata
 
         if isinstance(metadata, dict):
             metadata = PluginMetadata(metadata, self.plugin.api)
@@ -216,8 +214,8 @@ def create_bogus_plugin_metadata(cls: type[PluginTester]) -> PluginMetadata:
 
         return cls.create_plugin_metadata(
             id=str(uuid.uuid4()),
-            name="".join(random.choices(CHARACTERS, k=10)),
-            author="".join(random.choices(CHARACTERS, k=5)),
+            name="Test Plugin",
+            author="flogin",
             version="1.0.0",
             description="A plugin with bogus metadata to test",
         )