Add dependency: bandit

acmacunlay · acmacunlay · commit 372d14c6f5a5 · 2024-10-08T15:00:25.000+08:00
diff --git a/.github/workflows/pipeline.yaml b/.github/workflows/pipeline.yaml
@@ -54,6 +54,10 @@ jobs:
         run: |
           mypy .
 
-      - name: Run unit tests
+      - name: Run common security issue checker
         run: |
-          pytest .
+          bandit -c pyproject.toml -r .
+      
+      - name: Run unit tests + code coverage
+        run: |
+          coverage run -m pytest .
diff --git a/pyproject.toml b/pyproject.toml
@@ -38,7 +38,16 @@ classifiers = [
 ]
 
 [project.optional-dependencies]
-dev = ["build", "coverage", "mypy", "pytest", "ruff", "setuptools", "twine"]
+dev = [
+    "bandit",
+    "build",
+    "coverage",
+    "mypy",
+    "pytest",
+    "ruff",
+    "setuptools",
+    "twine",
+]
 
 [project.urls]
 Homepage = "https://github.com/acmacunlay/pywaveshare"
@@ -48,3 +57,6 @@ Changelog = "https://github.com/acmacunlay/pywaveshare/blob/main/CHANGELOG.md"
 [[tool.mypy.overrides]]
 module = ["RPi", "RPi.GPIO", "serial"]
 ignore_missing_imports = true
+
+[tool.bandit]
+exclude_dirs = ["tests", ".venv"]
diff --git a/src/pywaveshare/boards/sim868/__init__.py b/src/pywaveshare/boards/sim868/__init__.py
@@ -320,7 +320,7 @@ def __processData(self):
                     rawData = match[0][1].split(",")
                     self.__GPRSIPaddress = rawData[2].replace('"', "")
 
-                    if self.__GPRSIPaddress != "0.0.0.0":
+                    if self.__GPRSIPaddress != "0.0.0.0": # nosec
                         self.__GPRSready = True
                     else:
                         self.__GPRSready = False
