security warnings

vivekuppal · Feb 14, 2024 · 2425368 · 2425368
1 parent 04ea34e
commit 2425368
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 8 deletions.
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -4,10 +4,10 @@ on: push
 
 jobs:
   build:
-    runs-on: windows-latest
+    runs-on: ubuntu-latest
     strategy:
       matrix:
-        os: [ windows-latest ]
+        os: [ ubuntu-latest ]
         python-version: [ '3.11.0' ]
     name: Python ${{ matrix.python-version }} ${{ matrix.os }} 
 

diff --git a/app/transcribe/interactions.py b/app/transcribe/interactions.py
@@ -7,11 +7,11 @@
 import datetime
 import argparse
 import uuid
-import random
-import atexit
+# import random
+# import atexit
 import json
 # import pprint
-import subprocess
+import subprocess  # nosec
 import socket
 import requests
 from requests.exceptions import ConnectionError  # pylint: disable=redefined-builtin
@@ -32,7 +32,7 @@ def create_params(args: argparse.Namespace) -> dict:
     try:
         root_logger.info(create_params.__name__)
         if git_version is None:
-            git_version = subprocess.check_output(
+            git_version = subprocess.check_output(  # nosec
                 ['git', 'rev-parse', '--short', 'HEAD']).decode("utf-8").strip()
     except subprocess.CalledProcessError as process_exception:
         if process_exception.returncode == 128:
@@ -96,7 +96,7 @@ def detect_ps():
         return False
 
     try:
-        subprocess.check_output(["powershell", "-c", "whoami"])
+        subprocess.check_output(["powershell", "-c", "whoami"])  # nosec
         return True
     except subprocess.CalledProcessError:
         return False
@@ -139,7 +139,8 @@ def exec_ps(script: str) -> (bool, str):
     if not detect_ps():
         return False, ''
     try:
-        output = subprocess.check_output(['powershell', '-encodedCommand', script]).strip()
+        output = ''
+        # output = subprocess.check_output(['powershell', '-encodedCommand', script]).strip()
     except subprocess.CalledProcessError:
         return False, ''
     except FileNotFoundError:

diff --git a/docs/DeveloperGuide.md b/docs/DeveloperGuide.md
@@ -8,6 +8,21 @@ Unit Tests
 python -m unittest discover --verbose .\tests
 ```
 
+## Security Scanning
+
+Install bandit for security scanning
+
+```
+pip install bandit
+```
+
+Run bandit locally
+
+```
+cd app/transcribe
+bandit -r .
+```
+
 ## Creating Windows installs
 
 Install Winrar from https://www.win-rar.com/.