From 2caa1e765092e9a00618cd9e9bc426c4eaefda33 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Dec 2020 11:21:07 +0100 Subject: [PATCH] build(deps-dev): bump bandit from 1.6.2 to 1.6.3 (#371) * build(deps-dev): bump bandit from 1.6.2 to 1.6.3 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.6.2 to 1.6.3. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](https://github.com/PyCQA/bandit/compare/1.6.2...1.6.3) Signed-off-by: dependabot[bot] * root: update for new bandit version Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer --- Pipfile.lock | 6 +++--- authentik/api/auth.py | 2 +- authentik/audit/models.py | 2 +- authentik/providers/oauth2/constants.py | 2 +- authentik/providers/oauth2/utils.py | 2 +- authentik/stages/email/stage.py | 2 +- authentik/stages/invitation/stage.py | 2 +- lifecycle/gunicorn.conf.py | 2 +- tests/e2e/test_source_oauth.py | 4 ++-- 9 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index 11bbe3cf7..9d43ffcf7 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1271,11 +1271,11 @@ }, "bandit": { "hashes": [ - "sha256:336620e220cf2d3115877685e264477ff9d9abaeb0afe3dc7264f55fa17a3952", - "sha256:41e75315853507aa145d62a78a2a6c5e3240fe14ee7c601459d0df9418196065" + "sha256:2ff3fe35fe3212c0be5fc9c4899bd0108e2b5239c5ff62fb174639e4660fe958", + "sha256:d02dfe250f4aa2d166c127ad81d192579e2bfcdb8501717c0e2005e35a6bcf60" ], "index": "pypi", - "version": "==1.6.2" + "version": "==1.6.3" }, "black": { "hashes": [ diff --git a/authentik/api/auth.py b/authentik/api/auth.py index c3a6bb3ae..9b0163356 100644 --- a/authentik/api/auth.py +++ b/authentik/api/auth.py @@ -31,7 +31,7 @@ def token_from_header(raw_header: bytes) -> Optional[Token]: _, password = auth_credentials.split(":") else: password = auth_credentials - if password == "": + if password == "": # nosec return None tokens = Token.filter_not_expired(key=password, intent=TokenIntents.INTENT_API) if not tokens.exists(): diff --git a/authentik/audit/models.py b/authentik/audit/models.py index e07a6b766..7897ff066 100644 --- a/authentik/audit/models.py +++ b/authentik/audit/models.py @@ -100,7 +100,7 @@ class EventAction(models.TextChoices): SUSPICIOUS_REQUEST = "suspicious_request" PASSWORD_SET = "password_set" # noqa # nosec - TOKEN_VIEW = "token_view" + TOKEN_VIEW = "token_view" # nosec INVITE_CREATED = "invitation_created" INVITE_USED = "invitation_used" diff --git a/authentik/providers/oauth2/constants.py b/authentik/providers/oauth2/constants.py index 6bfc7c81a..060ffe972 100644 --- a/authentik/providers/oauth2/constants.py +++ b/authentik/providers/oauth2/constants.py @@ -1,7 +1,7 @@ """OAuth/OpenID Constants""" GRANT_TYPE_AUTHORIZATION_CODE = "authorization_code" -GRANT_TYPE_REFRESH_TOKEN = "refresh_token" +GRANT_TYPE_REFRESH_TOKEN = "refresh_token" # nosec PROMPT_NONE = "none" PROMPT_CONSNET = "consent" SCOPE_OPENID = "openid" diff --git a/authentik/providers/oauth2/utils.py b/authentik/providers/oauth2/utils.py index 23a6a9a2c..c5a000776 100644 --- a/authentik/providers/oauth2/utils.py +++ b/authentik/providers/oauth2/utils.py @@ -85,7 +85,7 @@ def extract_client_auth(request: HttpRequest) -> Tuple[str, str]: user_pass = b64decode(b64_user_pass).decode("utf-8").split(":") client_id, client_secret = user_pass except (ValueError, Error): - client_id = client_secret = "" + client_id = client_secret = "" # nosec else: client_id = request.POST.get("client_id", "") client_secret = request.POST.get("client_secret", "") diff --git a/authentik/stages/email/stage.py b/authentik/stages/email/stage.py index 4273859a4..b7316b8c5 100644 --- a/authentik/stages/email/stage.py +++ b/authentik/stages/email/stage.py @@ -20,7 +20,7 @@ from authentik.stages.email.tasks import send_mails from authentik.stages.email.utils import TemplateEmailMessage LOGGER = get_logger() -QS_KEY_TOKEN = "token" +QS_KEY_TOKEN = "token" # nosec PLAN_CONTEXT_EMAIL_SENT = "email_sent" diff --git a/authentik/stages/invitation/stage.py b/authentik/stages/invitation/stage.py index e3800c12b..5711fd8e9 100644 --- a/authentik/stages/invitation/stage.py +++ b/authentik/stages/invitation/stage.py @@ -7,7 +7,7 @@ from authentik.stages.invitation.models import Invitation, InvitationStage from authentik.stages.invitation.signals import invitation_used from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT -INVITATION_TOKEN_KEY = "token" +INVITATION_TOKEN_KEY = "token" # nosec INVITATION_IN_EFFECT = "invitation_in_effect" diff --git a/lifecycle/gunicorn.conf.py b/lifecycle/gunicorn.conf.py index 52a5769f7..a086fc9ec 100644 --- a/lifecycle/gunicorn.conf.py +++ b/lifecycle/gunicorn.conf.py @@ -13,7 +13,7 @@ group = "authentik" worker_class = "uvicorn.workers.UvicornWorker" # Docker containers don't have /tmp as tmpfs -worker_tmp_dir = "/dev/shm" +worker_tmp_dir = "/dev/shm" # nosec os.environ.setdefault("DJANGO_SETTINGS_MODULE", "authentik.root.settings") diff --git a/tests/e2e/test_source_oauth.py b/tests/e2e/test_source_oauth.py index 206501f6b..9074cac2e 100644 --- a/tests/e2e/test_source_oauth.py +++ b/tests/e2e/test_source_oauth.py @@ -22,7 +22,7 @@ from authentik.providers.oauth2.generators import ( from authentik.sources.oauth.models import OAuthSource from tests.e2e.utils import SeleniumTestCase, retry -CONFIG_PATH = "/tmp/dex.yml" +CONFIG_PATH = "/tmp/dex.yml" # nosec LOGGER = get_logger() @@ -66,7 +66,7 @@ class TestSourceOAuth2(SeleniumTestCase): "username": "admin", } ], - "storage": {"config": {"file": "/tmp/dex.db"}, "type": "sqlite3"}, + "storage": {"config": {"file": "/tmp/dex.db"}, "type": "sqlite3"}, # nosec "web": {"http": "0.0.0.0:5556"}, } with open(CONFIG_PATH, "w+") as _file: