mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-11-17 20:50:29 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

gitlab-ci: add 'bandit' security scanner to all runs

Browse source 
bandit is used by Radically Open Security and is part of the GitLab Ultimate
Static Application Security Testing (SAST) suite.

https://docs.gitlab.com/ee/user/project/merge_requests/sast.html
This commit is contained in:
Hans-Christoph Steiner 2018-08-29 17:48:06 +02:00
parent 4d13a904f3
commit 3ffe2860f3
3 changed files with 11 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
fdroidserver/common.py
View file

@ -283,7 +283,7 @@ def read_config(opts, config_file='config.py'):
logging.debug(_("Reading '{config_file}'").format(config_file=config_file))
with io.open(config_file, "rb") as f:
code = compile(f.read(), config_file, 'exec')
exec(code, None, config)
exec(code, None, config) # nosec TODO switch to YAML file
else:
logging.warning(_("No 'config.py' found, using defaults."))

4
fdroidserver/update.py
View file

@ -27,7 +27,7 @@ import re
import socket
import zipfile
import hashlib
import pickle
import pickle # nosec TODO
import time
import copy
from datetime import datetime
@ -461,7 +461,7 @@ def get_cache():
ada = options.allow_disabled_algorithms or config['allow_disabled_algorithms']
if not options.clean and os.path.exists(apkcachefile):
with open(apkcachefile, 'rb') as cf:
apkcache = pickle.load(cf, encoding='utf-8')
apkcache = pickle.load(cf, encoding='utf-8') # nosec TODO
if apkcache.get("METADATA_VERSION") != METADATA_VERSION \
or apkcache.get('allow_disabled_algorithms') != ada:
apkcache = {}