security: fix all bandit issues

2022-05-16 12:47:40 +01:00 · 2022-05-16 12:47:40 +01:00 · 014596d271
commit 014596d271
parent c25367d95c
5 changed files with 31 additions and 13 deletions
--- a/app/terraform/proxy/init.py
+++ b/app/terraform/proxy/init.py
@ -72,8 +72,10 @@ class ProxyAutomation(TerraformAutomation):
                    proxy.origin_id = origin.id
                    proxy.provider = self.provider
                    proxy.psg = subgroup
+                    # The random usage below is good enough for its purpose: to create a slug that
+                    # hasn't been used before.
                    proxy.slug = tldextract.extract(origin.domain_name).domain[:5] + ''.join(
-                        random.choices(string.ascii_lowercase, k=12))
+                        random.choices(string.ascii_lowercase, k=12))  # nosec
                    proxy.added = datetime.datetime.utcnow()
                    proxy.updated = datetime.datetime.utcnow()
                    db.session.add(proxy)
--- a/app/terraform/proxy/cloudfront.py
+++ b/app/terraform/proxy/cloudfront.py
@ -74,7 +74,8 @@ class ProxyCloudfrontAutomation(ProxyAutomation):
    """

    def import_state(self, state: Any) -> None:
-        assert(isinstance(state, dict))
+        if not isinstance(dict, state):
+            raise RuntimeError("The Terraform state object returned was not a dict.")
        if "child_modules" not in state['values']['root_module']:
            # There are no CloudFront proxies deployed to import state for
            return
--- a/app/terraform/proxy/fastly.py
+++ b/app/terraform/proxy/fastly.py
@ -3,8 +3,8 @@

 import datetime
 import os
-import string
 import random
+import string

 import jinja2
 import tldextract
@ -97,8 +97,10 @@ def create_missing_proxies():
                proxy = Proxy()
                proxy.origin_id = origin.id
                proxy.provider = "fastly"
+                # The random usage below is good enough for its purpose: to create a slug that
+                # hasn't been used before.
                proxy.slug = tldextract.extract(origin.domain_name).domain[:5] + ''.join(
-                    random.choices(string.ascii_lowercase, k=random.randint(5, 10)))
+                    random.choices(string.ascii_lowercase, 12))  # nosec
                proxy.added = datetime.datetime.utcnow()
                proxy.updated = datetime.datetime.utcnow()
                db.session.add(proxy)