Fix bandit (#184)

src/bbsearch/database/mining_cache.py

@@ -281,11 +281,11 @@ def construct(self):
     def _delete_rows(self):
         """Delete rows in the target table that will be re-populated."""
         for model_name, model_schema in self.model_schemas.items():
-            query = f"""
-            DELETE
-            FROM {self.target_table}
-            WHERE mining_model = :mining_model
-            """  # nosec
+            # Reformatted due to this bandit bug in python3.8:
+            # https://github.com/PyCQA/bandit/issues/658
+            query = (  # nosec
+                f"DELETE FROM {self.target_table} WHERE mining_model = :mining_model"
+            )
             self.engine.execute(
                 sqlalchemy.sql.text(query),
                 mining_model=model_schema["model_path"],

src/bbsearch/sql.py

@@ -326,19 +326,19 @@ def retrieve_mining_cache(identifiers, model_names, engine):
         dfs_pars = []
         d, r = divmod(len(identifiers_pars), batch_size)
         for i in range(0, d + (r > 0)):
-            query_pars = " UNION ".join(
-                f"""
-                SELECT *
-                FROM mining_cache
-                WHERE (article_id = {a} AND paragraph_pos_in_article = {p})
-                """  # nosec
+            # Reformatted due to this bandit bug in python3.8:
+            # https://github.com/PyCQA/bandit/issues/658
+            query_pars = " UNION ".join(  # nosec
+                "SELECT * FROM mining_cache "
+                f"WHERE (article_id = {a} AND paragraph_pos_in_article = {p})"
                 for a, p in identifiers_pars[i * batch_size : (i + 1) * batch_size]
             )
-            query_pars = f"""
-            SELECT *
-            FROM ({query_pars}) tt
-            WHERE tt.mining_model IN {model_names}
-            """  # nosec
+            # Reformatted due to this bandit bug in python3.8:
+            # https://github.com/PyCQA/bandit/issues/658
+            query_pars = (  # nosec
+                f"SELECT * FROM ({query_pars}) tt "
+                f"WHERE tt.mining_model IN {model_names}"
+            )
             dfs_pars.append(pd.read_sql(query_pars, engine))
         df_pars = pd.concat(dfs_pars)
         df_pars = df_pars.sort_values(
@@ -582,13 +582,15 @@ def _build_query(self):
 
         # Add article conditions to sentence conditions
         if len(article_conditions) > 0:
-            article_condition_query = f"""
-            article_id IN (
-                SELECT article_id
-                FROM articles
-                WHERE {" AND ".join(article_conditions)}
-            )
-            """.strip()  # nosec
+            # Reformatted due to this bandit bug in python3.8:
+            # https://github.com/PyCQA/bandit/issues/658
+            article_condition_query = (  # nosec
+                "article_id IN ( "
+                "    SELECT article_id "
+                "    FROM articles "
+                f'    WHERE {" AND ".join(article_conditions)} '
+                ")"
+            ).strip()  # nosec
             sentence_conditions.append(article_condition_query)
 
         # Restricted sentence IDs

tox.ini

@@ -22,7 +22,7 @@ commands =
 [testenv:lint]
 skip_install = true
 deps =
-    bandit
+    bandit==1.6.3
     black==20.8b1
     flake8==3.8.4
     isort==5.6.4
@@ -32,7 +32,7 @@ commands =
     isort --profile black --check setup.py {[tox]source} tests
     pydocstyle {[tox]source}
     black -q --check setup.py {[tox]source} tests
-    bandit -c .bandit -q -r {[tox]source}
+    bandit -c .bandit.yml -q -r {[tox]source}
 
 [testenv:format]
 skip_install = true