From 007038dbeaa26b22a959d4c0638c5392f6617113 Mon Sep 17 00:00:00 2001 From: Stanislav Schmidt Date: Tue, 8 Dec 2020 09:09:02 +0100 Subject: [PATCH] Fix bandit (#184) --- .bandit => .bandit.yml | 0 src/bbsearch/database/mining_cache.py | 10 +++---- src/bbsearch/sql.py | 38 ++++++++++++++------------- tox.ini | 4 +-- 4 files changed, 27 insertions(+), 25 deletions(-) rename .bandit => .bandit.yml (100%) diff --git a/.bandit b/.bandit.yml similarity index 100% rename from .bandit rename to .bandit.yml diff --git a/src/bbsearch/database/mining_cache.py b/src/bbsearch/database/mining_cache.py index 60ce58c2b..3ca434d08 100644 --- a/src/bbsearch/database/mining_cache.py +++ b/src/bbsearch/database/mining_cache.py @@ -281,11 +281,11 @@ def construct(self): def _delete_rows(self): """Delete rows in the target table that will be re-populated.""" for model_name, model_schema in self.model_schemas.items(): - query = f""" - DELETE - FROM {self.target_table} - WHERE mining_model = :mining_model - """ # nosec + # Reformatted due to this bandit bug in python3.8: + # https://github.com/PyCQA/bandit/issues/658 + query = ( # nosec + f"DELETE FROM {self.target_table} WHERE mining_model = :mining_model" + ) self.engine.execute( sqlalchemy.sql.text(query), mining_model=model_schema["model_path"], diff --git a/src/bbsearch/sql.py b/src/bbsearch/sql.py index 0a6dcbfa6..b356a68fc 100644 --- a/src/bbsearch/sql.py +++ b/src/bbsearch/sql.py @@ -326,19 +326,19 @@ def retrieve_mining_cache(identifiers, model_names, engine): dfs_pars = [] d, r = divmod(len(identifiers_pars), batch_size) for i in range(0, d + (r > 0)): - query_pars = " UNION ".join( - f""" - SELECT * - FROM mining_cache - WHERE (article_id = {a} AND paragraph_pos_in_article = {p}) - """ # nosec + # Reformatted due to this bandit bug in python3.8: + # https://github.com/PyCQA/bandit/issues/658 + query_pars = " UNION ".join( # nosec + "SELECT * FROM mining_cache " + f"WHERE (article_id = {a} AND paragraph_pos_in_article = {p})" for a, p in identifiers_pars[i * batch_size : (i + 1) * batch_size] ) - query_pars = f""" - SELECT * - FROM ({query_pars}) tt - WHERE tt.mining_model IN {model_names} - """ # nosec + # Reformatted due to this bandit bug in python3.8: + # https://github.com/PyCQA/bandit/issues/658 + query_pars = ( # nosec + f"SELECT * FROM ({query_pars}) tt " + f"WHERE tt.mining_model IN {model_names}" + ) dfs_pars.append(pd.read_sql(query_pars, engine)) df_pars = pd.concat(dfs_pars) df_pars = df_pars.sort_values( @@ -582,13 +582,15 @@ def _build_query(self): # Add article conditions to sentence conditions if len(article_conditions) > 0: - article_condition_query = f""" - article_id IN ( - SELECT article_id - FROM articles - WHERE {" AND ".join(article_conditions)} - ) - """.strip() # nosec + # Reformatted due to this bandit bug in python3.8: + # https://github.com/PyCQA/bandit/issues/658 + article_condition_query = ( # nosec + "article_id IN ( " + " SELECT article_id " + " FROM articles " + f' WHERE {" AND ".join(article_conditions)} ' + ")" + ).strip() # nosec sentence_conditions.append(article_condition_query) # Restricted sentence IDs diff --git a/tox.ini b/tox.ini index 80b688084..e840d7ef0 100644 --- a/tox.ini +++ b/tox.ini @@ -22,7 +22,7 @@ commands = [testenv:lint] skip_install = true deps = - bandit + bandit==1.6.3 black==20.8b1 flake8==3.8.4 isort==5.6.4 @@ -32,7 +32,7 @@ commands = isort --profile black --check setup.py {[tox]source} tests pydocstyle {[tox]source} black -q --check setup.py {[tox]source} tests - bandit -c .bandit -q -r {[tox]source} + bandit -c .bandit.yml -q -r {[tox]source} [testenv:format] skip_install = true