🔒 Add bandit checks to pre-commit (#1710)

Add bandit checks to pre-commit Signed-off-by: Samet Akcay <[email protected]>
openvinotoolkit · Feb 8, 2024 · 28e4282 · 28e4282
1 parent 4683e06
commit 28e4282
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 2 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -33,6 +33,14 @@ repos:
         additional_dependencies: [types-PyYAML]
         exclude: "tests"
 
+  # add bandit for security checks
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.7
+    hooks:
+      - id: bandit
+        args: ["-c", "pyproject.toml"]
+        additional_dependencies: ["bandit[toml]"]
+
   # notebooks.
   - repo: https://github.com/nbQA-dev/nbQA
     rev: 1.7.0

diff --git a/pyproject.toml b/pyproject.toml
@@ -139,6 +139,7 @@ max-complexity = 15
 [tool.ruff.pydocstyle]
 convention = "google"
 
+
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 # MYPY CONFIGURATION.                                                         #
 [tool.mypy]
@@ -152,6 +153,12 @@ follow_imports = "skip"
 follow_imports_for_stubs = true
 
 
+# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
+# BANDIT CONFIGURATION                                                        #
+[tool.bandit]
+skips = ["B101"]
+
+
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 # PYTEST CONFIGURATION                                                        #
 [tool.pytest.ini_options]

diff --git a/src/anomalib/callbacks/nncf/callback.py b/src/anomalib/callbacks/nncf/callback.py
@@ -101,6 +101,6 @@ def on_train_end(self, trainer: pl.Trainer, pl_module: pl.LightningModule) -> No
         self.nncf_ctrl.export_model(onnx_path)
 
         optimize_command = ["mo", "--input_model", onnx_path, "--output_dir", self.export_dir]
-        # TODO(samet-akcay): Check if mo can be donw via python API
+        # TODO(samet-akcay): Check if mo can be done via python API
         # CVS-122665
-        subprocess.run(optimize_command, check=True)  # noqa: S603
+        subprocess.run(optimize_command, check=True)  # noqa: S603  # nosec B603