minvws · underdarknl · Dec 3, 2024 · Dec 2, 2024 · Dec 3, 2024
@@ -24,7 +24,7 @@ jobs:
           cache: pip
 
       - name: Install pre-commit
-        run: pip install pre-commit==3.8.0
+        run: pip install pre-commit==4.0.1
 
       - uses: actions/cache@v4
         with:

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v5.0.0
     hooks:
       - id: trailing-whitespace
       - id: mixed-line-ending
@@ -29,13 +29,13 @@ repos:
         args: ["--autofix", "--no-ensure-ascii", "--no-sort-keys"]
 
   - repo: https://github.com/abravalheri/validate-pyproject
-    rev: v0.16
+    rev: v0.23
     hooks:
       - id: validate-pyproject
         files: pyproject.toml$
 
   - repo: https://github.com/rstcheck/rstcheck
-    rev: v6.2.1
+    rev: v6.2.4
     hooks:
       - id: rstcheck
         # https://github.com/rstcheck/rstcheck-core/issues/4
@@ -49,37 +49,37 @@ repos:
         additional_dependencies: ["rstcheck[sphinx]", "autodoc-pydantic==2.1.0"]
 
   - repo: https://github.com/MarketSquare/robotframework-tidy
-    rev: "4.11.0"
+    rev: "4.14.0"
     hooks:
       - id: robotidy
 
   - repo: https://github.com/jendrikseipp/vulture
-    rev: v2.11
+    rev: v2.13
     hooks:
       - id: vulture
         exclude: |
           /tests/
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: "v0.3.5"
+    rev: "v0.8.1"
     hooks:
       - id: ruff
       - id: ruff-format
 
   - repo: https://github.com/asottile/pyupgrade
-    rev: v3.15.2
+    rev: v3.19.0
     hooks:
       - id: pyupgrade
         args: [--py310-plus]
 
   - repo: https://github.com/adamchainz/django-upgrade
-    rev: 1.16.0
+    rev: 1.22.1
     hooks:
       - id: django-upgrade
         args: [--target-version, "5.0"]
 
   - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.9.0
+    rev: v1.13.0
     hooks:
       - id: mypy
         additional_dependencies:
@@ -106,7 +106,7 @@ repos:
           )
 
   - repo: https://github.com/codespell-project/codespell
-    rev: v2.2.6
+    rev: v2.3.0
     hooks:
       - id: codespell
         additional_dependencies: ["tomli"]
@@ -136,7 +136,7 @@ repos:
           )
 
   - repo: https://github.com/Riverside-Healthcare/djLint
-    rev: v1.34.1
+    rev: v1.36.3
     hooks:
       - id: djlint-reformat-django
         files: |
@@ -155,7 +155,7 @@ repos:
         exclude: '^rocky/rocky/templates/admin/.*\.html$'
 
   - repo: https://github.com/thibaudcolas/pre-commit-stylelint
-    rev: v16.3.1
+    rev: v16.10.0
     hooks:
       - id: stylelint
         args: [--fix]
@@ -171,13 +171,13 @@ repos:
         args: ["-e", "SC1091"]
 
   - repo: https://github.com/scop/pre-commit-shfmt
-    rev: v3.8.0-1
+    rev: v3.10.0-1
     hooks:
       - id: shfmt
         args: ["-w", "-s", "-i", "4", "-sr"]
 
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v3.1.0
+    rev: v4.0.0-alpha.8
     hooks:
       - id: prettier
         additional_dependencies:

@@ -54,18 +54,22 @@ def get_file_from_container(container: docker.models.containers.Container, path:
         logging.warning("%s not found in container %s %s", path, container.short_id, container.image.tags)
         return None
 
-    f = tarfile.open(mode="r|", fileobj=TarStream(stream).reader())
-    tarobject = f.next()
-    if not tarobject or tarobject.name != os.path.basename(path):
-        logging.warning("%s not found in tarfile from container %s %s", path, container.short_id, container.image.tags)
-        return None
+    with tarfile.open(mode="r|", fileobj=TarStream(stream).reader()) as f:
+        tarobject = f.next()
+        if not tarobject or tarobject.name != os.path.basename(path):
+            logging.warning(
+                "%s not found in tarfile from container %s %s", path, container.short_id, container.image.tags
+            )
+            return None
 
-    extracted_file = f.extractfile(tarobject)
-    if not extracted_file:
-        logging.warning("%s not found in tarfile from container %s %s", path, container.short_id, container.image.tags)
-        return None
+        extracted_file = f.extractfile(tarobject)
+        if not extracted_file:
+            logging.warning(
+                "%s not found in tarfile from container %s %s", path, container.short_id, container.image.tags
+            )
+            return None
 
-    return extracted_file.read()
+        return extracted_file.read()
 
 
 def cpe_to_name_version(cpe: str) -> tuple[str | None, str | None]:

@@ -54,5 +54,5 @@ def run(input_ooi: dict, raw: bytes) -> Iterable[NormalizerOutput]:
         yield Finding(
             finding_type=kat_ooi.reference,
             ooi=resource,
-            description="Image ended up bigger than %d Pixels, possible decompression Bomb" % image.MAX_IMAGE_PIXELS,
+            description=f"Image ended up bigger than {image.MAX_IMAGE_PIXELS} Pixels, possible decompression Bomb",
         )
@@ -53,7 +53,7 @@ def test_settings_storage(plugin_storage, organisation_storage, config_storage):
     with pytest.raises(ConfigNotFound):
         config_storage.delete("no organisation!", plugin_id)
 
-    assert {"TEST_SETTING": "123.9", "TEST_SETTING2": 13} == settings_storage.get_all_settings(org.id, plugin_id)
+    assert settings_storage.get_all_settings(org.id, plugin_id) == {"TEST_SETTING": "123.9", "TEST_SETTING2": 13}
     assert config_storage.get_all_settings(org.id, "wrong") == {}
     assert config_storage.get_all_settings("wrong", plugin_id) == {}
 
@@ -91,14 +91,14 @@ def test_settings_storage_values_field_limits(plugin_storage, organisation_stora
             },
         )
 
-    assert {
+    assert settings_storage.get_all_settings(org.id, plugin_id) == {
         "TEST_SETTING": 12 * "123.9",
         "TEST_SETTING2": 12000,
         "TEST_SETTING3": 30 * "b",
         "TEST_SETTING4": 30 * "b",
         "TEST_SETTING5": 10 * "b",
         "TEST_SETTING6": 123456789,
-    } == settings_storage.get_all_settings(org.id, plugin_id)
+    }
 
 
 def test_plugin_enabled_storage(organisation_storage, plugin_storage, config_storage):

@@ -47,12 +47,12 @@ def test_update_by_id_bad_schema(mock_plugin_service, test_organisation):
 
 def test_get_schema(mock_plugin_service):
     schema = mock_plugin_service.schema("kat_test")
-    assert {
+    assert schema == {
         "title": "Arguments",
         "type": "object",
         "properties": {"api_key": {"title": "Api Key", "maxLength": 128, "type": "string"}},
         "required": ["api_key"],
-    } == schema
+    }
 
     schema = mock_plugin_service.schema("kat_test_normalize")
     assert schema is None

@@ -48,7 +48,7 @@ def test_body_image_normalizer(normalizer_runner):
     output = normalizer_runner.run(meta, get_dummy_data("cat_image")).observations[0].results
 
     assert len(output) == 1
-    assert {
+    assert output[0].dict() == {
         "object_type": "ImageMetadata",
         "primary_key": "ImageMetadata|internet|134.209.85.72|tcp|443|https|internet"
         "|mispo.es|https|internet|mispo.es|443|/",
@@ -65,7 +65,7 @@ def test_body_image_normalizer(normalizer_runner):
             "size": (600, 600),
             "width": 600,
         },
-    } == output[0].dict()
+    }
 
 
 def test_body_normalizer(normalizer_runner):

@@ -8,7 +8,7 @@ def test_parse_user_changed(normalizer_runner):
     output = normalizer_runner.run(meta, get_dummy_data("user-changed.json"))
 
     assert len(output.declarations) == 8
-    assert {
+    assert output.declarations[1].ooi.dict() == {
         "application": Application(name="organisation/env/app").reference,
         "event_id": '{"client_environment_app":"organisation/env/app","log_user_user_id":1234}-1655979300000',
         "event_title": "UC: User privilege monitoring",
@@ -31,9 +31,9 @@ def test_parse_user_changed(normalizer_runner):
         "scan_profile": None,
         "user_id": None,
         "severity": "MEDIUM",
-    } == output.declarations[1].ooi.dict()
+    }
 
-    assert {
+    assert output.declarations[-1].ooi.dict() == {
         "application": Application(name="organisation/env/app").reference,
         "event_id": '{"client_environment_app":"organisation/env/app","log_user_user_id":1234}-1658825100000',
         "event_title": "UC: User privilege monitoring",
@@ -56,15 +56,15 @@ def test_parse_user_changed(normalizer_runner):
         "scan_profile": None,
         "user_id": None,
         "severity": "MEDIUM",
-    } == output.declarations[-1].ooi.dict()
+    }
 
 
 def test_parse_admin_login_failure(normalizer_runner):
     meta = NormalizerMeta.model_validate_json(get_dummy_data("calvin-normalizer.json"))
     output = normalizer_runner.run(meta, get_dummy_data("user-login-admin-failure.json"))
 
     assert len(output.declarations) == 8
-    assert {
+    assert output.declarations[1].ooi.dict() == {
         "application": Application(name="organisation/env/app").reference,
         "event_id": '{"client_environment_app":"organisation/env/app","log_user_user_id":1234}-1659618600000',
         "event_title": "UC: Detect brute force login attempts for an admin account",
@@ -89,15 +89,15 @@ def test_parse_admin_login_failure(normalizer_runner):
         "scan_profile": None,
         "user_id": None,
         "severity": "MEDIUM",
-    } == output.declarations[1].ooi.dict()
+    }
 
 
 def test_parse_user_login_failure(normalizer_runner):
     meta = NormalizerMeta.model_validate_json(get_dummy_data("calvin-normalizer.json"))
     output = normalizer_runner.run(meta, get_dummy_data("user-login-failure.json"))
 
     assert len(output.declarations) == 8
-    assert {
+    assert output.declarations[1].ooi.dict() == {
         "application": Application(name="organisation/env/app").reference,
         "event_id": '{"client_environment_app":"organisation/env/app","log_user_user_id":1234}-1658998200000',
         "event_title": "UC: Detects attempts to guess passwords",
@@ -123,4 +123,4 @@ def test_parse_user_login_failure(normalizer_runner):
         "scan_profile": None,
         "user_id": None,
         "severity": "MEDIUM",
-    } == output.declarations[1].ooi.dict()
+    }