feat(back): fluidattacks#1171 use new builtin

- Migrate securePythonWithBandit - Update documentation - Only build using Python 3.11 - Adapt evaluator Signed-off-by: Daniel Salazar <[email protected]>
dsalaza4 · Jan 9, 2024 · c640417 · c640417
1 parent de2579c
commit c640417
Show file tree

Hide file tree

Showing 6 changed files with 265 additions and 43 deletions.
diff --git a/docs/src/api/builtins/security.md b/docs/src/api/builtins/security.md
@@ -76,8 +76,6 @@ Types:
     Definitions of directories of python packages/modules to lint.
     Defaults to `{ }`.
 - projectType (`submodule`):
-    - python (`enum ["3.9" "3.10" "3.11" "3.12"]`):
-        Python interpreter version that your package/module is designed for.
     - target (`str`):
         Relative path to the package/module.
 
@@ -88,10 +86,7 @@ Example:
     ```nix
     {
       securePythonWithBandit = {
-        cli = {
-          python = "3.10";
-          target = "/src/cli";
-        };
+        cli.target = "/src/cli";
       };
     }
     ```

diff --git a/makes.nix b/makes.nix
@@ -236,10 +236,7 @@
     };
   };
   securePythonWithBandit = {
-    cli = {
-      python = "3.12";
-      target = "/src/cli/main";
-    };
+    cli.target = "/src/cli/main";
   };
   taintTerraform = {
     modules = {

diff --git a/src/args/secure-python-with-bandit/default.nix b/src/args/secure-python-with-bandit/default.nix
@@ -1,32 +1,20 @@
 {
   __nixpkgs__,
   makeDerivation,
-  makePythonPypiEnvironment,
+  makePythonEnvironment,
   ...
 }: {
   name,
-  python,
   target,
-}: let
-  pythonPypiEnvironment = makePythonPypiEnvironment {
-    inherit name;
-    sourcesYaml =
-      {
-        "3.9" = ./pypi-sources-3.9.yaml;
-        "3.10" = ./pypi-sources-3.10.yaml;
-        "3.11" = ./pypi-sources-3.11.yaml;
-        "3.12" = ./pypi-sources-3.12.yaml;
-      }
-      .${python};
-  };
-in
-  makeDerivation {
-    builder = ./builder.sh;
-    env = {
-      envTarget = target;
-    };
-    name = "secure-python-with-bandit-for-${name}";
-    searchPaths = {
-      source = [pythonPypiEnvironment];
-    };
-  }
+}:
+makeDerivation {
+  builder = ./builder.sh;
+  env.envTarget = target;
+  name = "secure-python-with-bandit-for-${name}";
+  searchPaths.source = [
+    (makePythonEnvironment {
+      pythonProjectDir = ./.;
+      pythonVersion = "3.11";
+    })
+  ];
+}
diff --git a/src/args/secure-python-with-bandit/poetry.lock b/src/args/secure-python-with-bandit/poetry.lock
diff --git a/src/args/secure-python-with-bandit/pyproject.toml b/src/args/secure-python-with-bandit/pyproject.toml
@@ -0,0 +1,15 @@
+[tool.poetry]
+name = "lint-python-imports"
+version = "0.1.0"
+description = ""
+authors = ["Your Name <[email protected]>"]
+readme = "README.md"
+
+[tool.poetry.dependencies]
+python = "^3.11"
+bandit = "1.7.6"
+
+
+[build-system]
+requires = ["poetry-core"]
+build-backend = "poetry.core.masonry.api"
diff --git a/src/evaluator/modules/secure-python-with-bandit/default.nix b/src/evaluator/modules/secure-python-with-bandit/default.nix
@@ -8,14 +8,10 @@
   lib,
   ...
 }: let
-  makeModule = name: {
-    python,
-    target,
-  }: {
+  makeModule = name: {target}: {
     name = "/securePythonWithBandit/${name}";
     value = securePythonWithBandit {
       inherit name;
-      inherit python;
       target = projectPath target;
     };
   };
@@ -25,9 +21,6 @@ in {
       default = {};
       type = lib.types.attrsOf (lib.types.submodule (_: {
         options = {
-          python = lib.mkOption {
-            type = lib.types.enum ["3.9" "3.10" "3.11" "3.12"];
-          };
           target = lib.mkOption {
             type = lib.types.str;
           };