chore: set minimum version of Black package to avoid CVE-2024-21503 (#…

…457) * set minimum version of Black package to avoid reported CVE * Black >=24.3.0 requires Safety >=3 * reformat with new version of Black * ignore CVE with Vulnerability ID 67599 during `safety check` * add missing mypy type definitions * use valid (but disabled) private key so auth lib can move forward * temporarily disable new warning in Pylint 3.2.0
google · May 15, 2024 · 4f53c66 · 4f53c66
1 parent 1369748
commit 4f53c66
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 8 deletions.
diff --git a/Makefile b/Makefile
@@ -100,7 +100,9 @@ bandit:
 	bandit .
 
 safety:
-	safety check
+	# Ignore CVE-2018-20225 with Vulnerability ID 67599.
+	# We do not use the `--extra-index-url` option, and the behavior is intended anyway.
+	safety check --ignore 67599
 
 integration: int_cm int_csm int_custom int_dd int_dt int_es int_prom int_sp int_os
 

diff --git a/pyproject.toml b/pyproject.toml
@@ -27,6 +27,7 @@ max-line-length = 88
 disable = [
     "logging-fstring-interpolation",
     "import-error",
+    "possibly-used-before-assignment",
 ]
 
 [tool.mypy]

diff --git a/setup.cfg b/setup.cfg
@@ -105,14 +105,15 @@ dev =
     pip >=23.3  # avoid known vulnerabilities in pip <23.3 (reported by `safety check`)
     wheel
     flake8
-    black
+    black >=24.3.0  # avoid CVE-2024-21503 (reported by `safety check`)
     isort
     mock
     pytest
     pytest-cov
     pylint
     pytype
     mypy
+    types-mock
     types-PyYAML
     types-python-dateutil
     types-setuptools
@@ -121,7 +122,7 @@ dev =
     pre-commit
     bandit
     GitPython >=3.1.35  # avoid CVE-2023-41040, CVE-2023-40267 and CVE-2023-40590 (reported by `safety check`)
-    safety ==2.3.5  # fixes https://github.com/google/slo-generator/issues/421
+    safety >=3  # required by `black >=24.3.0`
 
 [options.entry_points]
 console_scripts =

diff --git a/slo_generator/backends/splunk.py b/slo_generator/backends/splunk.py
@@ -2,6 +2,7 @@
 `splunk.py`
 Query a splunk search to compute a SLI as a custom slo-generator backend
 """
+
 import copy
 import json
 import logging

diff --git a/tests/unit/fixtures/fake_credentials.json b/tests/unit/fixtures/fake_credentials.json
@@ -1,12 +1,13 @@
 {
   "type": "service_account",
   "project_id": "fake",
-  "private_key_id": "5b152564654231321xx54654s54w6e54f6546566",
-  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCSUDxmGPUzkh1v\noXx3vYi5KLnTBxMRZ+zB4SxVcpdFAMlxhGZgYxsUSkUdScdEdRXIf30JN0RDS5cA\nPHuJQR4KTHGQ+8xJ+wzi34vwK6hFdba11gl6e5WxAX6M/70xe7aq5J5IKwID4jUL\nFne/bH4L+oMNXdhJVy9e8+wRit+GJx54MH/FXW2j8fNTGqDW+niNN23boHHX8U9X\nRFCiaWCc8u0aFvyX6tEtsKiDqjnx4XHDq81s/2ZRpEkDhKS5qE3IgSEOB/7Ngybt\nvwd8HyU0DyVmugebpPM8hBWwOiesvCKUmr19Ov/zau2KXKhWDR2sb4qoJR34c5uc\nPSu1hdLDAgMBAAECggEAF12c56kgr2WsMcGWQQERrpAkbOD6WJNCKgwtqk+sfKaN\nhQVh3A63qlvaAb1ghzwziFtjum8LBbwylyURjW/KvlZK5J5xl3byLeEJVgeCzeTo\nks1lohvOYgAdF6NXsWlSWKQ96sSDg99CHU0vPnCzCHKvLxlHix7TP9SwZHTLEX87\n6Ec65txjLArUrydYh1a01exSSZDZUZsAFllLQIIsIZsMdxg8Tx+T28M0OoLdjw6z\nIK0xE5VHLzT2zdlLYWyJZARm/8exB57lBEVAZyOwXZ/vHfFoH+vJRaHdbPJLSQVA\nycXWxgBXiCc+zvdzMOuGMSUqbZL4B7a6WaWJlmtQwQKBgQDLZtszDODXqcge64oS\n0OY4AB493L7F78jqI/8q2EgwRK7z0pTvYxblGaPuzvb3lfdMiq8RUkIM3Wq3Qtdn\nFN8JHTwJEAHcW26hj+c/pz9ItsGSx9mBbqIoylquQqL3zP9E8zbIcFp1LdsqiDQB\nc3oxFyMb/PyPO9xkVr0LOX6JswKBgQC4JiU7J/HMUTFL91c6Wm+6l4n+GYPrJlPk\nmsz1zbcEIFIcJ+/w8jN9C5wDYwaFFpaVwSxwKUKjdWU0vDj53xnq/Araiz1xkQxu\n+0ML3sENuFeuXIc+LnsOgiGAgR3b5QILMvZDt9OKasud32tHCoY6AfdezOEYPCgE\nukaqDKnqsQKBgQCQpONqiVT3aLB8dImq2c1ts3/OBEXSIrPg9ZpG0Kl9UcqMb4sk\nNXYZk8NFVv6/kHDdiJ34lmOMHIUAL9NYZbo6FAUWeMCqAIdK8zfCx1+0iOpdRCuD\n5LYChew4kgCscaZyVPb3URayz9pUg6lgAsu5TzfTdnPwM+SFoj0rV0aKCwKBgQCO\n46J+HYelV9cdsCYyNFx/9/hugBP50jrEp02k6eQ6Qm4URPUNDJLhU7HSevNjL9zX\nBRbbTVjVB1HpsqevU+uDh+FQJT0fM0LnlvY2brl0UPdQZ6HVoTGBV35xfT7TEwcb\n84Zdk3WE8UtgDC3s6QCwYDg3ilibeoo+6N/OMZdjcQKBgEnKbMbpcOnV11bwbk+D\nG6QQ5lEOipoaauRoN5DWTUiz35/S4Tys4y9gWAKBRxt5LPW4L2oIRM4FLx5r9WLg\nidtms9p2t+2IlXoi0Zd9OU6Ncq05negA1kpWwPwSz0YnsX8hc4lQydCcI0+ZxNwd\nOUhEB7bYrpuxlQFPCxrnBwRC\n-----END PRIVATE KEY-----\n",
-  "client_email": "fake@fake.iam.gserviceaccount.com",
-  "client_id": "125812313454685423132",
+  "private_key_id": "f688b27d566ca0b61c2b3e8717dee8e5a5705557",
+  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDOc1bZddLUxylU\n0RDaUmam9E/iSQc8oVec2PuDaypPZYQAbP/eKkroEqgiyRPWRHbdSfoTIoWcZ/SG\nr0TrQmC3YSZhj6V6syN1Rl6R9ygOTbZGq7dWQ/gWSzSYYCMsCPXYPv6CU3hmlg5t\nZMV7oCWIb3wQl9dTNSDAGj0/kHt6OrksW+DtJTgqdpZNW+F4J31YBOXxDmtFWsN7\np6tSGhaLSLlf/6Hl6KdDaJBkuH5nQPkDVsvdaPXBK3jalUpkLQkTi3Ld18lR2ejW\nlwx0jHMDzjnkh0Bx5FTkMXmfPqnXR8DjKY7y0xS+UJgsJifWCFBe3OdUgEn+ENSR\nS2K51+rbAgMBAAECggEAPA3hHbDge3TT2RBXzqpZogc/lZuYt1JXohCcWUY7MI1f\nMKCEbaPv1kJXFodXdeTEjuqODDLmmvDCeMtTSPwuFin0eDzI7kBd+CdYKy2yQTbp\n5vTciAONjy6hRhHxKUYR/a2Va2PMikrsN3Yw3B1hzaZgeJMy18mElV0MpAjrYkpc\nYayVOuSl5xlCWkWJ0eBxtmZpOuwET6bBR2MD9A5IkYf4XBeD1rO0Ojk4a5gmPZag\nhq9n7SbdLGHcnbiUpYsckyHWfqRd6yn177QhdvSdyRdv9VnErnrhAJQZZrmrR3fm\nn45K7qtpSZB4tgPgUNM9b0xONq7L8/Zj5Piz+IM6AQKBgQD9WbJCndXTOQ+9Q92E\nEZRumk7iwd0Z8TlyDBkm7ICnVYu1uSpf9kAEwTS8pYvQHEkVJjm05YzfgnalJWR/\nBCQSUth8jHMI3JOBQX+/D8rxMPeuVaj+oi/pWQEbLpGBi1v95O4dE9r2W8jkaHWW\nr+fWqr7bj0/M086h3n0IZzB14QKBgQDQnBOOhmUxAU/yPDNuz9K2xfszZsUKfA1S\n9vcbWFsQdhSK2TfghfTC+sU/pZlfeKrISnnRgj4jF7kcVZ4fuyMKVADuyqQSpYL6\noOFbo9d3U5LaBftzOYbgs2fh5MOwtuBK5XU1G5SkLEFp+2IPUDDT6KBIGr3vidZz\nN6HdecTAOwKBgQDZywkOcYcG3K/mIXhFd6NlbWvRTZ0YFyIuI65fosJ6l3TSFMsT\n0ap5K+p9HcdScW52KvVCyG9RGWOLVtjMxC+KPQP0Ff0yKgT4Aemiwx3QOCtECEmO\nFLkhXa0ww9i8R6QeYHY+Mvpx/Ld3e0FS+AdSqFgIgWu1hoPE7XIJDkQ/oQKBgQCa\nxjH8XNpXMZIPN3sxjB/aW6m0yVsIHGIGXBWaxENMQ0+adO9wNfMTdttCDattmimb\n0SXwu6E+iCtfSma3RDELSKgog1CYRRSYvyR0yWrjra4W9LlLFDNuI62/e+t1AToI\nV5ZOgNgXtn4SE+D9W5Hep4nD9ZNWVf42HeCKYf4IYQKBgQCFhLNm9CsCIQghbSQV\nglVNvtRkTtn0ofQMV/aHZtHlN5VBuPIseUKXZgwXPozI0VPHN3YNevsKM8tljk6d\nSLqJ9hYCeMYMgwcF5ndDaghNZOX+yqbqbA3ZqTk+qHNtKFBqDtfYmHbdPv+wviam\n9DGfc0N/PHa3mn1XvE49qr2mPw==\n-----END PRIVATE KEY-----\n",
+  "client_email": "[email protected]",
+  "client_id": "110148940207370658222",
   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
   "token_uri": "https://oauth2.googleapis.com/token",
   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
-  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/fake%40fake.iam.gserviceaccount.com"
+  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/fake%40fake.gserviceaccount.com",
+  "universe_domain": "googleapis.com"
 }