Fix semgrep findings

Author: GDYendell

.github/actions/install_requirements/action.yml

@@ -12,6 +12,7 @@ runs:
   using: composite
   steps:
     - name: Get version of python
+      # nosemgrep
       run: |
         PYTHON_VERSION="${{ inputs.python-version }}"
         if [ $PYTHON_VERSION == "dev" ]; then

.github/workflows/_tox.yml

@@ -19,4 +19,4 @@ jobs:
         uses: ./.github/actions/install_requirements
 
       - name: Run tox
-        run: tox -e ${{ inputs.tox }}
+        run: tox -e ${{ inputs.tox }}  # nosemgrep

src/fastcs/transports/rest/rest.py

@@ -71,7 +71,7 @@ async def attr_put(request):
         await attribute.put(cast_from_rest_type(attribute.datatype, request.value))
 
     # Fast api uses type annotations for validation, schema, conversions
-    attr_put.__annotations__["request"] = _put_request_body(attribute)
+    attr_put.__annotations__["request"] = _put_request_body(attribute)  # nosemgrep
 
     return attr_put
 

tests/benchmarking/compose.yaml

@@ -6,6 +6,9 @@ services:
     image: registry.gitlab.com/tango-controls/docker/mysql:5
     environment:
       - MYSQL_ROOT_PASSWORD=root
+    security_opt:
+      - "no-new-privileges:true"
+    read_only: true
 
   tango-cs:
     hostname: localhost
@@ -20,3 +23,6 @@ services:
       - MYSQL_DATABASE=tango
     depends_on:
       - mysql
+    security_opt:
+      - "no-new-privileges:true"
+    read_only: true