Fix tests, add lint and test workflows (#20)

* Added urlopen version of safe_requests get

* Added test workflow and some linting

* Added pre-commit hooks + overall linting

* Added test instructions for readme

* Removed nonexistent exclusions in pre-commit config

Author: andrecsilva

.github/workflows/lint.yml

@@ -0,0 +1,22 @@
+name: Lint
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  merge_group:
+
+concurrency:
+  group: (${{ github.workflow }}-${{ github.event.inputs.branch || github.event.pull_request.head.ref }})
+  cancel-in-progress: true
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-python@v5
+    - uses: pre-commit/[email protected]

.github/workflows/test.yml

@@ -0,0 +1,59 @@
+name: Unit Tests
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  merge-group:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: Build Package
+    runs-on: ubuntu-22.04
+    timeout-minutes: 5
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Set Up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+          cache: 'pip'
+      - name: Install build dependencies
+        run: pip install build twine
+      - name: Build package
+        run: python -m build .
+      - name: Twine Check
+        run: twine check dist/*
+  test:
+    name: Run pytest
+    runs-on: ubuntu-22.04
+    timeout-minutes: 25
+    strategy:
+      matrix:
+        python-version: ['3.10',  '3.11', '3.12']
+    steps:
+      - name: install netcat
+        run: apt update && apt install -y netcat
+      - name: make bash default shell
+        run: ln -sf /bin/bash /bin/sh
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Set Up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: 'pip'
+      - name: Install Codemodder Package
+        run: pip install .
+      - name: Install Dependencies
+        run: pip install -r dev_requirements.txt
+      - name: Run unit tests
+        run: pytest

.pre-commit-config.yaml

@@ -1,13 +1,38 @@
 repos:
 -   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v2.3.0
+    rev: v4.6.0
     hooks:
     -   id: check-yaml
     -   id: check-json
     -   id: end-of-file-fixer
     -   id: trailing-whitespace
     -   id: check-added-large-files
 -   repo: https://github.com/psf/black
-    rev: 23.3.0
+    rev: 24.4.0
     hooks:
     -   id: black
+- repo: https://github.com/pre-commit/mirrors-mypy
+  rev: v1.9.0
+  hooks:
+   - id: mypy
+     args: [--disable-error-code=has-type,--disable-error-code=import-not-found]
+     additional_dependencies:
+       [
+         "types-jsonschema~=4.21.0",
+         "types-mock==5.0.*",
+         "types-PyYAML==6.0",
+         "types-toml~=0.10",
+         "types-requests~=2.13",
+    ]
+- repo: https://github.com/astral-sh/ruff-pre-commit
+  rev: v0.3.7
+  hooks:
+    - id: ruff
+    # todo: replace black with this?
+    # Run the formatter.
+    # - id: ruff-format
+- repo: https://github.com/pycqa/isort
+  rev: 5.13.2
+  hooks:
+    - id: isort
+      args: ["--profile", "black"]

LICENSE.txt

@@ -18,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+SOFTWARE.

MANIFEST.in

@@ -1 +1 @@
-include README.md LICENSE.txt
+include README.md LICENSE.txt

README.md

@@ -10,3 +10,11 @@ Many of the APIs provided are meant to be drop-in replacements that either offer
 To install this package from PyPI, use the following command:
 
 `pip install security`
+
+## Running tests
+
+DO NOT RUN TESTS LOCALLY WITHOUT A VM/CONTAINER.
+
+Tests will try to run "dangerous" commands (i.e. curl, netcat, etc.) and try to access sensitive files (i.e. sudoers, passwd, etc.). We do so to test the our abilities to detect and filter these types of attacks.
+
+While all these commands are devised as innocuous, it is still not a good idea to risk exposure. They also require a specific environment to pass. We recommend using something like [act](https://github.com/nektos/act) to run the github workflow locally within a container for local development.

src/security/safe_command/__init__.py

@@ -1 +1,3 @@
 from .api import call, run
+
+__all__ = ["call", "run"]