Refactor all tests

.github/workflows/deploy.yml

@@ -14,20 +14,25 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
-
     - name: Setup python
       uses: actions/setup-python@v1
       with:
         python-version: ${{ matrix.python-version }}
         architecture: x64
+    - name: Get short Python version
+      id: full-python-version
+      shell: bash
+      run: echo ::set-output name=version::$(python -c "import sys; print(f'py{sys.version_info.major}{sys.version_info.minor}')")
     - name: install pre-reqs
-      run: sudo apt-get update && sudo apt-get install libbluetooth-dev python3-venv && pip install poetry tox-gh-actions && pip install -r requirements.txt && pip install -r requirements-dev.txt
-    - name: set pythonpath
-      run: echo "::set-env name=PYTHONPATH::$(pwd)"
-    - name: tests
-      run: poetry run tox
+      run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry pre-commit
+    - name: lint
+      run: pre-commit run --all-files
+    - name: Configure poetry
+      run: poetry config virtualenvs.in-project true
+    - name: Install dependencies
+      run: poetry install
+    - name: Run tox
+      run: poetry run tox -e ${{ steps.full-python-version.outputs.version }}
   latest_deploy:
     runs-on: ubuntu-latest
     needs: [test]

.github/workflows/release.yml

@@ -18,14 +18,23 @@ jobs:
       with:
         python-version: ${{ matrix.python-version }}
         architecture: x64
+    - name: Get short Python version
+      id: full-python-version
+      shell: bash
+      run: echo ::set-output name=version::$(python -c "import sys; print(f'py{sys.version_info.major}{sys.version_info.minor}')")
     - name: install pre-reqs
-      run: sudo apt-get update && sudo apt-get install libbluetooth-dev python3-venv && pip install poetry tox-gh-actions && pip install -r requirements.txt && pip install -r requirements-dev.txt
-    - name: set pythonpath
-      run: echo "::set-env name=PYTHONPATH::$(pwd)"
-    - name: tests
-      run: poetry run tox
+      run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry pre-commit
+    - name: lint
+      run: pre-commit run --all-files
+    - name: Configure poetry
+      run: poetry config virtualenvs.in-project true
+    - name: Install dependencies
+      run: poetry install
+    - name: Run tox
+      run: poetry run tox -e ${{ steps.full-python-version.outputs.version }}
   create-release:
     name: Create Release
+    needs: [test]
     runs-on: ubuntu-latest
     steps:
     - name: Checkout code
@@ -42,7 +51,7 @@ jobs:
         prerelease: false
   upload_to_pypi:
     runs-on: ubuntu-latest
-    needs: [test]
+    needs: [create-release]
     steps:
     - name: Copy Repo Files
       uses: actions/checkout@v2
@@ -62,7 +71,7 @@ jobs:
         TWINE_PASSWORD : ${{ secrets.TWINE_PASSWORD }}
   ubuntu_tag_deploy:
     runs-on: ubuntu-latest
-    needs: [test]
+    needs: [create-release]
     steps:
     - name: Copy Repo Files
       uses: actions/checkout@v2

.github/workflows/sast.yml

@@ -1,4 +1,4 @@
-name: "Code scanning - action"
+name: "Security"
 
 on:
   push:
@@ -21,3 +21,36 @@ jobs:
       uses: github/codeql-action/autobuild@v1
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v1
+  clair:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Prep clair
+        run: docker-compose -f docker-compose-clair.yml up -d
+      - name: Download Clair-Scanner
+        run: curl -Ls https://github.com/arminc/clair-scanner/releases/download/v12/clair-scanner_linux_amd64 -o clair-scanner && chmod +x clair-scanner
+      - name: Build
+        run: docker build -t myoung34/tilty:latest .
+      - name: Test
+        run: ./clair-scanner --ip $(ip -f inet addr show eth0 | grep -Po 'inet \K[\d.]+') myoung34/tilty:latest
+  bandit:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [ '3.6', '3.7', '3.8' ]
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+    - name: Setup python
+      uses: actions/setup-python@v1
+      with:
+        python-version: ${{ matrix.python-version }}
+        architecture: x64
+    - name: install pre-reqs
+      run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry pre-commit
+    - name: Configure poetry
+      run: poetry config virtualenvs.in-project true
+    - name: Install dependencies
+      run: poetry install
+    - name: Run bandit
+      run: poetry run bandit .

.github/workflows/tests.yml

@@ -7,22 +7,6 @@ on:
       - 'refs/tags/*'
 
 jobs:
-  lint:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python-version: [ '3.6', '3.7', '3.8' ]
-    steps:
-      - uses: actions/checkout@v2
-      - name: Setup python
-        uses: actions/setup-python@v1
-        with:
-          python-version: ${{ matrix.python-version }}
-          architecture: x64
-      - name: lint
-        run: |
-          pip install pre-commit
-          pre-commit run --all-files
   test:
     runs-on: ubuntu-latest
     strategy:
@@ -39,9 +23,11 @@ jobs:
     - name: Get short Python version
       id: full-python-version
       shell: bash
-      run: echo ::set-output name=version::$(python -c "import sys; print('-'.join(str(v) for v in sys.version_info))"| sed 's/\([0-9]\)-\([0-9]\).*/py\1\2/g')
+      run: echo ::set-output name=version::$(python -c "import sys; print(f'py{sys.version_info.major}{sys.version_info.minor}')")
     - name: install pre-reqs
-      run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry
+      run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry pre-commit
+    - name: lint
+      run: pre-commit run --all-files
     - name: Configure poetry
       run: poetry config virtualenvs.in-project true
     - name: Install dependencies
@@ -52,15 +38,3 @@ jobs:
       run: poetry run coveralls
       env:
         COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
-  clair:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Prep clair
-        run: docker-compose -f docker-compose-clair.yml up -d
-      - name: Download Clair-Scanner
-        run: curl -Ls https://github.com/arminc/clair-scanner/releases/download/v12/clair-scanner_linux_amd64 -o clair-scanner && chmod +x clair-scanner
-      - name: Build
-        run: docker build -t myoung34/tilty:latest .
-      - name: Test
-        run: ./clair-scanner --ip $(ip -f inet addr show eth0 | grep -Po 'inet \K[\d.]+') myoung34/tilty:latest

SECURITY.md

@@ -0,0 +1,23 @@
+## Security
+
+If you believe you have found a security vulnerability, please report it to me as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.** Instead, please report them to me directly at [[email protected]](mailto:[email protected]).  
+
+If you'd like to communicate securely, my keybase is [here](https://keybase.io/3vilpenguin)
+
+Please include the requested information listed below (as much as you can provide) to help better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+## Preferred Languages
+
+I prefer all communications to be in English.

requirements-dev.txt

@@ -1,3 +1,4 @@
+Warning: The lock file is not up to date with the latest changes in pyproject.toml. You may be getting outdated dependencies. Run update to update them.
 appdirs==1.4.4 \
     --hash=sha256:a841dacd6b99318a741b166adb07e19ee71a274450e68237b4650ca1055ab128 \
     --hash=sha256:7d5d0167b2b1ba821647616af46a749d1c653740dd0d2415100fe26e27afdf41
@@ -10,6 +11,9 @@ atomicwrites==1.4.0; sys_platform == "win32" \
 attrs==19.3.0 \
     --hash=sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c \
     --hash=sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72
+bandit==1.6.2 \
+    --hash=sha256:336620e220cf2d3115877685e264477ff9d9abaeb0afe3dc7264f55fa17a3952 \
+    --hash=sha256:41e75315853507aa145d62a78a2a6c5e3240fe14ee7c601459d0df9418196065
 certifi==2020.6.20 \
     --hash=sha256:8fc0819f1f30ba15bdb34cceffb9ef04d99f420f68eb75d901e9560b8749fc41 \
     --hash=sha256:5930595817496dd21bb8dc35dad090f1c2cd0adfaf21204bf6732ca5d8ee34d3
@@ -77,6 +81,12 @@ filelock==3.0.12 \
 flake8==3.8.3 \
     --hash=sha256:15e351d19611c887e482fb960eae4d44845013cc142d42896e9862f775d8cf5c \
     --hash=sha256:f04b9fcbac03b0a3e58c0ab3a0ecc462e023a9faf046d57794184028123aa208
+gitdb==4.0.5 \
+    --hash=sha256:91f36bfb1ab7949b3b40e23736db18231bf7593edada2ba5c3a174a7b23657ac \
+    --hash=sha256:c9e1f2d0db7ddb9a704c2a0217be31214e91a4fe1dea1efad19ae42ba0c285c9
+gitpython==3.1.3 \
+    --hash=sha256:ef1d60b01b5ce0040ad3ec20bc64f783362d41fa0822a2742d3586e1f49bb8ac \
+    --hash=sha256:e107af4d873daed64648b4f4beb89f89f0cfbe3ef558fc7821ed2331c2f8da1a
 idna==2.10 \
     --hash=sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0 \
     --hash=sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6
@@ -178,6 +188,9 @@ msgpack==0.6.1 \
 packaging==20.4 \
     --hash=sha256:998416ba6962ae7fbd6596850b80e17859a5753ba17c32284f67bfff33784181 \
     --hash=sha256:4357f74f47b9c12db93624a82154e9b120fa8293699949152b22065d556079f8
+pbr==5.4.5 \
+    --hash=sha256:579170e23f8e0c2f24b0de612f71f648eccb79fb1322c814ae6b3c07b5ba23e8 \
+    --hash=sha256:07f558fece33b05caf857474a366dfcc00562bca13dd8b47b2b3e22d9f9bf55c
 pluggy==0.13.1 \
     --hash=sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d \
     --hash=sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0
@@ -215,12 +228,30 @@ python-dateutil==2.8.1 \
 pytz==2020.1 \
     --hash=sha256:a494d53b6d39c3c6e44c3bec237336e14305e4f29bbf800b599253057fbb79ed \
     --hash=sha256:c35965d010ce31b23eeb663ed3cc8c906275d6be1a34393a1d73a41febf4a048
+pyyaml==5.3.1 \
+    --hash=sha256:74809a57b329d6cc0fdccee6318f44b9b8649961fa73144a98735b0aaf029f1f \
+    --hash=sha256:240097ff019d7c70a4922b6869d8a86407758333f02203e0fc6ff79c5dcede76 \
+    --hash=sha256:4f4b913ca1a7319b33cfb1369e91e50354d6f07a135f3b901aca02aa95940bd2 \
+    --hash=sha256:cc8955cfbfc7a115fa81d85284ee61147059a753344bc51098f3ccd69b0d7e0c \
+    --hash=sha256:7739fc0fa8205b3ee8808aea45e968bc90082c10aef6ea95e855e10abf4a37b2 \
+    --hash=sha256:69f00dca373f240f842b2931fb2c7e14ddbacd1397d57157a9b005a6a9942648 \
+    --hash=sha256:d13155f591e6fcc1ec3b30685d50bf0711574e2c0dfffd7644babf8b5102ca1a \
+    --hash=sha256:73f099454b799e05e5ab51423c7bcf361c58d3206fa7b0d555426b1f4d9a3eaf \
+    --hash=sha256:06a0d7ba600ce0b2d2fe2e78453a470b5a6e000a985dd4a4e54e436cc36b0e97 \
+    --hash=sha256:95f71d2af0ff4227885f7a6605c37fd53d3a106fcab511b8860ecca9fcf400ee \
+    --hash=sha256:b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d
 requests==2.24.0 \
     --hash=sha256:fe75cc94a9443b9246fc7049224f75604b113c36acb93f87b80ed42c44cbb898 \
     --hash=sha256:b3559a131db72c33ee969480840fff4bb6dd111de7dd27c8ee1f820f4f00231b
 six==1.15.0 \
     --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced \
     --hash=sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259
+smmap==3.0.4 \
+    --hash=sha256:54c44c197c819d5ef1991799a7e30b662d1e520f2ac75c9efbeb54a742214cf4 \
+    --hash=sha256:9c98bbd1f9786d22f14b3d4126894d56befb835ec90cef151af566c7e19b5d24
+stevedore==2.0.1 \
+    --hash=sha256:c4724f8d7b8f6be42130663855d01a9c2414d6046055b5a65ab58a0e38637688 \
+    --hash=sha256:609912b87df5ad338ff8e44d13eaad4f4170a65b79ae9cb0aa5632598994a1b7
 toml==0.10.1 \
     --hash=sha256:bda89d5935c2eac546d648028b9901107a595863cb36bae0c73ac804a9b4ce88 \
     --hash=sha256:926b612be1e5ce0634a2ca03470f95169cf16f939018233a670519cb4ac58b0f
@@ -252,9 +283,9 @@ typed-ast==1.4.1; implementation_name == "cpython" and python_version < "3.8" \
 urllib3==1.25.9 \
     --hash=sha256:88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115 \
     --hash=sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527
-virtualenv==20.0.25 \
-    --hash=sha256:ffffcb3c78a671bb3d590ac3bc67c081ea2188befeeb058870cba13e7f82911b \
-    --hash=sha256:f332ba0b2dfbac9f6b1da9f11224f0036b05cdb4df23b228527c2a2d5504aeed
+virtualenv==20.0.26 \
+    --hash=sha256:c11a475400e98450403c0364eb3a2d25d42f71cf1493da64390487b666de4324 \
+    --hash=sha256:e10cc66f40cbda459720dfe1d334c4dc15add0d80f09108224f171006a97a172
 wcwidth==0.2.5 \
     --hash=sha256:beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784 \
     --hash=sha256:c4d647b99872929fdb7bdcaa4fbe7f01413ed3d98077df798530e5b04f116c83

requirements.txt

@@ -1,3 +1,4 @@
+Warning: The lock file is not up to date with the latest changes in pyproject.toml. You may be getting outdated dependencies. Run update to update them.
 certifi==2020.6.20 \
     --hash=sha256:8fc0819f1f30ba15bdb34cceffb9ef04d99f420f68eb75d901e9560b8749fc41 \
     --hash=sha256:5930595817496dd21bb8dc35dad090f1c2cd0adfaf21204bf6732ca5d8ee34d3

tox.ini

@@ -10,7 +10,6 @@ commands =
     isort -c -rc tilty -sp {toxinidir}
     pylint --rcfile {toxinidir}/.pylintrc -r n tilty
     py.test --cov-config .coveragerc --cov tilty --cov-report term-missing --cov-report xml --junitxml junit.xml tests {posargs}
-    bandit .
 whitelist_externals = make
                       bash
                       pylint