Merge pull request #729 from rldhont/fix-security-scan

Fix security scan

Author: rldhont

.github/workflows/ci.yml

@@ -13,4 +13,3 @@ on:
 jobs:
   tests:
     uses: ./.github/workflows/tests.yml
-

.github/workflows/tests.yml

@@ -25,7 +25,10 @@ jobs:
         run: ruff check --preview --output-format=concise lizmap
 
       - name: Run security check
-        run: bandit -r lizmap --severity-level=high
+        run: bandit -r lizmap -ll
+
+      - name: Run Detect Secrets
+        run: detect-secrets scan lizmap --all-files
 
   tests:
     runs-on: ubuntu-latest
@@ -44,5 +47,3 @@ jobs:
 
       - name: Running tests
         run: make docker-test QGIS_VERSION=${{ matrix.qgis_version }}
-
-

lizmap/config/config.py

@@ -1,12 +1,11 @@
+from __future__ import annotations
+
 import json
 import os
 
 from typing import (
+    TYPE_CHECKING,
     Any,
-    Dict,
-    Mapping,
-    Optional,
-    Sequence,
 )
 
 from qgis.core import QgsMapLayer, QgsProject
@@ -15,6 +14,9 @@
 from .layer_options import layerOptionDefinitions
 from .models import MappingQgisGeometryType
 
+if TYPE_CHECKING:
+    from collections.abc import Mapping, Sequence
+
 
 class LizmapConfigError(Exception):
     pass
@@ -34,9 +36,9 @@ def __init__(self, project: QgsProject):
 
         self._WFSLayers = self.project.readListEntry("WFSLayers", "")[0]
 
-        self._layer_attributes: Dict = {}
-        self._global_options: Dict = {}
-        self._layer_options: Dict = {}
+        self._layer_attributes: dict = {}
+        self._global_options: dict = {}
+        self._layer_options: dict = {}
 
     @staticmethod
     def _load_project(path):
@@ -48,7 +50,7 @@ def _load_project(path):
             raise LizmapConfigError("Error reading qgis project")
         return project
 
-    def get_layer_by_name(self, name: str) -> Optional[QgsMapLayer]:
+    def get_layer_by_name(self, name: str) -> QgsMapLayer | None:
         """Return a unique layer by its name"""
         matches = self.project.mapLayersByName(name)
         if len(matches) > 0:
@@ -57,9 +59,9 @@ def get_layer_by_name(self, name: str) -> Optional[QgsMapLayer]:
 
     def to_json(
         self,
-        p_global_options: Optional[Mapping[str, Any]] = None,
-        p_layer_options: Optional[Mapping[str, Any]] = None,
-        p_attributes_options: Optional[Mapping[str, Any]] = None,
+        p_global_options: Mapping[str, Any] | None = None,
+        p_layer_options: Mapping[str, Any] | None = None,
+        p_attributes_options: Mapping[str, Any] | None = None,
         sort_keys: bool = False,
         indent: int = 4,
         **kwargs,
@@ -86,7 +88,7 @@ def to_json(
         # Write json to the cfg file
         return json.dumps(config, sort_keys=sort_keys, indent=indent, **kwargs)
 
-    def set_global_options(self, options: Optional[Mapping[str, Any]] = None):
+    def set_global_options(self, options: Mapping[str, Any] | None = None):
         """Set the global lizmap configuration options"""
         # set defaults
         self._global_options = {
@@ -171,7 +173,7 @@ def add_layer(self, layer: QgsMapLayer, **options) -> Mapping[str, Any]:
         self._layer_options[lid] = lo
         return lo
 
-    def set_layer_options(self, p_layer_options: Optional[Mapping[str, Any]] = None):
+    def set_layer_options(self, p_layer_options: Mapping[str, Any] | None = None):
         """Set the configuration options for the the project layers
 
         :param p_layer_options: dict of options for each layers
@@ -207,7 +209,7 @@ def publish_layer_attribute_table(
 
         # Check that the layer has WFS enabled
         if not self.hasWFSCapabilities(layer):
-            raise LizmapConfigError("WFS Required for layer %s" % layer.name())
+            raise LizmapConfigError(f"WFS Required for layer {layer.name()}")
 
         lyr_name = layer.name()
         lyr_attrs = self._layer_attributes.get(lyr_name)
@@ -249,10 +251,10 @@ def set_wmsextent(self, xmin: float, ymin: float, xmax: float, ymax: float):
     # noinspection PyPep8Naming
     def configure_server_options(
         self,
-        WMSTitle: Optional[str] = None,
-        WMSDescription: Optional[str] = None,
+        WMSTitle: str | None = None,
+        WMSDescription: str | None = None,
         WFSLayersPrecision: int = 6,
-        WMSExtent: Optional[Sequence[int]] = None,
+        WMSExtent: Sequence[int] | None = None,
     ):
         """Configure server options for layers in the qgis project
 

lizmap/config/global_options.py

@@ -6,79 +6,79 @@
 from lizmap.toolbelt.i18n import tr
 from lizmap.toolbelt.version import format_version_integer, version
 
-from .models import _Item
+from .models import ModelItem
 
 
 class Metadata(TypedDict):
-    lizmap_plugin_version: _Item
-    lizmap_web_client_target_version: _Item
+    lizmap_plugin_version: ModelItem
+    lizmap_web_client_target_version: ModelItem
 
 
 class GlobalOptionsDefinitions(TypedDict):
     metadata: Metadata
-    mapScales: _Item
-    minScale: _Item
-    max_scale_points: _Item
-    max_scale_lines_polygons: _Item
-    use_native_zoom_levels: _Item
-    hide_numeric_scale_value: _Item
-    acl: _Item
-    initialExtent: _Item
-    googleKey: _Item
-    googleHybrid: _Item
-    googleSatellite: _Item
-    googleTerrain: _Item
-    googleStreets: _Item
-    osmMapnik: _Item
-    openTopoMap: _Item
-    bingKey: _Item
-    bingStreets: _Item
-    bingSatellite: _Item
-    bingHybrid: _Item
-    ignKey: _Item
-    ignSatellite: _Item
-    ignTerrain: _Item
-    ignCadastral: _Item
-    hideGroupCheckbox: _Item
-    activateFirstMapTheme: _Item
-    popupLocation: _Item
-    draw: _Item
+    mapScales: ModelItem
+    minScale: ModelItem
+    max_scale_points: ModelItem
+    max_scale_lines_polygons: ModelItem
+    use_native_zoom_levels: ModelItem
+    hide_numeric_scale_value: ModelItem
+    acl: ModelItem
+    initialExtent: ModelItem
+    googleKey: ModelItem
+    googleHybrid: ModelItem
+    googleSatellite: ModelItem
+    googleTerrain: ModelItem
+    googleStreets: ModelItem
+    osmMapnik: ModelItem
+    openTopoMap: ModelItem
+    bingKey: ModelItem
+    bingStreets: ModelItem
+    bingSatellite: ModelItem
+    bingHybrid: ModelItem
+    ignKey: ModelItem
+    ignSatellite: ModelItem
+    ignTerrain: ModelItem
+    ignCadastral: ModelItem
+    hideGroupCheckbox: ModelItem
+    activateFirstMapTheme: ModelItem
+    popupLocation: ModelItem
+    draw: ModelItem
     # Deprecated since LWC 3.7.0
     # There is a new "print" panel
-    print: _Item
-    measure: _Item
-    externalSearch: _Item
+    print: ModelItem
+    measure: ModelItem
+    externalSearch: ModelItem
     # Deprecated, it has been removed in LWC 3.8
-    zoomHistory: _Item
-    geolocation: _Item
-    geolocationPrecision: _Item
-    geolocationDirection: _Item
-    pointTolerance: _Item
-    lineTolerance: _Item
-    polygonTolerance: _Item
-    hideHeader: _Item
-    hideMenu: _Item
-    hideLegend: _Item
-    hideOverview: _Item
-    hideNavbar: _Item
-    hideProject: _Item
-    automatic_permalink: _Item
-    wms_single_request_for_all_layers: _Item
-    exclude_basemaps_from_single_wms: _Item
-    tmTimeFrameSize: _Item
-    tmTimeFrameType: _Item
-    tmAnimationFrameLength: _Item
-    emptyBaselayer: _Item
-    startupBaselayer: _Item
-    limitDataToBbox: _Item
-    datavizLocation: _Item
-    datavizTemplate: _Item
-    theme: _Item
-    atlasShowAtStartup: _Item
-    atlasAutoPlay: _Item
-    fixed_scale_overview_map: _Item
-    dxfExportEnabled: _Item
-    allowedGroups: _Item
+    zoomHistory: ModelItem
+    geolocation: ModelItem
+    geolocationPrecision: ModelItem
+    geolocationDirection: ModelItem
+    pointTolerance: ModelItem
+    lineTolerance: ModelItem
+    polygonTolerance: ModelItem
+    hideHeader: ModelItem
+    hideMenu: ModelItem
+    hideLegend: ModelItem
+    hideOverview: ModelItem
+    hideNavbar: ModelItem
+    hideProject: ModelItem
+    automatic_permalink: ModelItem
+    wms_single_request_for_all_layers: ModelItem
+    exclude_basemaps_from_single_wms: ModelItem
+    tmTimeFrameSize: ModelItem
+    tmTimeFrameType: ModelItem
+    tmAnimationFrameLength: ModelItem
+    emptyBaselayer: ModelItem
+    startupBaselayer: ModelItem
+    limitDataToBbox: ModelItem
+    datavizLocation: ModelItem
+    datavizTemplate: ModelItem
+    theme: ModelItem
+    atlasShowAtStartup: ModelItem
+    atlasAutoPlay: ModelItem
+    fixed_scale_overview_map: ModelItem
+    dxfExportEnabled: ModelItem
+    allowedGroups: ModelItem
 
 
 globalOptionDefinitions = {
@@ -91,7 +91,7 @@ class GlobalOptionsDefinitions(TypedDict):
         "lizmap_web_client_target_version": {
             "wType": "spinbox",
             "type": "integer",
-            "default": format_version_integer("{}.0".format(LwcVersions.latest().value)),
+            "default": format_version_integer(f"{LwcVersions.latest().value}.0"),
         },
     },
     "mapScales": {

lizmap/config/layer_options.py

@@ -5,40 +5,40 @@
 from lizmap.definitions.definitions import LwcVersions
 from lizmap.toolbelt.i18n import tr
 
-from .models import _Item
+from .models import ModelItem
 
 
 class LayerOptionDefinitions(TypedDict):
-    title: _Item
-    abstract: _Item
-    link: _Item
-    minScale: _Item
-    maxScale: _Item
-    toggled: _Item
-    popup: _Item
-    popupFrame: _Item
-    popupSource: _Item
-    popupTemplate: _Item
-    popupMaxFeatures: _Item
-    children_lizmap_features_table: _Item
-    popupDisplayChildren: _Item
-    popup_allow_download: _Item
-    noLegendImage: _Item
-    legend_image_option: _Item
-    groupAsLayer: _Item
-    baseLayer: _Item
-    displayInLegend: _Item
-    group_visibility: _Item
-    singleTile: _Item
-    imageFormat: _Item
-    cached: _Item
-    serverFrame: _Item
-    cacheExpiration: _Item
-    metatileSize: _Item
-    clientCacheExpiration: _Item
-    externalWmsToggle: _Item
-    sourceRepository: _Item
-    sourceProject: _Item
+    title: ModelItem
+    abstract: ModelItem
+    link: ModelItem
+    minScale: ModelItem
+    maxScale: ModelItem
+    toggled: ModelItem
+    popup: ModelItem
+    popupFrame: ModelItem
+    popupSource: ModelItem
+    popupTemplate: ModelItem
+    popupMaxFeatures: ModelItem
+    children_lizmap_features_table: ModelItem
+    popupDisplayChildren: ModelItem
+    popup_allow_download: ModelItem
+    noLegendImage: ModelItem
+    legend_image_option: ModelItem
+    groupAsLayer: ModelItem
+    baseLayer: ModelItem
+    displayInLegend: ModelItem
+    group_visibility: ModelItem
+    singleTile: ModelItem
+    imageFormat: ModelItem
+    cached: ModelItem
+    serverFrame: ModelItem
+    cacheExpiration: ModelItem
+    metatileSize: ModelItem
+    clientCacheExpiration: ModelItem
+    externalWmsToggle: ModelItem
+    sourceRepository: ModelItem
+    sourceProject: ModelItem
 
 
 layerOptionDefinitions = {

lizmap/config/models.py

@@ -1,7 +1,7 @@
+from collections.abc import Sequence
 from types import MappingProxyType
 from typing import (
     Any,
-    Sequence,
     TypedDict,
 )
 
@@ -25,7 +25,7 @@
 )
 
 
-class _Item(TypedDict):
+class ModelItem(TypedDict):
     wType: str
     type: str
     default: Any