Fix codeql warnings: #1-#19

DFE-Digital · May 17, 2024 · 43a3c5f · 43a3c5f
1 parent 874ebe6
commit 43a3c5f
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 53 deletions.
diff --git a/build_data_assets.py b/build_data_assets.py
@@ -15,9 +15,8 @@ def build_teacher_pii_data_asset() -> tuple:
         "availability": "operational",
         "justification": "Teacher data might contain personally identifiable information (PII). The integrity and availability of teacher data is required for functioning of the service.",
     }
-    template_file = open("yaml-templates/data_assets_template.yaml")
-    template_str = template_file.read()
-    template_file.close()
+    with open("yaml-templates/data_assets_template.yaml") as template_file:
+        template_str = template_file.read()
     data_asset_template = Template(template_str)
     data_asset_yaml = data_asset_template.render(data_asset_dict)
 
@@ -40,9 +39,8 @@ def build_student_pii_data_asset() -> tuple:
         "availability": "operational",
         "justification": "Student data might contain personally identifiable information (PII). The integrity and availability of student data is required for functioning of the service.",
     }
-    template_file = open("yaml-templates/data_assets_template.yaml")
-    template_str = template_file.read()
-    template_file.close()
+    with open("yaml-templates/data_assets_template.yaml") as template_file:
+        template_str = template_file.read()
     data_asset_template = Template(template_str)
     data_asset_yaml = data_asset_template.render(data_asset_dict)
 
@@ -72,9 +70,8 @@ def build_client_app_data_asset() -> tuple:
         "availability": "important",
         "justification": "The integrity of the application code is critical to avoid reputational damage and the availability is important on the long-term scale (but not critical) to ensure users are able to access the service.",
     }
-    template_file = open("yaml-templates/data_assets_template.yaml")
-    template_str = template_file.read()
-    template_file.close()
+    with open("yaml-templates/data_assets_template.yaml") as template_file:
+        template_str = template_file.read()
     data_asset_template = Template(template_str)
     data_asset_yaml = data_asset_template.render(data_asset_dict)
 
@@ -97,9 +94,8 @@ def build_server_app_data_asset() -> tuple:
         "availability": "important",
         "justification": "The integrity of the API code is critical to avoid reputational damage and the availability is important on the long-term scale (but not critical) to ensure users are able to access the service.",
     }
-    template_file = open("yaml-templates/data_assets_template.yaml")
-    template_str = template_file.read()
-    template_file.close()
+    with open("yaml-templates/data_assets_template.yaml") as template_file:
+        template_str = template_file.read()
     data_asset_template = Template(template_str)
     data_asset_yaml = data_asset_template.render(data_asset_dict)
 
@@ -128,9 +124,8 @@ def build_vulnerable_children_data_asset() -> tuple:
         "availability": "critical",
         "justification": "The data of vulnerable children is strictly confidential, and would cause serious harm if made public.",
     }
-    template_file = open("yaml-templates/data_assets_template.yaml")
-    template_str = template_file.read()
-    template_file.close()
+    with open("yaml-templates/data_assets_template.yaml") as template_file:
+        template_str = template_file.read()
     data_asset_template = Template(template_str)
     data_asset_yaml = data_asset_template.render(data_asset_dict)
 
@@ -153,9 +148,8 @@ def build_job_information_data_asset() -> tuple:
         "availability": "operational",
         "justification": "Job information is important but is public information in it's nature.",
     }
-    template_file = open("yaml-templates/data_assets_template.yaml")
-    template_str = template_file.read()
-    template_file.close()
+    with open("yaml-templates/data_assets_template.yaml") as template_file:
+        template_str = template_file.read()
     data_asset_template = Template(template_str)
     data_asset_yaml = data_asset_template.render(data_asset_dict)
 
@@ -178,9 +172,8 @@ def build_school_data_asset() -> tuple:
         "availability": "operational",
         "justification": "School data is collected to provide useful insights in how schools are doing from a social, financial and academic point of view, but most of this information is either already public or can be made available on request.",
     }
-    template_file = open("yaml-templates/data_assets_template.yaml")
-    template_str = template_file.read()
-    template_file.close()
+    with open("yaml-templates/data_assets_template.yaml") as template_file:
+        template_str = template_file.read()
     data_asset_template = Template(template_str)
     data_asset_yaml = data_asset_template.render(data_asset_dict)
 
@@ -210,9 +203,8 @@ def build_payment_details_asset() -> tuple:
         "availability": "important",
         "justification": "Payment details could be PCI or bank account details, either to take payments or to send money to/from the customer.",
     }
-    template_file = open("yaml-templates/data_assets_template.yaml")
-    template_str = template_file.read()
-    template_file.close()
+    with open("yaml-templates/data_assets_template.yaml") as template_file:
+        template_str = template_file.read()
     data_asset_template = Template(template_str)
     data_asset_yaml = data_asset_template.render(data_asset_dict)
 
@@ -241,9 +233,8 @@ def build_secrets_asset() -> tuple:
         "availability": "operational",
         "justification": "Secrets and API keys are critical and would result in serious breach and reputational damage if found.",
     }
-    template_file = open("yaml-templates/data_assets_template.yaml")
-    template_str = template_file.read()
-    template_file.close()
+    with open("yaml-templates/data_assets_template.yaml") as template_file:
+        template_str = template_file.read()
     data_asset_template = Template(template_str)
     data_asset_yaml = data_asset_template.render(data_asset_dict)
 

diff --git a/build_tech_assets.py b/build_tech_assets.py
@@ -11,9 +11,8 @@ def build_container_app_tm(name: str, asset_type: str) -> tuple:
         "machine": "container",
         "tags": [name, "azure", "azure-container-app", asset_type],
     }
-    template_file = open("yaml-templates/technical_asset_template.yaml")
-    template_str = template_file.read()
-    template_file.close()
+    with open("yaml-templates/technical_asset_template.yaml") as template_file:
+        template_str = template_file.read()
     tech_asset_template = Template(template_str)
     container_app_asset_yaml = tech_asset_template.render(container_app_dict)
 
@@ -40,9 +39,8 @@ def build_key_vault_tm(name: str, asset_type: str) -> tuple:
             asset_type,
         ],
     }
-    template_file = open("yaml-templates/technical_asset_template.yaml")
-    template_str = template_file.read()
-    template_file.close()
+    with open("yaml-templates/technical_asset_template.yaml") as template_file:
+        template_str = template_file.read()
     tech_asset_template = Template(template_str)
     key_vault_asset_yaml = tech_asset_template.render(key_vault_dict)
 
@@ -61,9 +59,8 @@ def build_cache_tm(name: str, asset_type: str) -> tuple:
         "machine": "virtual",
         "tags": [name, "azure", "azure-redis-cache", "cache", asset_type],
     }
-    template_file = open("yaml-templates/technical_asset_template.yaml")
-    template_str = template_file.read()
-    template_file.close()
+    with open("yaml-templates/technical_asset_template.yaml") as template_file:
+        template_str = template_file.read()
     tech_asset_template = Template(template_str)
     redis_cache_asset_yaml = tech_asset_template.render(redis_cache_dict)
 
@@ -128,9 +125,8 @@ def build_app_service_tm(name: str, asset_type: str, kind: str) -> tuple:
         "machine": machine,
         "tags": [name, "azure", "azure-app-service", machine, technology, asset_type],
     }
-    template_file = open("yaml-templates/technical_asset_template.yaml")
-    template_str = template_file.read()
-    template_file.close()
+    with open("yaml-templates/technical_asset_template.yaml") as template_file:
+        template_str = template_file.read()
     tech_asset_template = Template(template_str)
     app_service_asset_yaml = tech_asset_template.render(app_service_dict)
 
@@ -149,9 +145,8 @@ def build_storage_tm(name: str, asset_type: str) -> tuple:
         "machine": "virtual",
         "tags": [name, "azure", "azure-storage", "blob", asset_type],
     }
-    template_file = open("yaml-templates/technical_asset_template.yaml")
-    template_str = template_file.read()
-    template_file.close()
+    with open("yaml-templates/technical_asset_template.yaml") as template_file:
+        template_str = template_file.read()
     tech_asset_template = Template(template_str)
     storage_asset_yaml = tech_asset_template.render(storage_dict)
 

diff --git a/dfe_threagile.py b/dfe_threagile.py
@@ -30,13 +30,14 @@ def temp_file_read() -> list:
     data_list = []
     # temp: I want to prove we can run threagile in multiple ways in GitHub Actions before the feature is built
     try:
-        file = open("/app/work/test-data.json", "r")
+        with open("/app/work/test-data.json", "r") as file:
+            lines = file.readlines()
     except FileNotFoundError:
         print(
             "test-data.json file not found, this file is for testing purposes - automated Azure resource collection feature not yet implemented."
         )
         sys.exit(0)
-    lines = file.readlines()
+
 
     for line in lines:
         stripped_line = json.loads(line.strip())
@@ -229,8 +230,8 @@ def data_assets() -> list:
 def template_inject(
     yaml_list: list, data_list: list, all_tags: list, risks: list = []
 ) -> str:
-    template_file = open("yaml-templates/threagile-example-model-template.yaml")
-    template_str = template_file.read()
+    with open("yaml-templates/threagile-example-model-template.yaml") as template_file:
+        template_str = template_file.read()
     tech_asset_template = Template(template_str)
 
     final_yaml = tech_asset_template.render(

diff --git a/produce_risk_tracker.py b/produce_risk_tracker.py
@@ -15,18 +15,17 @@ def print_yaml(risk_dict: dict):
 
 
 def build_risk(risk_dict: dict):
-    template_file = open("yaml-templates/risks_template.yaml")
-    template_str = template_file.read()
-    template_file.close()
+    with open("yaml-templates/risks_template.yaml") as template_file:
+        template_str = template_file.read()
     risk_template = Template(template_str)
     risk_yaml = risk_template.render(risk_dict)
 
     return risk_yaml
 
 
 def read_risks_json(file_path: str) -> list:
-    file = open(file_path)
-    data = json.load(file)
+    with open(file_path) as file:
+        data = json.load(file)
 
     date_today_obj = datetime.datetime.now()
     date_today_fmt = date_today_obj.strftime("%Y-%m-%d")
@@ -54,8 +53,8 @@ def read_risks_json(file_path: str) -> list:
 
 def template_inject_risks(risks: list) -> str:
     # change to the output from asset builder
-    template_file = open("yaml-templates/threagile-pre-risks.yaml")
-    template_str = template_file.read()
+    with open("yaml-templates/threagile-pre-risks.yaml") as template_file:
+        template_str = template_file.read()
     risks_template = Template(template_str)
     final_yaml = risks_template.render(risks=risks)
     print(final_yaml)