From 321f912083633417b7bc050f8c139fdfd724357e Mon Sep 17 00:00:00 2001 From: Philip Sargent Date: Thu, 12 Dec 2024 17:08:00 +0000 Subject: [PATCH] fixing pre-run script --- pre-run.sh | 31 +++++++++++++------------ reset-django.py | 7 +++++- security-warnings.txt | 54 ++++++++----------------------------------- troggle-grep.txt | 1 + 4 files changed, 33 insertions(+), 60 deletions(-) create mode 100644 troggle-grep.txt diff --git a/pre-run.sh b/pre-run.sh index bdcf5e8..ab13800 100755 --- a/pre-run.sh +++ b/pre-run.sh @@ -1,35 +1,36 @@ -#! /bin/sh +#! /bin/bash # Do these before final testing, *not* just before pushing: -# Philip Sargent 2020/06/20 -# now with uv -PYTHON="uv run" -cd .. +# Need to be in an ALREADY activated venv +PYTHON="python" + echo "** Run inspectdb:" -$PYTHON troggle/manage.py inspectdb > troggle-inspectdb.py +$PYTHON manage.py inspectdb > troggle-inspectdb.py # egrep -in "unable|error" troggle-inspectdb.py echo "" # count non-blank lines of python and template HTML code # includes all variants of settings.py files -find . -name \*.html -print0 | xargs -0 egrep -vc "#|^\s*$" | grep -v ":0$" | awk -F ":" '{ sum +=$2; print $2, $1; } END {print sum}'| sort -n > lines-of-templates.txt -find . -name \*.py -print0 | xargs -0 egrep -vc "#|^\s*$" | grep -v ":0$" | grep -v "/migrations/" |grep -v "troggle-inspectdb.py"| awk -F ":" '{ sum +=$2; print $2, $1; } END {print sum}'| sort -n > lines-of-python.txt +# fix this as core/utils.py has 28,000 lines of numbers. +find . -name \*.html -print0 | xargs -0 egrep -vc "#|^\s*$" | grep -v ":0$" | grep -v ".venv" | awk -F ":" '{ sum +=$2; print $2, $1; } END {print sum}'| sort -n > lines-of-templates.txt +find . -name \*.py -print0 | xargs -0 egrep -vc "#|^\s*$" | grep -v ":0$" | grep -v ".venv" | grep -v "/migrations/" |grep -v "troggle-inspectdb.py"| awk -F ":" '{ sum +=$2; print $2, $1; } END {print sum}'| sort -n > lines-of-python.txt +echo "** Run reset-django.py - which deletes the database" # This deletes the database so must run after generating troggle-inspectdb.py -$PYTHON troggle/reset-django.py +$PYTHON reset-django.py echo "** After cleanup deletion, remake all migrations." -$PYTHON troggle/manage.py makemigrations >/dev/null -$PYTHON troggle/manage.py migrate +$PYTHON manage.py makemigrations >/dev/null +$PYTHON manage.py migrate echo "** Now running self check" -$PYTHON troggle/manage.py check -v 3 --deploy 2>security-warnings.txt >/dev/null -$PYTHON troggle/manage.py check -v 3 --deploy +$PYTHON manage.py check -v 3 --deploy 2>security-warnings.txt >/dev/null +$PYTHON manage.py check -v 3 --deploy echo "** Now running test suite" -$PYTHON troggle/manage.py test -v 1 +# $PYTHON manage.py test -v 1 echo "" -echo `tail -1 lines-of-python.txt` non-comment lines of python. +echo `tail -1 lines-of-python.txt` non-comment lines of python. But core/utils.py has 28,000 lines of numbers. echo `tail -1 lines-of-templates.txt` non-comment lines of HTML templates. echo '** If you have an error running manage.py, maybe you are not in an activated venv ?' \ No newline at end of file diff --git a/reset-django.py b/reset-django.py index d822d07..c363927 100644 --- a/reset-django.py +++ b/reset-django.py @@ -1,5 +1,6 @@ import os import shutil +from pathlib import Path """Cleans all django-created files and compiled python. Used by the pre-run.sh script which cleans and initialises everything before @@ -47,7 +48,11 @@ def delete_migrations(): if folder.endswith("migrations"): for item in os.listdir(folder): if not item.endswith("__init__.py"): - os.remove(os.path.join(folder, item)) + fullitem = Path(folder, item) + if fullitem.is_dir(): + print(f"__ directory {item} in {folder} not deleted") + else: + os.remove(os.path.join(folder, item)) print("All migration files deleted.") return None diff --git a/security-warnings.txt b/security-warnings.txt index 1aa9a9f..90aef32 100644 --- a/security-warnings.txt +++ b/security-warnings.txt @@ -1,44 +1,10 @@ -Traceback (most recent call last): - File "/home/philip/expo/troggle/manage.py", line 23, in - execute_from_command_line(sys.argv) - ~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^ - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line - utility.execute() - ~~~~~~~~~~~~~~~^^ - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/core/management/__init__.py", line 416, in execute - django.setup() - ~~~~~~~~~~~~^^ - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/__init__.py", line 24, in setup - apps.populate(settings.INSTALLED_APPS) - ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^ - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/apps/registry.py", line 91, in populate - app_config = AppConfig.create(entry) - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/apps/config.py", line 123, in create - mod = import_module(mod_path) - File "/home/philip/.local/share/uv/python/cpython-3.13.1-linux-x86_64-gnu/lib/python3.13/importlib/__init__.py", line 88, in import_module - return _bootstrap._gcd_import(name[level:], package, level) - ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - File "", line 1387, in _gcd_import - File "", line 1360, in _find_and_load - File "", line 1331, in _find_and_load_unlocked - File "", line 935, in _load_unlocked - File "", line 1026, in exec_module - File "", line 488, in _call_with_frames_removed - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/contrib/auth/apps.py", line 8, in - from .checks import check_middleware, check_models_permissions, check_user_model - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/contrib/auth/checks.py", line 9, in - from .management import _get_builtin_permissions - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/contrib/auth/management/__init__.py", line 10, in - from django.contrib.contenttypes.management import create_contenttypes - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/contrib/contenttypes/management/__init__.py", line 2, in - from django.db import DEFAULT_DB_ALIAS, IntegrityError, migrations, router, transaction - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/db/migrations/__init__.py", line 2, in - from .operations import * # NOQA - ^^^^^^^^^^^^^^^^^^^^^^^^^ - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/db/migrations/operations/__init__.py", line 2, in - from .models import ( - ...<15 lines>... - ) - File "/home/philip/expo/troggle/.venv/lib/python3.13/site-packages/django/db/migrations/operations/models.py", line 3, in - from django.db.migrations.state import ModelState -ModuleNotFoundError: No module named 'django.db.migrations.state' +System check identified some issues: + +WARNINGS: +?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_REFERRER_POLICY, SECURE_CROSS_ORIGIN_OPENER_POLICY, and SECURE_SSL_REDIRECT settings will have no effect. +?: (security.W009) Your SECRET_KEY has less than 50 characters, less than 5 unique characters, or it's prefixed with 'django-insecure-' indicating that it was generated automatically by Django. Please generate a long and random value, otherwise many of Django's security-critical features will be vulnerable to attack. +?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. +?: (security.W016) You have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token. +?: (security.W018) You should not have DEBUG set to True in deployment. + +System check identified 5 issues (0 silenced). diff --git a/troggle-grep.txt b/troggle-grep.txt new file mode 100644 index 0000000..87e396b --- /dev/null +++ b/troggle-grep.txt @@ -0,0 +1 @@ +(reverse-i-search)`grep': grep -nir --exclude="*.js" --exclude="*.css" --exclude="*.pyc" --exclude="*.pem" --exclude="*.sqlite" --exclude="*.html" --exclude="*.json" "FORM Logbook Edit" * \ No newline at end of file