5 add prometheus exporter for metrics by carnivuth · Pull Request #189 · BlessedRebuS/Krawl

carnivuth · 2026-05-02T21:13:34Z

closes #5, still wip, we need to figure out which metrics are useful from an application perspective

added prometheus dependency
added prometheus ASGI application init
added function to initialize prometheus metrics
removed unused imports
added krawl_clients_total metric

github-actions · 2026-05-03T14:24:31Z

Ruff — lint & security issues

The following issues were found by Ruff (includes linting rules and security checks via S / Bandit rules).

View full report

src/app.py:
    8:1  I001 [*] Import block is un-sorted or un-formatted
   42:29 F541 [*] f-string without any placeholders
  116:5  I001 [*] Import block is un-sorted or un-formatted
  140:38 UP015 [*] Unnecessary mode argument
  147:16 UP024 [*] Replace aliased errors with `OSError`
  276:5  I001 [*] Import block is un-sorted or un-formatted

src/config.py:
    3:1  I001 [*] Import block is un-sorted or un-formatted
    7:1  UP035 `typing.Tuple` is deprecated, use `tuple` instead
    8:22 F401 [*] `zoneinfo.ZoneInfo` imported but unused
   11:8  F401 [*] `socket` imported but unused
   12:8  F811 [*] Redefinition of unused `time` from line 9: `time` redefined here
   12:8  F401 [*] `time` imported but unused
   28:30 S105 Possible hardcoded password assigned to: "postgres_password"
   35:21 UP045 [*] Use `X | None` for type annotations
   43:25 UP006 [*] Use `tuple` instead of `Tuple` for type annotation
   44:27 UP006 [*] Use `tuple` instead of `Tuple` for type annotation
   47:23 UP045 [*] Use `X | None` for type annotations
   50:25 UP045 [*] Use `X | None` for type annotations
   91:25 UP045 [*] Use `X | None` for type annotations
   92:17 UP045 [*] Use `X | None` for type annotations
  100:17 UP045 [*] Use `X | None` for type annotations
  142:32 UP045 [*] Use `X | None` for type annotations
  153:36 UP015 [*] Unnecessary mode argument
  160:17 F541 [*] f-string without any placeholders
  182:9  F841 Local variable `api` is assigned to but never used
  339:20 E721 Use `is` and `is not` for type comparisons, or `isinstance()` for isinstance checks
  341:22 E721 Use `is` and `is not` for type comparisons, or `isinstance()` for isinstance checks
  343:22 E721 Use `is` and `is not` for type comparisons, or `isinstance()` for isinstance checks
  346:36 UP006 [*] Use `tuple` instead of `Tuple` for type annotation

src/dashboard_cache.py:
   87:29 UP045 [*] Use `X | None` for type annotations
  117:35 UP045 [*] Use `X | None` for type annotations
  160:35 UP045 [*] Use `X | None` for type annotations

src/database.py:
     8:1  I001 [*] Import block is un-sorted or un-formatted
    11:1  UP035 `typing.List` is deprecated, use `list` instead
    11:1  UP035 `typing.Dict` is deprecated, use `dict` instead
    42:1  E402 Module level import not at top of file
    43:1  E402 Module level import not at top of file
   269:23 UP045 [*] Use `X | None` for type annotations
   269:32 UP006 [*] Use `list` instead of `List` for type annotation
   270:27 UP045 [*] Use `X | None` for type annotations
   270:36 UP006 [*] Use `dict` instead of `Dict` for type annotation
   271:22 UP045 [*] Use `X | None` for type annotations
   428:19 UP045 [*] Use `X | None` for type annotations
   429:19 UP045 [*] Use `X | None` for type annotations
   430:10 UP045 [*] Use `X | None` for type annotations
   736:27 UP006 [*] Use `dict` instead of `Dict` for type annotation
   738:26 UP006 [*] Use `dict` instead of `Dict` for type annotation
   831:23 UP045 [*] Use `X | None` for type annotations
   854:48 UP006 [*] Use `list` instead of `List` for type annotation
   854:53 UP006 [*] Use `dict` instead of `Dict` for type annotation
   891:18 UP006 [*] Use `dict` instead of `Dict` for type annotation
   892:15 UP045 [*] Use `X | None` for type annotations
   893:19 UP045 [*] Use `X | None` for type annotations
   894:20 UP045 [*] Use `X | None` for type annotations
   895:18 UP045 [*] Use `X | None` for type annotations
   896:17 UP045 [*] Use `X | None` for type annotations
   897:22 UP045 [*] Use `X | None` for type annotations
   898:19 UP045 [*] Use `X | None` for type annotations
   899:14 UP045 [*] Use `X | None` for type annotations
   900:18 UP045 [*] Use `X | None` for type annotations
   901:19 UP045 [*] Use `X | None` for type annotations
   902:21 UP045 [*] Use `X | None` for type annotations
   958:29 F841 [*] Local variable `e` is assigned to but never used
   964:55 UP006 [*] Use `list` instead of `List` for type annotation
  1013:47 UP006 [*] Use `list` instead of `List` for type annotation
  1027:25 E712 Avoid equality comparisons to `True`; use `IpStats.need_reevaluation:` for truth checks
  1060:21 E712 Avoid equality comparisons to `False`; use `not IpStats.need_reevaluation:` for false checks
  1061:21 E712 Avoid equality comparisons to `False`; use `not IpStats.manual_category:` for false checks
  1070:29 F841 [*] Local variable `e` is assigned to but never used
  1089:21 E712 Avoid equality comparisons to `False`; use `not IpStats.need_reevaluation:` for false checks
  1090:21 E712 Avoid equality comparisons to `False`; use `not IpStats.manual_category:` for false checks
  1099:29 F841 [*] Local variable `e` is assigned to but never used
  1109:20 UP045 [*] Use `X | None` for type annotations
  1111:24 UP045 [*] Use `X | None` for type annotations
  1113:10 UP006 [*] Use `dict` instead of `Dict` for type annotation
  1145:38 E712 Avoid equality comparisons to `True`; use `AccessLog.is_suspicious:` for truth checks
  1157:50 E712 Avoid equality comparisons to `True`; use `AccessLog.is_suspicious:` for truth checks
  1192:20 UP045 [*] Use `X | None` for type annotations
  1194:24 UP045 [*] Use `X | None` for type annotations
  1195:10 UP006 [*] Use `list` instead of `List` for type annotation
  1195:15 UP006 [*] Use `dict` instead of `Dict` for type annotation
  1220:38 E712 Avoid equality comparisons to `True`; use `AccessLog.is_suspicious:` for truth checks
  1245:61 UP045 [*] Use `X | None` for type annotations
  1246:10 UP006 [*] Use `list` instead of `List` for type annotation
  1246:15 UP006 [*] Use `dict` instead of `Dict` for type annotation
  1283:49 UP006 [*] Use `list` instead of `List` for type annotation
  1283:54 UP006 [*] Use `dict` instead of `Dict` for type annotation
  1326:46 UP045 [*] Use `X | None` for type annotations
  1326:55 UP006 [*] Use `dict` instead of `Dict` for type annotation
  1401:10 UP006 [*] Use `dict` instead of `Dict` for type annotation
  1498:21 UP045 [*] Use `X | None` for type annotations
  1498:30 UP006 [*] Use `list` instead of `List` for type annotation
  1499:10 UP006 [*] Use `dict` instead of `Dict` for type annotation
  1603:46 UP006 [*] Use `list` instead of `List` for type annotation
  1603:60 UP006 [*] Use `list` instead of `List` for type annotation
  1618:29 E712 Avoid equality comparisons to `True`; use `IpStats.ban_override:` for truth checks
  1621:21 E712 Avoid equality comparisons to `True`; use `IpStats.ban_override:` for truth checks
  1628:62 UP045 [*] Use `X | None` for type annotations
  1634:39 UP006 [*] Use `dict` instead of `Dict` for type annotation
  1674:34 E712 Avoid equality comparisons to `True`; use `AccessLog.is_suspicious:` for truth checks
  1678:27 E712 Avoid equality comparisons to `True`; use `AccessLog.is_honeypot_trigger:` for truth checks
  1682:31 E712 Avoid equality comparisons to `True`; use `AccessLog.is_honeypot_trigger:` for truth checks
  1707:47 UP006 [*] Use `list` instead of `List` for type annotation
  1732:69 UP006 [*] Use `list` instead of `List` for type annotation
  1759:75 UP006 [*] Use `list` instead of `List` for type annotation
  1787:57 UP006 [*] Use `list` instead of `List` for type annotation
  1787:62 UP006 [*] Use `dict` instead of `Dict` for type annotation
  1806:25 E712 Avoid equality comparisons to `True`; use `AccessLog.is_suspicious:` for truth checks
  1825:45 UP006 [*] Use `list` instead of `List` for type annotation
  1838:25 E712 Avoid equality comparisons to `True`; use `AccessLog.is_honeypot_trigger:` for truth checks
  1844:23 UP006 [*] Use `dict` instead of `Dict` for type annotation
  1844:33 UP006 [*] Use `list` instead of `List` for type annotation
  1854:54 UP006 [*] Use `list` instead of `List` for type annotation
  1854:59 UP006 [*] Use `dict` instead of `Dict` for type annotation
  1895:10 UP006 [*] Use `dict` instead of `Dict` for type annotation
  1920:17 E712 Avoid equality comparisons to `True`; use `AccessLog.is_honeypot_trigger:` for truth checks
  1927:17 E712 Avoid equality comparisons to `True`; use `AccessLog.is_honeypot_trigger:` for truth checks
  1953:25 E712 Avoid equality comparisons to `True`; use `AccessLog.is_honeypot_trigger:` for truth checks
  1959:27 UP006 [*] Use `dict` instead of `Dict` for type annotation
  1959:37 UP006 [*] Use `list` instead of `List` for type annotation
  1990:10 UP006 [*] Use `dict` instead of `Dict` for type annotation
  2070:17 UP045 [*] Use `X | None` for type annotations
  2071:21 UP045 [*] Use `X | None` for type annotations
  2071:30 UP006 [*] Use `list` instead of `List` for type annotation
  2072:10 UP006 [*] Use `dict` instead of `Dict` for type annotation
  2159:17 UP045 [*] Use `X | None` for type annotations
  2162:10 UP006 [*] Use `dict` instead of `Dict` for type annotation
  2190:38 E712 Avoid equality comparisons to `True`; use `AccessLog.is_honeypot_trigger:` for truth checks
  2242:17 UP045 [*] Use `X | None` for type annotations
  2244:10 UP006 [*] Use `dict` instead of `Dict` for type annotation
  2324:20 UP045 [*] Use `X | None` for type annotations
  2325:29 UP045 [*] Use `X | None` for type annotations
  2326:10 UP006 [*] Use `dict` instead of `Dict` for type annotation
  2426:53 UP045 [*] Use `X | None` for type annotations
  2447:10 UP006 [*] Use `dict` instead of `Dict` for type annotation
  2489:10 UP006 [*] Use `dict` instead of `Dict` for type annotation
  2546:40 F401 [*] `sqlalchemy.literal_column` imported but unused
  2646:10 UP006 [*] Use `dict` instead of `Dict` for type annotation
  2794:51 UP045 [*] Use `X | None` for type annotations
  2852:10 UP006 [*] Use `dict` instead of `Dict` for type annotation
  2964:10 UP006 [*] Use `dict` instead of `Dict` for type annotation
  3013:10 UP006 [*] Use `dict` instead of `Dict` for type annotation
  3126:9  I001 [*] Import block is un-sorted or un-formatted
  3186:9  I001 [*] Import block is un-sorted or un-formatted
  3207:13 B904 Within an `except` clause, raise exceptions with `raise ... from err` or `raise ... from None` to distinguish them from errors in exception handling

src/deception_responses.py:
    3:1  I001 [*] Import block is un-sorted or un-formatted
    7:1  UP035 `typing.Tuple` is deprecated, use `tuple` instead
    7:1  UP035 `typing.Dict` is deprecated, use `dict` instead
    7:37 F401 [*] `typing.Dict` imported but unused
   66:22 F541 [*] f-string without any placeholders
   69:18 F541 [*] f-string without any placeholders
  190:52 UP006 [*] Use `tuple` instead of `Tuple` for type annotation
  218:41 UP006 [*] Use `tuple` instead of `Tuple` for type annotation
  275:61 UP006 [*] Use `tuple` instead of `Tuple` for type annotation
  380:56 UP045 [*] Use `X | None` for type annotations
  409:6  UP006 [*] Use `tuple` instead of `Tuple` for type annotation
  448:6  UP006 [*] Use `tuple` instead of `Tuple` for type annotation
  448:12 UP045 [*] Use `X | None` for type annotations
  448:27 UP045 [*] Use `X | None` for type annotations
  448:42 UP045 [*] Use `X | None` for type annotations
  505:22 F541 [*] f-string without any placeholders
  566:32 UP006 [*] Use `tuple` instead of `Tuple` for type annotation
  624:19 F541 [*] f-string without any placeholders
  632:6  UP045 [*] Use `X | None` for type annotations
  632:15 UP006 [*] Use `tuple` instead of `Tuple` for type annotation
  647:21 F541 [*] f-string without any placeholders

src/dependencies.py:
   8:1  I001 [*] Import block is un-sorted or un-formatted
  18:20 F401 [*] `logger.get_app_logger` imported but unused
  18:36 F401 [*] `logger.get_access_logger` imported but unused
  18:55 F401 [*] `logger.get_credential_logger` imported but unused
  81:12 S104 Possible binding to all interfaces
  90:16 F541 [*] f-string without any placeholders

src/firewall/fwtype.py:
  2:1  UP035 `typing.Dict` is deprecated, use `dict` instead
  2:1  UP035 `typing.Type` is deprecated, use `type` instead
  9:16 UP006 [*] Use `dict` instead of `Dict` for type annotation
  9:26 UP006 [*] Use `type` instead of `Type` for type annotation

src/firewall/iptables.py:
  1:1 UP035 [*] Import from `typing` instead: `override`
  1:1 I001 [*] Import block is un-sorted or un-formatted

src/firewall/nftables.py:
  1:1 UP035 [*] Import from `typing` instead: `override`
  1:1 I001 [*] Import block is un-sorted or un-formatted

src/firewall/raw.py:
  1:1 UP035 [*] Import from `typing` instead: `override`
  1:1 I001 [*] Import block is un-sorted or un-formatted

src/generative_ai.py:
    9:1  I001 [*] Import block is un-sorted or un-formatted
    9:8  F401 [*] `json` imported but unused
   14:1  UP035 `typing.Tuple` is deprecated, use `tuple` instead
   14:1  UP035 `typing.List` is deprecated, use `list` instead
   23:27 UP045 [*] Use `X | None` for type annotations
   23:36 UP006 [*] Use `list` instead of `List` for type annotation
   26:19 UP045 [*] Use `X | None` for type annotations
   53:22 UP045 [*] Use `X | None` for type annotations
  134:5  I001 [*] Import block is un-sorted or un-formatted
  142:5  F841 Local variable `today` is assigned to but never used
  156:33 UP006 [*] Use `list` instead of `List` for type annotation
  179:40 UP015 [*] Unnecessary mode argument
  230:46 UP045 [*] Use `X | None` for type annotations
  462:12 UP041 [*] Replace aliased errors with `TimeoutError`
  475:6  UP006 [*] Use `tuple` instead of `Tuple` for type annotation
  508:28 F541 [*] f-string without any placeholders
  627:5  S110 `try`-`except`-`pass` detected, consider logging the exception

src/generators.py:
    7:1  I001 [*] Import block is un-sorted or un-formatted
   18:12 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   18:50 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   25:25 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   26:20 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   26:57 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   27:20 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   27:56 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   28:25 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   30:12 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   38:26 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   47:12 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   53:19 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   54:12 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   60:12 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   66:9  B007 Loop control variable `i` not used within loop body
   66:20 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   80:9  B007 Loop control variable `i` not used within loop body
   80:20 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   91:20 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   99:25 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  111:23 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  116:23 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  118:17 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  123:23 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  127:23 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  129:17 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  149:29 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  157:39 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  158:26 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  167:31 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  178:29 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  187:25 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  195:29 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  196:26 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  202:32 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  203:8  S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  204:25 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  211:32 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  212:32 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  227:13 S311 Standard pseudo-random generators are not suitable for cryptographic purposes

src/geo_utils.py:
   6:1  I001 [*] Import block is un-sorted or un-formatted
   8:1  UP035 `typing.Dict` is deprecated, use `dict` instead
  14:46 UP045 [*] Use `X | None` for type annotations
  14:55 UP006 [*] Use `dict` instead of `Dict` for type annotation
  59:53 UP045 [*] Use `X | None` for type annotations
  59:62 UP006 [*] Use `dict` instead of `Dict` for type annotation
  90:46 UP045 [*] Use `X | None` for type annotations
  90:55 UP006 [*] Use `dict` instead of `Dict` for type annotation

src/ip_utils.py:
  39:28 S104 Possible binding to all interfaces
  46:44 UP045 [*] Use `X | None` for type annotations

src/logger.py:
  8:1 I001 [*] Import block is un-sorted or un-formatted

src/middleware/deception.py:
  8:1 I001 [*] Import block is un-sorted or un-formatted

src/migrations/add_category_history.py:
  13:1  I001 [*] Import block is un-sorted or un-formatted
  13:36 F401 [*] `database.DatabaseManager` imported but unused
  14:20 F401 [*] `models.Base` imported but unused

src/migrations/add_performance_indexes.py:
  8:1 I001 [*] Import block is un-sorted or un-formatted

src/migrations/add_raw_request_column.py:
   8:1  I001 [*] Import block is un-sorted or un-formatted
  11:21 F401 [*] `pathlib.Path` imported but unused

src/migrations/runner.py:
   16:1  UP035 `typing.List` is deprecated, use `list` instead
   58:51 UP006 [*] Use `list` instead of `List` for type annotation
   77:53 UP006 [*] Use `list` instead of `List` for type annotation
  105:50 UP006 [*] Use `list` instead of `List` for type annotation
  151:14 UP006 [*] Use `list` instead of `List` for type annotation

src/models.py:
    8:1  I001 [*] Import block is un-sorted or un-formatted
    9:1  UP035 `typing.List` is deprecated, use `list` instead
    9:1  UP035 `typing.Dict` is deprecated, use `dict` instead
   56:24 UP045 [*] Use `X | None` for type annotations
   68:25 UP045 [*] Use `X | None` for type annotations
   71:31 UP006 [*] Use `list` instead of `List` for type annotation
  100:22 UP045 [*] Use `X | None` for type annotations
  103:22 UP045 [*] Use `X | None` for type annotations
  135:29 UP045 [*] Use `X | None` for type annotations
  173:26 UP045 [*] Use `X | None` for type annotations
  174:18 UP045 [*] Use `X | None` for type annotations
  175:21 UP045 [*] Use `X | None` for type annotations
  176:20 UP045 [*] Use `X | None` for type annotations
  177:25 UP045 [*] Use `X | None` for type annotations
  178:22 UP045 [*] Use `X | None` for type annotations
  179:17 UP045 [*] Use `X | None` for type annotations
  180:21 UP045 [*] Use `X | None` for type annotations
  181:22 UP045 [*] Use `X | None` for type annotations
  182:23 UP045 [*] Use `X | None` for type annotations
  183:17 UP045 [*] Use `X | None` for type annotations
  184:21 UP045 [*] Use `X | None` for type annotations
  187:22 UP045 [*] Use `X | None` for type annotations
  188:24 UP045 [*] Use `X | None` for type annotations
  189:21 UP045 [*] Use `X | None` for type annotations
  189:30 UP006 [*] Use `dict` instead of `Dict` for type annotation
  192:30 UP045 [*] Use `X | None` for type annotations
  193:31 UP045 [*] Use `X | None` for type annotations
  196:32 UP045 [*] Use `X | None` for type annotations
  201:30 UP006 [*] Use `dict` instead of `Dict` for type annotation
  203:29 UP006 [*] Use `dict` instead of `Dict` for type annotation
  212:27 UP045 [*] Use `X | None` for type annotations
  217:26 UP045 [*] Use `X | None` for type annotations
  243:26 UP045 [*] Use `X | None` for type annotations
  272:22 UP045 [*] Use `X | None` for type annotations
  274:26 UP045 [*] Use `X | None` for type annotations
  275:18 UP045 [*] Use `X | None` for type annotations
  276:23 UP045 [*] Use `X | None` for type annotations

src/routes/api.py:
    9:1 I001 [*] Import block is un-sorted or un-formatted
  713:5 I001 [*] Import block is un-sorted or un-formatted
  755:5 I001 [*] Import block is un-sorted or un-formatted

src/routes/dashboard.py:
  8:1 I001 [*] Import block is un-sorted or un-formatted

src/routes/honeypot.py:
    8:1  I001 [*] Import block is un-sorted or un-formatted
   10:8  F401 [*] `time` imported but unused
   12:26 F401 [*] `urllib.parse.urlparse` imported but unused
   12:46 F401 [*] `urllib.parse.unquote_plus` imported but unused
   18:5  F401 [*] `dependencies.get_tracker` imported but unused
   19:5  F401 [*] `dependencies.get_app_config` imported but unused
   24:21 F401 [*] `tracker.AccessTracker` imported but unused
  109:12 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  117:12 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  164:5  F841 Local variable `user_agent` is assigned to but never used
  165:5  F841 Local variable `tracker` is assigned to but never used
  167:5  F841 Local variable `app_logger` is assigned to but never used
  360:5  F841 Local variable `app_logger` is assigned to but never used
  603:21 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  631:17 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  646:21 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  647:36 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
  657:23 S311 Standard pseudo-random generators are not suitable for cryptographic purposes

src/routes/htmx.py:
  8:1 I001 [*] Import block is un-sorted or un-formatted

src/sanitizer.py:
    8:1  I001 [*] Import block is un-sorted or un-formatted
   10:1  UP035 `typing.Dict` is deprecated, use `dict` instead
   23:33 UP045 [*] Use `X | None` for type annotations
   51:24 UP045 [*] Use `X | None` for type annotations
   56:26 UP045 [*] Use `X | None` for type annotations
   61:32 UP045 [*] Use `X | None` for type annotations
   66:32 UP045 [*] Use `X | None` for type annotations
   71:36 UP045 [*] Use `X | None` for type annotations
   76:24 UP045 [*] Use `X | None` for type annotations
   94:34 UP045 [*] Use `X | None` for type annotations
  115:26 UP045 [*] Use `X | None` for type annotations
  115:35 UP006 [*] Use `dict` instead of `Dict` for type annotation

src/tasks/analyze_ips.py:
    1:1  I001 [*] Import block is un-sorted or un-formatted
  116:28 UP015 [*] Unnecessary mode argument

src/tasks/dashboard_warmup.py:
  8:1 I001 [*] Import block is un-sorted or un-formatted

src/tasks/db_dump.py:
   3:1  I001 [*] Import block is un-sorted or un-formatted
  90:18 S603 `subprocess` call: check for execution of untrusted input

src/tasks/db_retention.py:
   8:1  I001 [*] Import block is un-sorted or un-formatted
  37:9  I001 [*] Import block is un-sorted or un-formatted
  56:13 E712 Avoid equality comparisons to `False`; use `not AccessLog.is_suspicious:` for false checks
  57:13 E712 Avoid equality comparisons to `False`; use `not AccessLog.is_honeypot_trigger:` for false checks
  70:17 E712 Avoid equality comparisons to `False`; use `not AccessLog.is_suspicious:` for false checks
  71:17 E712 Avoid equality comparisons to `False`; use `not AccessLog.is_honeypot_trigger:` for false checks
  81:21 E712 Avoid equality comparisons to `True`; use `AccessLog.is_suspicious:` for truth checks
  82:21 E712 Avoid equality comparisons to `True`; use `AccessLog.is_honeypot_trigger:` for truth checks

src/tasks/fetch_ip_rep.py:
  1:1 I001 [*] Import block is un-sorted or un-formatted

src/tasks/flush_access_logs.py:
  11:1 I001 [*] Import block is un-sorted or un-formatted

src/tasks/pre_retention_cleanup.py:
   11:1  I001 [*] Import block is un-sorted or un-formatted
  165:21 E712 Avoid equality comparisons to `True`; use `AccessLog.is_suspicious:` for truth checks
  166:21 E712 Avoid equality comparisons to `False`; use `not AccessLog.is_honeypot_trigger:` for false checks

src/tasks_master.py:
   1:1 I001 [*] Import block is un-sorted or un-formatted
  10:5 F401 [*] `logger.initialize_logging` imported but unused
  12:5 F401 [*] `logger.get_access_logger` imported but unused
  13:5 F401 [*] `logger.get_credential_logger` imported but unused
  19:5 I001 [*] Import block is un-sorted or un-formatted

src/templates/__init__.py:
  7:1 I001 [*] Import block is un-sorted or un-formatted

src/templates/template_loader.py:
   9:1  UP035 `typing.Dict` is deprecated, use `dict` instead
  19:18 UP006 [*] Use `dict` instead of `Dict` for type annotation

src/tracker.py:
    3:1  UP035 `typing.Dict` is deprecated, use `dict` instead
    3:1  UP035 `typing.Tuple` is deprecated, use `tuple` instead
    3:1  I001 [*] Import block is un-sorted or un-formatted
   40:21 UP045 [*] Use `X | None` for type annotations
  100:21 UP045 [*] Use `X | None` for type annotations
  114:52 UP006 [*] Use `tuple` instead of `Tuple` for type annotation
  443:28 UP006 [*] Use `dict` instead of `Dict` for type annotation

src/wordlists.py:
  25:36 UP015 [*] Unnecessary mode argument

Found 369 errors.
[*] 261 fixable with the `--fix` option (35 hidden fixes can be enabled with the `--unsafe-fixes` option).

To fix auto-fixable issues locally:

ruff check --fix --unsafe-fixes src/

Then address any remaining S (security) findings manually.

github-actions · 2026-05-03T14:24:38Z

Bandit — security issues

No HIGH severity issues found.

Code scanned:
	Total lines of code: 9870
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 50
		Medium: 2
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 0
		Medium: 3
		High: 49
Files skipped (0):

View full report

Run started:2026-05-15 17:08:27.382480+00:00

Test results:
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: ''
   Severity: Low   Confidence: Medium
   CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b105_hardcoded_password_string.html
   Location: src/app.py:160:20
159	
160	    password_line = ""
161	    if config.dashboard_password_generated:

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: src/dependencies.py:81:11
80	
81	    return "0.0.0.0"
82	

--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b110_try_except_pass.html
   Location: src/generative_ai.py:627:4
626	            return False
627	    except Exception:
628	        pass  # If config fails, continue with other checks
629	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:18:11
17	    wl = get_wordlists()
18	    return random.choice(wl.username_prefixes) + random.choice(wl.username_suffixes)
19	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:18:49
17	    wl = get_wordlists()
18	    return random.choice(wl.username_prefixes) + random.choice(wl.username_suffixes)
19	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:25:24
24	    templates = [
25	        lambda: "".join(random.choices(string.ascii_letters + string.digits, k=12)),
26	        lambda: f"{random.choice(wl.password_prefixes)}{random.randint(100, 999)}!",

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:26:19
25	        lambda: "".join(random.choices(string.ascii_letters + string.digits, k=12)),
26	        lambda: f"{random.choice(wl.password_prefixes)}{random.randint(100, 999)}!",
27	        lambda: f"{random.choice(wl.simple_passwords)}{random.randint(1000, 9999)}",

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:26:56
25	        lambda: "".join(random.choices(string.ascii_letters + string.digits, k=12)),
26	        lambda: f"{random.choice(wl.password_prefixes)}{random.randint(100, 999)}!",
27	        lambda: f"{random.choice(wl.simple_passwords)}{random.randint(1000, 9999)}",

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:27:19
26	        lambda: f"{random.choice(wl.password_prefixes)}{random.randint(100, 999)}!",
27	        lambda: f"{random.choice(wl.simple_passwords)}{random.randint(1000, 9999)}",
28	        lambda: "".join(random.choices(string.ascii_lowercase, k=8)),

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:27:55
26	        lambda: f"{random.choice(wl.password_prefixes)}{random.randint(100, 999)}!",
27	        lambda: f"{random.choice(wl.simple_passwords)}{random.randint(1000, 9999)}",
28	        lambda: "".join(random.choices(string.ascii_lowercase, k=8)),

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:28:24
27	        lambda: f"{random.choice(wl.simple_passwords)}{random.randint(1000, 9999)}",
28	        lambda: "".join(random.choices(string.ascii_lowercase, k=8)),
29	    ]

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:30:11
29	    ]
30	    return random.choice(templates)()
31	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:38:25
37	        username = random_username()
38	    return f"{username}@{random.choice(wl.email_domains)}"
39	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:47:11
46	    wl = get_wordlists()
47	    return random.choice(wl.server_headers)
48	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:53:18
52	    wl = get_wordlists()
53	    key = "".join(random.choices(string.ascii_letters + string.digits, k=32))
54	    return random.choice(wl.api_key_prefixes) + key

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:54:11
53	    key = "".join(random.choices(string.ascii_letters + string.digits, k=32))
54	    return random.choice(wl.api_key_prefixes) + key
55	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:60:11
59	    wl = get_wordlists()
60	    return random.choice(wl.database_names)
61	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:66:19
65	    content = "# Production Credentials\n\n"
66	    for i in range(random.randint(3, 7)):
67	        username = random_username()

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:80:19
79	    content += "User Passwords:\n"
80	    for i in range(random.randint(5, 10)):
81	        username = random_username()

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:91:19
90	    users = []
91	    for i in range(random.randint(3, 8)):
92	        username = random_username()

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:99:24
98	                "password": random_password(),
99	                "role": random.choice(wl.user_roles),
100	                "api_token": random_api_key(),

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:111:22
110	            "public_key": "pk_live_"
111	            + "".join(random.choices(string.ascii_letters + string.digits, k=24)),
112	            "secret_key": random_api_key(),

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:116:22
115	            "access_key_id": "AKIA"
116	            + "".join(random.choices(string.ascii_uppercase + string.digits, k=16)),
117	            "secret_access_key": "".join(

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:118:16
117	            "secret_access_key": "".join(
118	                random.choices(string.ascii_letters + string.digits + "+/", k=40)
119	            ),

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:123:22
122	            "api_key": "SG."
123	            + "".join(random.choices(string.ascii_letters + string.digits, k=48))
124	        },

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:127:22
126	            "account_sid": "AC"
127	            + "".join(random.choices(string.ascii_lowercase + string.digits, k=32)),
128	            "auth_token": "".join(

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:129:16
128	            "auth_token": "".join(
129	                random.choices(string.ascii_lowercase + string.digits, k=32)
130	            ),

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:149:28
148	                    "email": random_email(username),
149	                    "role": random.choice(wl.user_roles),
150	                }

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:157:38
156	            {
157	                "users": random_users(random.randint(2, 5)),
158	                "total": random.randint(50, 500),

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:158:25
157	                "users": random_users(random.randint(2, 5)),
158	                "total": random.randint(50, 500),
159	            },

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:167:30
166	                    {
167	                        "id": random.randint(1, 100),
168	                        "name": random_username(),

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:178:28
177	                "database": {
178	                    "host": random.choice(wl.database_hosts),
179	                    "username": random_username(),

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:187:24
186	                    + "".join(
187	                        random.choices(string.ascii_uppercase + string.digits, k=16)
188	                    ),

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:195:28
194	            {
195	                "app_name": random.choice(wl.application_names),
196	                "debug": random.choice([True, False]),

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:196:25
195	                "app_name": random.choice(wl.application_names),
196	                "debug": random.choice([True, False]),
197	                "secret_key": random_api_key(),

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:202:31
201	        ),
202	        "/.env": f"""APP_NAME={random.choice(wl.application_names)}
203	DEBUG={random.choice(['true', 'false'])}

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:203:7
202	        "/.env": f"""APP_NAME={random.choice(wl.application_names)}
203	DEBUG={random.choice(['true', 'false'])}
204	APP_KEY=base64:{''.join(random.choices(string.ascii_letters + string.digits, k=32))}=

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:204:24
203	DEBUG={random.choice(['true', 'false'])}
204	APP_KEY=base64:{''.join(random.choices(string.ascii_letters + string.digits, k=32))}=
205	DB_CONNECTION=mysql

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:211:31
210	DB_PASSWORD={random_password()}
211	AWS_ACCESS_KEY_ID=AKIA{''.join(random.choices(string.ascii_uppercase + string.digits, k=16))}
212	AWS_SECRET_ACCESS_KEY={''.join(random.choices(string.ascii_letters + string.digits + '+/', k=40))}

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:212:31
211	AWS_ACCESS_KEY_ID=AKIA{''.join(random.choices(string.ascii_uppercase + string.digits, k=16))}
212	AWS_SECRET_ACCESS_KEY={''.join(random.choices(string.ascii_letters + string.digits + '+/', k=40))}
213	STRIPE_SECRET={random_api_key()}

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:227:12
226	    selected_files = [
227	        (f, random.randint(1024, 1024 * 1024))
228	        for f in random.sample(files, min(6, len(files)))

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/generators.py:228:17
227	        (f, random.randint(1024, 1024 * 1024))
228	        for f in random.sample(files, min(6, len(files)))
229	    ]

--------------------------------------------------
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   CWE: CWE-605 (https://cwe.mitre.org/data/definitions/605.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
   Location: src/ip_utils.py:39:27
38	            or ip.is_link_local
39	            or str(ip) in ("0.0.0.0", "::1")
40	        )

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/routes/honeypot.py:109:11
108	        return False
109	    return random.randint(1, 100) <= config.probability_error_codes
110	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/routes/honeypot.py:117:11
116	        error_codes = [400, 401, 403, 404, 500, 502, 503]
117	    return random.choice(error_codes)
118	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/routes/honeypot.py:603:20
602	    """Generate random word salad to confuse AI training data scrapers."""
603	    return " ".join(random.choice(_TARPIT_WORDS) for _ in range(n_words))
604	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/routes/honeypot.py:631:16
630	
631	    num_pages = random.randint(*config.links_per_page_range)
632	    content = ""

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/routes/honeypot.py:646:20
645	                [
646	                    random.choice(config.char_space)
647	                    for _ in range(random.randint(*config.links_length_range))

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/routes/honeypot.py:647:35
646	                    random.choice(config.char_space)
647	                    for _ in range(random.randint(*config.links_length_range))
648	                ]

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: src/routes/honeypot.py:657:22
656	        for _ in range(num_pages):
657	            address = random.choice(webpages)
658	            content += f"""

--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: src/tasks/db_dump.py:6:0
5	import sqlite3
6	import subprocess
7	from logger import get_app_logger

--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b603_subprocess_without_shell_equals_true.html
   Location: src/tasks/db_dump.py:90:17
89	    try:
90	        result = subprocess.run(
91	            cmd, env=env, capture_output=True, text=True, timeout=300
92	        )
93	        if result.returncode == 0:

--------------------------------------------------

Code scanned:
	Total lines of code: 9870
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 50
		Medium: 2
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 0
		Medium: 3
		High: 49
Files skipped (0):

…tegory counts

…ter-for-metrics

carnivuth linked an issue May 2, 2026 that may be closed by this pull request

Add Prometheus exporter for metrics #5

Open

BlessedRebuS changed the base branch from main to dev May 2, 2026 21:40

BlessedRebuS marked this pull request as draft May 2, 2026 22:17

BlessedRebuS marked this pull request as ready for review May 3, 2026 14:17

carnivuth added 5 commits May 3, 2026 16:19

added prometheus dependency

5e88504

added prometheus ASGI application init

6204dc2

added function to initialize prometheus metrics

9a5a456

removed unused imports

4d408ba

added krawl_clients_total metric

570f904

Lore09 force-pushed the 5-add-prometheus-exporter-for-metrics branch from 5916663 to 570f904 Compare May 3, 2026 14:24

Lore09 added 2 commits May 15, 2026 19:02

refactor: replace Counter with Gauge for client metrics and update ca…

27d6205

…tegory counts

Merge remote-tracking branch 'origin/dev' into 5-add-prometheus-expor…

f274f70

…ter-for-metrics

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

5 add prometheus exporter for metrics#189

5 add prometheus exporter for metrics#189
carnivuth wants to merge 7 commits into
devfrom
5-add-prometheus-exporter-for-metrics

carnivuth commented May 2, 2026

Uh oh!

github-actions Bot commented May 3, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented May 3, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

carnivuth commented May 2, 2026

Uh oh!

github-actions Bot commented May 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Ruff — lint & security issues

Uh oh!

github-actions Bot commented May 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Bandit — security issues

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

github-actions Bot commented May 3, 2026 •

edited

Loading

github-actions Bot commented May 3, 2026 •

edited

Loading