Benchmarking and pentesting (BI, Hawkeye) + update requirements

benchmark/reports/hawkeye/hawkeye-results-app.json

@@ -1,44 +1,37 @@
 [
-  {
-    "module": "files-secrets",
-    "level": "medium",
-    "offender": "attr_auth_populate.sql",
-    "description": "SQL dump file",
-    "mitigation": "Check contents of the file"
-  },
-  {
-    "module": "files-secrets",
-    "level": "medium",
-    "offender": "populate.sql",
-    "description": "SQL dump file",
-    "mitigation": "Check contents of the file"
-  },
   {
     "module": "python-bandit",
     "level": "medium",
-    "offender": "./app/main.py lines 9",
+    "offender": "./main.py lines 9",
     "description": "hardcoded_bind_all_interfaces B104",
     "mitigation": "Possible binding to all interfaces. Review the file and fix the issue."
   },
   {
     "module": "python-bandit",
     "level": "low",
-    "offender": "./app/cli.py lines 2",
+    "offender": "./cli.py lines 2",
     "description": "blacklist B404",
     "mitigation": "Consider possible security implications associated with subprocess module. Review the file and fix the issue."
   },
   {
     "module": "python-bandit",
     "level": "low",
-    "offender": "./app/cli.py lines 14",
+    "offender": "./cli.py lines 14",
     "description": "subprocess_without_shell_equals_true B603",
     "mitigation": "subprocess call - check for execution of untrusted input. Review the file and fix the issue."
   },
   {
     "module": "python-bandit",
     "level": "low",
-    "offender": "./app/cli.py lines 14",
+    "offender": "./cli.py lines 14",
     "description": "start_process_with_partial_path B607",
     "mitigation": "Starting a process with a partial executable path Review the file and fix the issue."
+  },
+  {
+    "module": "python-piprot",
+    "level": "high",
+    "offender": "pytest",
+    "description": "Module is one or more major versions out of date",
+    "mitigation": "Upgrade to v4.3.1 (Current: v3.8.0)"
   }
 ]

benchmark/reports/hawkeye/hawkeye-results-client.json

@@ -18,13 +18,20 @@
     "level": "low",
     "offender": "user/commands.py",
     "description": "Potential password in file",
-    "mitigation": "Check line number: 115"
+    "mitigation": "Check line number: 116"
   },
   {
     "module": "files-secrets",
     "level": "low",
     "offender": "password_hashing.py",
     "description": "Contains word: password",
     "mitigation": "Check contents of the file"
+  },
+  {
+    "module": "python-piprot",
+    "level": "high",
+    "offender": "pytest",
+    "description": "Module is one or more major versions out of date",
+    "mitigation": "Upgrade to v4.3.1 (Current: v3.8.0)"
   }
 ]

benchmark/test_blind_index.py

@@ -60,7 +60,7 @@ def create_data():
     Base.metadata.create_all(dal.engine)
 
     rows = []
-    rows_num = 10
+    rows_num = 10000
     global searched_row
     global searched_name
 

requirements.txt

@@ -38,7 +38,7 @@ MarkupSafe==1.1.1
 matplotlib==3.0.3
 mccabe==0.6.1
 mmh3==2.5.1
-more-itertools==6.0.0
+more-itertools==7.0.0
 msgpack==0.6.1
 numpy==1.16.2
 oauth2client==4.1.3
@@ -58,10 +58,10 @@ pyope==0.2.2
 pyparsing==2.3.1
 pytest==3.8.0
 pytest-benchmark==3.2.2
-pytest-cov==2.6.0
+pytest-cov==2.6.1
 pytest-html==1.20.0
 pytest-metadata==1.8.0
-pytest-mock==1.10.0
+pytest-mock==1.10.3
 python-dateutil==2.8.0
 python3-openid==3.1.0
 pytz==2018.9