From 25ab186cf0ad85f08dc8c2a4a66968cb4ae8585d Mon Sep 17 00:00:00 2001 From: Keith Kraus Date: Wed, 23 Apr 2025 22:03:46 -0400 Subject: [PATCH 1/2] Add bandit config to skip some unnecessary tests, add some fixes, and mark some nosecs --- .bandit | 2 ++ .pre-commit-config.yaml | 3 +++ cuda_bindings/tests/test_cuda.py | 9 +++++---- cuda_core/tests/example_tests/utils.py | 3 ++- cuda_python/setup.py | 7 ++++--- 5 files changed, 16 insertions(+), 8 deletions(-) create mode 100644 .bandit diff --git a/.bandit b/.bandit new file mode 100644 index 0000000000..9c57da5710 --- /dev/null +++ b/.bandit @@ -0,0 +1,2 @@ +[bandit] +skips = B101,B311 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 185a365e3b..c3c01ce160 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -20,6 +20,9 @@ repos: rev: 8ff25e07e487f143571cc305e56dd0253c60bc7b #v1.8.3 hooks: - id: bandit + args: + - --ini + - .bandit default_language_version: python: python3 diff --git a/cuda_bindings/tests/test_cuda.py b/cuda_bindings/tests/test_cuda.py index 7f92aefe24..f49945722b 100644 --- a/cuda_bindings/tests/test_cuda.py +++ b/cuda_bindings/tests/test_cuda.py @@ -647,7 +647,8 @@ def test_get_error_name_and_string(): @pytest.mark.skipif(not callableBinary("nvidia-smi"), reason="Binary existance needed") def test_device_get_name(): - import subprocess + # TODO: Refactor this test once we have nvml bindings to avoid the use of subprocess + import subprocess # nosec B404 (err,) = cuda.cuInit(0) assert err == cuda.CUresult.CUDA_SUCCESS @@ -656,9 +657,9 @@ def test_device_get_name(): err, ctx = cuda.cuCtxCreate(0, device) assert err == cuda.CUresult.CUDA_SUCCESS - p = subprocess.run( - ["nvidia-smi", "--query-gpu=name", "--format=csv,noheader"], stdout=subprocess.PIPE, stderr=subprocess.PIPE - ) + p = subprocess.check_output( + ["nvidia-smi", "--query-gpu=name", "--format=csv,noheader"], shell=False, stderr=subprocess.PIPE + ) # nosec B603, B607 delimiter = b"\r\n" if platform.system() == "Windows" else b"\n" expect = p.stdout.split(delimiter) diff --git a/cuda_core/tests/example_tests/utils.py b/cuda_core/tests/example_tests/utils.py index 43982feece..3b8e9b2365 100644 --- a/cuda_core/tests/example_tests/utils.py +++ b/cuda_core/tests/example_tests/utils.py @@ -33,7 +33,8 @@ def run_example(samples_path, filename, env=None): sys.argv = [fullpath] old_sys_path = sys.path.copy() sys.path.append(samples_path) - exec(script, env if env else {}) + # TODO: Refactor the examples to give them a common callable `main()` to avoid needing to use exec here? + exec(script, env if env else {}) # nosec B102 except ImportError as e: # for samples requiring any of optional dependencies for m in ("cupy",): diff --git a/cuda_python/setup.py b/cuda_python/setup.py index 7cddd8fd1a..8102cd11c9 100644 --- a/cuda_python/setup.py +++ b/cuda_python/setup.py @@ -2,15 +2,16 @@ # # SPDX-License-Identifier: LicenseRef-NVIDIA-SOFTWARE-LICENSE +import ast from setuptools import setup # We want to keep the version in sync with cuda.bindings, but setuptools would not let # us to refer to any files outside of the project root, so we have to employ our own # run-time lookup using setup()... with open("../cuda_bindings/cuda/bindings/_version.py") as f: - exec(f.read()) -version = __version__ # noqa: F821 -del __version__ # noqa: F821 + for line in f: + if line.startswith("__version__"): + version = ast.parse(line).body[0].value.value setup( version=version, From 83a89d3489d31b00ac1c238a26efe32cd51c4971 Mon Sep 17 00:00:00 2001 From: Keith Kraus Date: Wed, 23 Apr 2025 23:15:50 -0400 Subject: [PATCH 2/2] fix handling output of subprocess.check_output command --- cuda_bindings/tests/test_cuda.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cuda_bindings/tests/test_cuda.py b/cuda_bindings/tests/test_cuda.py index f49945722b..3f28d55f65 100644 --- a/cuda_bindings/tests/test_cuda.py +++ b/cuda_bindings/tests/test_cuda.py @@ -662,7 +662,7 @@ def test_device_get_name(): ) # nosec B603, B607 delimiter = b"\r\n" if platform.system() == "Windows" else b"\n" - expect = p.stdout.split(delimiter) + expect = p.split(delimiter) size = 64 _, got = cuda.cuDeviceGetName(size, device) got = got.split(b"\x00")[0]