update pre-commit hooks

Author: gruebel

.pre-commit-config.yaml

@@ -1,10 +1,10 @@
 repos:
   - repo: https://github.com/rhysd/actionlint
-    rev: v1.7.6
+    rev: v1.7.7
     hooks:
       - id: actionlint-docker
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.8.6
+    rev: v0.9.4
     hooks:
       - id: ruff
         files: ^(cloudsplaining/|setup.py)

cloudsplaining/command/create_exclusions_file.py

@@ -41,8 +41,8 @@ def create_exclusions_file(output_file: str, verbosity: int) -> None:
     set_log_level(verbosity)
 
     with open(output_file, "a", encoding="utf-8") as file_obj:
-        for line in EXCLUSIONS_TEMPLATE:
-            file_obj.write(line)
+        file_obj.write(EXCLUSIONS_TEMPLATE)
+
     utils.print_green(f"Success! Exclusions template file written to: {output_file}")
     print(
         "Make sure you download your account authorization details before running the scan."

cloudsplaining/command/create_multi_account_config_file.py

@@ -47,8 +47,8 @@ def create_multi_account_config_file(output_file: str, verbosity: int) -> None:
         os.remove(output_file)
 
     with open(output_file, "a", encoding="utf-8") as file_obj:
-        for line in MULTI_ACCOUNT_CONFIG_TEMPLATE:
-            file_obj.write(line)
+        file_obj.write(MULTI_ACCOUNT_CONFIG_TEMPLATE)
+
     utils.print_green(f"Success! Multi-account config file written to: {os.path.relpath(output_file)}")
     print(
         f"\nMake sure you edit the {os.path.relpath(output_file)} file and then run the scan-multi-account command, as shown below."

cloudsplaining/scan/inline_policy.py

@@ -70,7 +70,7 @@ def getFindingLinks(self, findings: list[dict[str, Any]]) -> dict[str, str]:  #
         links = {}
         for finding in findings:
             links[finding["type"]] = (
-                f'https://cloudsplaining.readthedocs.io/en/latest/glossary/privilege-escalation/#{finding["type"]}'
+                f"https://cloudsplaining.readthedocs.io/en/latest/glossary/privilege-escalation/#{finding['type']}"
             )
         return links
 

cloudsplaining/scan/managed_policy_detail.py

@@ -244,7 +244,7 @@ def getFindingLinks(self, findings: list[dict[str, Any]]) -> dict[Any, str]:  #
         links = {}
         for finding in findings:
             links[finding["type"]] = (
-                f'https://cloudsplaining.readthedocs.io/en/latest/glossary/privilege-escalation/#{finding["type"]}'
+                f"https://cloudsplaining.readthedocs.io/en/latest/glossary/privilege-escalation/#{finding['type']}"
             )
         return links
 

cloudsplaining/scan/statement_detail.py

@@ -241,8 +241,7 @@ def missing_resource_constraints(self, exclusions: Exclusions = DEFAULT_EXCLUSIO
         # Fix #390 - if flag_resource_arn_statements is True, then let's treat this as missing resource constraints so we can flag the action anyway.
         elif self.flag_resource_arn_statements:
             actions_missing_resource_constraints = self.restrictable_actions
-        else:
-            pass
+
         result = exclusions.get_allowed_actions(actions_missing_resource_constraints)
         result.sort()
         return result

setup.py

@@ -68,5 +68,5 @@ def get_description() -> str:
     entry_points={"console_scripts": "cloudsplaining=cloudsplaining.bin.cli:main"},
     zip_safe=True,
     keywords="aws iam roles policy policies privileges security",
-    python_requires=">=3.8",
+    python_requires=">=3.9",
 )

test/command/test_scan.py

@@ -16,7 +16,7 @@ def test_scan_example_file_with_click(self):
         )
         input_file = os.path.join(examples_directory, "files", "example.json")
         exclusions_file = os.path.join(examples_directory, "example-exclusions.yml")
-        command = f"--input-file {input_file} " f"--exclusions-file {exclusions_file} " "--skip-open-report " "-v"
+        command = f"--input-file {input_file} --exclusions-file {exclusions_file} --skip-open-report -v"
         args = shlex.split(command)
         response = self.runner.invoke(cli=scan, args=args)
         # print(response.output)