Change the scans to be pyansys scans

.github/workflows/scan_sbom.yml

@@ -0,0 +1,73 @@
+name: Security Scan
+
+env:
+  MAIN_PYTHON_VERSION: '3.13'
+  PACKAGE_NAME: 'ansys-dynamicreporting-core'
+
+on:
+  push:
+    branches:
+      - main
+      - maint/*
+      - release/*
+
+jobs:
+  sbom:
+    name: Generate SBOM
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.MAIN_PYTHON_VERSION }}
+
+      - name: Build wheelhouse
+        uses: ansys/actions/build-wheelhouse@v10
+        with:
+          library-name: ${{ env.PACKAGE_NAME }}
+          operating-system: ubuntu-latest
+          python-version: ${{ env.MAIN_PYTHON_VERSION }}
+
+      - name: Install from wheelhouse
+        run: python -m pip install --no-index --find-links=wheelhouse ${{ env.PACKAGE_NAME }}
+
+      - name: Generate SBOM with Syft
+        uses: anchore/[email protected]
+        with:
+          format: spdx-json
+          output-file: sbom.spdx.json
+          upload-artifact: false
+
+      - name: Upload SBOM as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.PACKAGE_NAME }}-sbom
+          path: sbom.spdx.json
+
+
+  vulnerabilities:
+    name: Vulnerabilities
+    runs-on: ubuntu-latest
+    steps:
+      - name: PyAnsys Vulnerability check (on main)
+        if: github.ref == 'refs/heads/main'
+        uses: ansys/actions/[email protected]
+        with:
+          python-version: ${{ env.MAIN_PYTHON_VERSION }}
+          python-package-name: ${{ env.PACKAGE_NAME }}
+          token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }}
+          hide-log: false
+
+      - name: PyAnsys Vulnerability check (on dev)
+        if: github.ref != 'refs/heads/main'
+        uses: ansys/actions/[email protected]
+        with:
+          python-version: ${{ env.MAIN_PYTHON_VERSION }}
+          python-package-name: ${{ env.PACKAGE_NAME }}
+          token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }}
+          dev-mode: true
+          hide-log: false

codegen/adr_utils.txt

@@ -41,7 +41,7 @@ def in_ipynb():
             return True
         if "terminal" in ipy_str:
             return False
-    except Exception:  # todo: please specify the possible exceptions here.
+    except Exception as e:  # todo: please specify the possible exceptions here.
         return False
 
 

pyproject.toml

@@ -41,7 +41,7 @@ dependencies = [
     "django-guardian~=2.4",
     "tzlocal~=5.0",
     "numpy>=1.23.5,<3",
-    "python-pptx==0.6.19",
+    "python-pptx==0.6.23",
     "pandas>=2.0",
     "statsmodels>=0.14",
     "scipy<=1.15.3",  # breaks ADR if not included. Remove when statsmodels is updated

src/ansys/dynamicreporting/core/adr_service.py

@@ -282,8 +282,8 @@ def connect(
         )
         try:
             self.serverobj.validate()
-        except Exception:
-            self.logger.error("Can not validate dynamic reporting server.\n")
+        except Exception as e:
+            self.logger.error(f"Can not validate dynamic reporting server.\nError: {str(e)}")
             raise NotValidServer
         # set url after connection succeeds
         self._url = url
@@ -392,11 +392,11 @@ def start(
                 if self._docker_launcher:
                     try:
                         create_output = self._docker_launcher.create_nexus_db()
-                    except Exception:  # pragma: no cover
+                    except Exception as e:  # pragma: no cover
                         self._docker_launcher.cleanup()
                         self.logger.error(
-                            f"Error creating the database at the path {self._db_directory} in the "
-                            "Docker container.\n"
+                            "Error creating the database at the path {self._db_directory} in the "
+                            f"Docker container.\nError: {str(e)}"
                         )
                         raise CannotCreateDatabaseError
                     for f in ["db.sqlite3", "view_report.nexdb"]:
@@ -511,10 +511,13 @@ def stop(self) -> None:
         v = False
         try:
             v = self.serverobj.validate()
-        except Exception:
+        except Exception as e:
+            self.logger.error(f"Error: {str(e)}")
             pass
         if v is False:
-            self.logger.error("Error validating the connected service. Can't shut it down.\n")
+            self.logger.error(
+                f"Error validating the connected service. Can't shut it down.\nError: {str(e)}"
+            )
         else:
             # If coming from a docker image, clean that up
             try:
@@ -814,7 +817,7 @@ def delete(self, items: list) -> None:
         try:
             _ = self.serverobj.del_objects(items_to_delete)
         except Exception as e:
-            self.logger.warning(f"Error in deleting items: {e}")
+            self.logger.warning(f"Error in deleting items: {str(e)}")
 
     def get_report(self, report_name: str) -> Report:
         """

src/ansys/dynamicreporting/core/docker_support.py

@@ -64,7 +64,7 @@ def __init__(self, image_url: str | None = None, use_dev: bool = False) -> None:
         # Load up Docker from the user's environment
         try:
             self._client: docker.client.DockerClient = docker.from_env()
-        except Exception:  # pragma: no cover
+        except Exception as e:  # pragma: no cover
             raise RuntimeError("Can't initialize Docker")
         self._container: docker.models.containers.Container = None
         self._image: docker.models.images.Image = None
@@ -92,7 +92,7 @@ def pull_image(self) -> docker.models.images.Image:
         """
         try:
             self._image = self._client.images.pull(self._image_url)
-        except Exception:
+        except Exception as e:
             raise RuntimeError(f"Can't pull Docker image: {self._image_url}")
         return self._image
 
@@ -118,7 +118,7 @@ def copy_to_host(self, src: str, *, dest: str = ".") -> None:
                 for chunk in tar_stream:
                     tar_file.write(chunk)
             # Extract the tar archive
-            with tarfile.open(tar_file_path) as tar:
+            with tarfile.open(tar_file_path) as tar: # nosec
                 tar.extractall(path=output_path)
             # Remove the tar archive
             tar_file_path.unlink()

src/ansys/dynamicreporting/core/examples/downloads.py

@@ -44,7 +44,8 @@ def check_url_exists(url: str) -> bool:
     try:
         with request.urlopen(url) as response:
             return response.status == 200
-    except Exception:
+    except Exception as e:
+        logging.debug(f"Check url error: {str(e)}\n")
         return False
 
 

src/ansys/dynamicreporting/core/utils/encoders.py

@@ -34,7 +34,7 @@ def default(self, obj):
             cls = list if isinstance(obj, (list, tuple)) else dict
             try:
                 return cls(obj)
-            except Exception:
+            except Exception as e:  # nosec
                 pass
         elif hasattr(obj, "__iter__"):
             return tuple(item for item in obj)

src/ansys/dynamicreporting/core/utils/extremely_ugly_hacks.py

@@ -55,10 +55,10 @@ def safe_unpickle(input_data, item_type=None):
                     # be default, we follow python3's way of loading: default encoding is ascii
                     # this will work if the data was dumped using python3's pickle. Just do the usual.
                     data = pickle.loads(bytes_data)
-                except Exception:
+                except Exception as e:
                     try:
                         data = pickle.loads(bytes_data, encoding="utf-8")
-                    except Exception:
+                    except Exception as e:
                         # if it fails, which it will if the data was dumped using python2's pickle, then:
                         # As per https://docs.python.org/3/library/pickle.html#pickle.loads,
                         # "Using encoding='latin1' is required for unpickling NumPy arrays and instances of datetime,

src/ansys/dynamicreporting/core/utils/filelock.py

@@ -251,7 +251,7 @@ def acquire(self, timeout=None, poll_intervall=0.05):
                         poll_intervall,
                     )
                     time.sleep(poll_intervall)
-        except Exception:
+        except Exception as e:
             # Something did go wrong, so decrement the counter.
             with self._thread_lock:
                 self._lock_counter = max(0, self._lock_counter - 1)

src/ansys/dynamicreporting/core/utils/geofile_processing.py

@@ -19,7 +19,7 @@
     is_enve = True
     import enve
     from reports.engine import TemplateEngine
-except Exception:
+except Exception as e:
     is_enve = False
 
 

src/ansys/dynamicreporting/core/utils/report_download_html.py

@@ -159,8 +159,8 @@ def _download_special_files(self):
                 filename = os.path.join(self._directory, f)
                 try:
                     open(filename, "wb").write(resp.content)
-                except Exception:
-                    print(f"Unable to download MathJax file: {f}")
+                except Exception as e:
+                    print(f"Unable to download MathJax file: {f}\nError {str(e)}")
             else:
                 print(f"Unable to get: {url}")
 
@@ -314,8 +314,8 @@ def _download_static_files(self, files, source_path, target_path, comment):
                         str(filename), resp.content, self._ansys_version
                     )
                     open(filename, "wb").write(data)
-                except Exception:
-                    print(f"Unable to download {comment}: {f}")
+                except Exception as e:
+                    print(f"Unable to download {comment}: {f}\nError: {e}")
 
     def _make_unique_basename(self, name: str) -> str:
         # check to see if the filename has already been used (and hence we are headed toward
@@ -389,8 +389,8 @@ def _get_file(self, path_plus_queries: str, pathname: str, inline: bool = False)
                         results = f"./media/{basename}"
                     filename = os.path.join(self._directory, "media", basename)
                     open(filename, "wb").write(tmp)
-            except Exception:
-                print(f"Unable to write downloaded file: {basename}")
+            except Exception as e:
+                print(f"Unable to write downloaded file: {basename}\nError: {str(e)}")
         else:
             print(f"Unable to read file via URL: {url}")
         self._filemap[pathname] = results
@@ -475,8 +475,8 @@ def _make_dir(subdirs):
             if not os.path.exists(base):
                 try:
                     os.makedirs(base, exist_ok=True)
-                except Exception:
-                    raise OSError(f"Unable to create target directory: {base}")
+                except Exception as e:
+                    raise OSError(f"Unable to create target directory: {base}\nError: {str(e)}")
 
     def _download(self):
         self._filemap = dict()

src/ansys/dynamicreporting/core/utils/report_download_pdf.py

@@ -9,7 +9,7 @@
     from qtpy.QtCore import QTimer
 
     has_qt = True
-except Exception:
+except Exception as e:
     has_qt = False
 
 

src/ansys/dynamicreporting/core/utils/report_objects.py

@@ -173,7 +173,8 @@ def map_ensight_plot_to_table_dictionary(p):
         # convert EnSight undefined values into Numpy NaN values
         try:
             a[a == ensight.Undefined] = numpy.nan
-        except Exception:
+        except Exception as e:
+            logger.error(f"Error: {str(e)}.\n")
             pass
         max_columns = max(a.shape[1], max_columns)
         d = dict(array=a, yname=q.LEGENDTITLE, xname=x_axis_title)
@@ -400,7 +401,7 @@ def reset_defaults(self):
     def get_params(self):
         try:
             return json.loads(self.params)
-        except Exception:
+        except Exception as e:
             return {}
 
     def set_params(self, d: dict = None):
@@ -1317,7 +1318,7 @@ def set_payload_image(self, img):
         else:
             try:
                 from . import png
-            except Exception:
+            except Exception as e:
                 import png
             try:
                 # we can only read png images as string content (not filename)
@@ -1337,7 +1338,7 @@ def set_payload_image(self, img):
                     planes=pngobj[3].get("planes", None),
                     palette=pngobj[3].get("palette", None),
                 )
-            except Exception:
+            except Exception as e:
                 # enhanced images will fall into this case
                 data = report_utils.PIL_image_to_data(img)
                 self.width = data["width"]
@@ -1500,13 +1501,13 @@ def add_params(self, d: dict = None):
                 tmp_params[k] = d[k]
             self.params = json.dumps(tmp_params)
             return
-        except Exception:
+        except Exception as _:
             return {}
 
     def get_params(self):
         try:
             return json.loads(self.params)
-        except Exception:
+        except Exception as _:
             return {}
 
     def set_params(self, d: dict = None):
@@ -1855,7 +1856,7 @@ def set_child_position(self, guid=None, value=None):
             raise ValueError("Error: child position array should contain only integers")
         try:
             uuid.UUID(guid, version=4)
-        except Exception:
+        except Exception as _:
             raise ValueError("Error: input guid is not a valid guid")
         d = json.loads(self.params)
         if "boxes" not in d:
@@ -1876,7 +1877,7 @@ def set_child_clip(self, guid=None, clip="self"):
             import uuid
 
             uuid.UUID(guid, version=4)
-        except Exception:
+        except Exception as _:
             raise ValueError("Error: input guid is not a valid guid")
         d = json.loads(self.params)
         if "boxes" not in d:
@@ -2158,7 +2159,7 @@ def set_report_link(self, link=None):
                 d["report_guid"] = link
                 self.params = json.dumps(d)
                 return
-            except Exception:
+            except Exception as _:
                 raise ValueError("Error: input guid is not a valid guid")