Put some pre-commit checks in place

[nicholasmhughes]

Just a suggestion, but putting some code standards in place programmatically with pre-commit will keep the code looking uniform.

There's also a bandit security check that's failing in several sections of the code which you might want to investigate:

>> Issue: [B602:subprocess_popen_with_shell_equals_true] subprocess call with shell=True identified, security issue.
   Severity: High   Confidence: High
   Location: plugins/ECESecurity.py:237
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html

If you accept this, you'll probably want to put a pre-commit GitHub Action in place pretty quickly to ensure contributors are using it.

This is just a starting point. Might be cool to extend with pylint and other things that make sense.

[jonrau-lightspin]

Hey @nicholasmhughes looks like black is turning my precious single quotes into double quotes.

That Bandit check is the same thing that Snyk and CodeQL yell at me about - I will do some testing on setting shell=False - it should still work. I took that subprocess code from another project of ours. I'll likely abandon this PR after that testing as it will remediate the core issues you found. Trivy, Snyk and CodeQL/Dependabot are all running as GHAs to prevent PRs though

[nicholasmhughes]

Good (controversial) discussion here on quoting, but scroll to the bottom if you really want single quotes. It's possible to keep them.

Instituting pre-commit checks is a good way to allow contributors to ensure they're adhering to standards before commit and pushing... only to find out that something is failing the pipeline.

[szotrj]

I recommend running pylint to cleanup your Python style (PEP 8) (e.g. snake_case vs camelCase) -- didn't want to put you on blast on LinkedIn ;)