Add nosec to Bandit False Positives
The three lines of code in pegleg.engine.errorcodes, and pegleg.engine.util.pegleg_secret_management are giving false positive bandit errors. This patchset address these by adding # nosec label to each line, instructing Bandit to ignore that line of code. The three errors detected are all B105, details below from Bandit: >> Issue: [B105:hardcoded_password_string] Possible hardcoded password: 'P009' Severity: Low Confidence: Medium Location: pegleg/engine/errorcodes.py:22 20 FILE_CONTAINS_INVALID_YAML = 'P007' 21 DOCUMENT_LAYER_MISMATCH = 'P008' 22 SECRET_NOT_ENCRYPTED_POLICY = 'P009' 23 24 ALL_CODES = ( 25 SCHEMA_STORAGE_POLICY_MISMATCH_FLAG, # nosec reasoning: The variable 'SECRET_NOT_ENCRYPTED_POLICY' does not map to a hardcoded password. -------------------------------------------------- >> Issue: [B105:hardcoded_password_string] Possible hardcoded password: '^.{24,}$' Severity: Low Confidence: Medium Location: pegleg/engine/util/pegleg_secret_management.py:30 28 29 LOG = logging.getLogger(__name__) 30 PASSPHRASE_PATTERN = '^.{24,}$' 31 ENV_PASSPHRASE = 'PEGLEG_PASSPHRASE' 32 ENV_SALT = 'PEGLEG_SALT' # nosec reasoning: The variable 'PASSPHRASE_PATTERN' does not map to a hardcoded password -------------------------------------------------- >> Issue: [B105:hardcoded_password_string] Possible hardcoded password: 'PEGLEG_PASSPHRASE' Severity: Low Confidence: Medium Location: pegleg/engine/util/pegleg_secret_management.py:31 29 LOG = logging.getLogger(__name__) 30 PASSPHRASE_PATTERN = '^.{24,}$' 31 ENV_PASSPHRASE = 'PEGLEG_PASSPHRASE' 32 ENV_SALT = 'PEGLEG_SALT' 33 # nosec reasoning: The variable 'ENV_PASSPHRASE' does not map to a hardcoded password. This is setting the environment variable name that passwords are stored in as 'PEGLEG_PASSPHRASE'. The passphrases are not hardcoded on disk, but retrieved from environment variables later via os.environ.get(ENV_PASSPHRASE) Change-Id: I4508b30b763f25e4466c2e2159fbaf3c7df68b5b
This commit is contained in:
parent
c40ecd1ce9
commit
498d5c078f
@ -19,7 +19,7 @@ DECKHAND_RENDER_EXCEPTION = 'P005'
|
||||
FILE_MISSING_YAML_DOCUMENT_HEADER = 'P006'
|
||||
FILE_CONTAINS_INVALID_YAML = 'P007'
|
||||
DOCUMENT_LAYER_MISMATCH = 'P008'
|
||||
SECRET_NOT_ENCRYPTED_POLICY = 'P009'
|
||||
SECRET_NOT_ENCRYPTED_POLICY = 'P009' # nosec (alexanderhughes)
|
||||
|
||||
ALL_CODES = (
|
||||
SCHEMA_STORAGE_POLICY_MISMATCH_FLAG,
|
||||
|
@ -27,8 +27,8 @@ from pegleg.engine.util.pegleg_managed_document import \
|
||||
PeglegManagedSecretsDocument as PeglegManagedSecret
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
PASSPHRASE_PATTERN = '^.{24,}$'
|
||||
ENV_PASSPHRASE = 'PEGLEG_PASSPHRASE'
|
||||
PASSPHRASE_PATTERN = '^.{24,}$' # nosec (alexanderhughes)
|
||||
ENV_PASSPHRASE = 'PEGLEG_PASSPHRASE' # nosec (alexanderhughes)
|
||||
ENV_SALT = 'PEGLEG_SALT'
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user