airship
/
pegleg
Code Issues Proposed changes
pegleg/pegleg/engine
History
Alexander Hughes 498d5c078f Add nosec to Bandit False Positives 
The three lines of code in pegleg.engine.errorcodes, and
pegleg.engine.util.pegleg_secret_management are giving false positive
bandit errors.  This patchset address these by adding # nosec label
to each line, instructing Bandit to ignore that line of code.

The three errors detected are all B105, details below from Bandit:

>> Issue: [B105:hardcoded_password_string] Possible hardcoded password:
'P009'
   Severity: Low   Confidence: Medium
   Location: pegleg/engine/errorcodes.py:22
20      FILE_CONTAINS_INVALID_YAML = 'P007'
21      DOCUMENT_LAYER_MISMATCH = 'P008'
22      SECRET_NOT_ENCRYPTED_POLICY = 'P009'
23
24      ALL_CODES = (
25          SCHEMA_STORAGE_POLICY_MISMATCH_FLAG,

# nosec reasoning: The variable 'SECRET_NOT_ENCRYPTED_POLICY' does not
map to a hardcoded password.

--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password:
'^.{24,}$'
   Severity: Low   Confidence: Medium
   Location: pegleg/engine/util/pegleg_secret_management.py:30
28
29      LOG = logging.getLogger(__name__)
30      PASSPHRASE_PATTERN = '^.{24,}$'
31      ENV_PASSPHRASE = 'PEGLEG_PASSPHRASE'
32      ENV_SALT = 'PEGLEG_SALT'

# nosec reasoning: The variable 'PASSPHRASE_PATTERN' does not map to a
hardcoded password

--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password:
'PEGLEG_PASSPHRASE'
   Severity: Low   Confidence: Medium
   Location: pegleg/engine/util/pegleg_secret_management.py:31

29      LOG = logging.getLogger(__name__)
30      PASSPHRASE_PATTERN = '^.{24,}$'
31      ENV_PASSPHRASE = 'PEGLEG_PASSPHRASE'
32      ENV_SALT = 'PEGLEG_SALT'
33

# nosec reasoning: The variable 'ENV_PASSPHRASE' does not map to a
hardcoded password.  This is setting the environment variable name that
passwords are stored in as 'PEGLEG_PASSPHRASE'.  The passphrases are not
hardcoded on disk, but retrieved from environment variables later via
os.environ.get(ENV_PASSPHRASE)

Change-Id: I4508b30b763f25e4466c2e2159fbaf3c7df68b5b
 		2019-05-09 15:29:26 +00:00
..
catalog Update validity checks and docs of PKI functions 2019-04-09 12:36:35 -05:00
catalogs Revised exception for missing passphrase catalog 2019-04-03 16:27:28 -05:00
common pki: Port Promenade's PKI catalog into Pegleg 2019-01-15 13:29:21 -06:00
generators Add CLI generation of salt 2019-02-20 16:51:01 +00:00
util Add nosec to Bandit False Positives 2019-05-09 15:29:26 +00:00
__init__.py Pegleg encryption of site secrets 2018-10-30 16:53:51 +00:00
bundle.py CLI: Add command to generate genesis bundle 2019-03-07 03:00:30 -06:00
errorcodes.py Add nosec to Bandit False Positives 2019-05-09 15:29:26 +00:00
exceptions.py Allow buffer mode to be configured for upload 2019-04-29 12:43:55 -05:00
lint.py Fix typo in secrets linting 2019-03-22 17:38:07 +00:00
repository.py pki: Port Promenade's PKI catalog into Pegleg 2019-01-15 13:29:21 -06:00
secrets.py PKI Cert generation and check updates 2019-04-08 07:48:32 -05:00
site.py Add configurable deckhand render validation 2019-04-30 15:41:40 -05:00
type.py Pegleg CLI output improvement 2018-10-10 15:30:54 -04:00