Fix barbican B105 issues

Those are all false positives, add "nosec" to them and
enable the test again.

Change-Id: I88ae4f77be18146b31d5f2b935896b593f9a40c0
This commit is contained in:
Andreas Jaeger 2019-08-05 16:28:44 +02:00
parent bf95c37b84
commit a10ccf6cf3
5 changed files with 7 additions and 7 deletions

View File

@ -143,8 +143,8 @@ class DbCommands(object):
commands.current(verbose, sql_url=CONF.sql_connection)
else:
commands.current(verbose, sql_url=str(dburl))
sync_secret_stores_description = "Sync secret_stores with barbican.conf"
sync_secret_stores_description = ("Sync secret_stores with " # nosec
"barbican.conf")
@args('--db-url', '-d', metavar='<db-url>', dest='dburl',
help='barbican database URL')

View File

@ -43,7 +43,7 @@ API_VERSION = 'v1'
# barbican.plugin.interface.secret_store which introduces a cyclic dependency
# if `secret_store` plugin needs to use db model classes. So moving shared
# value to another common python module which is already imported in both.
SECRET_TYPE_OPAQUE = "opaque"
SECRET_TYPE_OPAQUE = "opaque" # nosec
def _do_allow_certain_content_types(func, content_types_list=[]):

View File

@ -165,8 +165,8 @@ class DogtagKRAPlugin(sstore.SecretStoreBase):
BIT_LENGTH = "bit_length"
GENERATED = "generated"
KEY_ID = "key_id"
SECRET_MODE = "secret_mode"
PASSPHRASE_KEY_ID = "passphrase_key_id"
SECRET_MODE = "secret_mode" # nosec
PASSPHRASE_KEY_ID = "passphrase_key_id" # nosec
CONVERT_TO_PEM = "convert_to_pem"
# string constants

View File

@ -278,7 +278,7 @@ class SecretType(object):
PRIVATE = "private"
"""Constant to define the passphrase type. Used by getSecret to retrieve a
passphrase."""
PASSPHRASE = "passphrase"
PASSPHRASE = "passphrase" # nosec
"""Constant to define the certificate type. Used by getSecret to retrieve a
certificate."""
CERTIFICATE = "certificate"

View File

@ -149,7 +149,7 @@ exclude = .git,.idea,.tox,bin,dist,debian,rpmbuild,tools,*.egg-info,*.eggs,contr
[testenv:bandit]
basepython = python3
deps = -r{toxinidir}/test-requirements.txt
commands = bandit -r barbican -x tests -n5 -s B105
commands = bandit -r barbican -x tests -n5
[testenv:bindep]
basepython = python3