60740282c9
This change adds a basic bandit config for cloudkitty. It can be invoked
by running the tox environment for bandit;
tox -e bandit
These changes also fix potential security issues find during bandit checks.
- binding to all interface: remove useless host_ip option to avoid issue
- hash function issue: switch from sha1 to sha512
- use of exec: can't be removed for moment so using #nosec comment
Change-Id: Iae7d7604457345fe6d482cf48311c9b75fdde947
79 lines
2.0 KiB
INI
79 lines
2.0 KiB
INI
[tox]
|
|
minversion = 1.6
|
|
skipsdist = True
|
|
envlist = py35,py36,py37,py27,pep8
|
|
|
|
[testenv]
|
|
whitelist_externals = rm
|
|
setenv = VIRTUAL_ENV={envdir}
|
|
PYTHONWARNINGS=default::DeprecationWarning
|
|
usedevelop = True
|
|
install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
|
|
|
|
deps = -r{toxinidir}/requirements.txt
|
|
-r{toxinidir}/test-requirements.txt
|
|
commands =
|
|
/usr/bin/find . -type f -name "*.py[co]" -delete
|
|
rm -f .testrepository/times.dbm
|
|
stestr run {posargs}
|
|
|
|
[testenv:debug]
|
|
basepython = python3
|
|
commands = oslo_debug_helper {posargs}
|
|
|
|
[testenv:pep8]
|
|
basepython = python3
|
|
commands =
|
|
flake8 {posargs} cloudkitty
|
|
doc8 {posargs}
|
|
|
|
[testenv:bandit]
|
|
basepython = python3
|
|
deps = -r{toxinidir}/test-requirements.txt
|
|
commands = bandit -r cloudkitty -n5 -x tests -ll
|
|
|
|
[testenv:cover]
|
|
basepython = python3
|
|
setenv =
|
|
VIRTUAL_ENV={envdir}
|
|
PYTHON=coverage run --source cloudkitty --parallel-mode
|
|
commands =
|
|
stestr run {posargs}
|
|
coverage combine
|
|
coverage html -d cover
|
|
coverage xml -o cover/coverage.xml
|
|
coverage report
|
|
|
|
[testenv:genconfig]
|
|
basepython = python3
|
|
commands =
|
|
oslo-config-generator --config-file etc/oslo-config-generator/cloudkitty.conf
|
|
|
|
[testenv:genpolicy]
|
|
basepython = python3
|
|
commands = oslopolicy-sample-generator --config-file=etc/oslo-policy-generator/cloudkitty.conf
|
|
|
|
[testenv:docs]
|
|
basepython = python3
|
|
commands = python setup.py build_sphinx
|
|
|
|
[testenv:venv]
|
|
basepython = python3
|
|
commands = {posargs}
|
|
|
|
[flake8]
|
|
filename = *.py,app.wsgi
|
|
exclude = .git,.venv,.tox,dist,doc,*egg,build,.ropeproject,releasenotes
|
|
ignore = H105
|
|
|
|
[doc8]
|
|
ignore-path = .venv,.git,.tox,.tmp,*cloudkitty/locale*,*lib/python*,cloudkitty.egg*,doc/build,releasenotes/*
|
|
|
|
[hacking]
|
|
import_exceptions = cloudkitty.i18n
|
|
local-check-factory = cloudkitty.hacking.checks.factory
|
|
|
|
[testenv:releasenotes]
|
|
basepython = python3
|
|
commands = sphinx-build -a -E -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
|