cyborg/introduce-bandit-security-linter-339d3f12b6200d64.yaml at eafcc2fc64df6d8c8c2e3b709e9d4e7d5e7be9b7 - cyborg - OpenDev: Free Software Needs Free Tools

openstack/cyborg

Yumeng Bao d765a344ee Introduce bandit security linter

Cyborg now does not have a code security check, which may connive at
possible security issues. For example, shell-related operations for drivers
may be insecure. Current "sudo lspci -nnn -D" in huawei ascend driver code[0]
is insecure, but there is no any job/test that can check the potential security
issues. So this patch introduces bandit as a code security check.

[0]:https://github.com/openstack/cyborg/blob/master/cyborg/accelerator/drivers/aichip/huawei/ascend.py#L69

Change-Id: Ia1f9acbbd176180cb5fe97b1a2eee5f98a95dea6

2020-01-05 19:49:22 -08:00

8 lines

267 B

YAML

Raw Blame History

 ---
 security:
   - |
     Introduce bandit check as the code security check, which can help us avoid
     possible security issues. For example, shell-related operations for drivers
     may be insecure. With bandit test, it can check the potential security
     issues.