diff --git a/bandit.yaml b/bandit.yaml index b230f12c..51b7c59a 100644 --- a/bandit.yaml +++ b/bandit.yaml @@ -30,7 +30,9 @@ exclude_dirs: profiles: sahara_default: include: - - hardcoded_password + - hardcoded_password_string + - hardcoded_password_funcarg + # - hardcoded_password_default - blacklist_calls - blacklist_imports - subprocess_popen_with_shell_equals_true diff --git a/sahara/plugins/hdp/versions/version_2_0_6/services.py b/sahara/plugins/hdp/versions/version_2_0_6/services.py index 16c81447..cd55030a 100644 --- a/sahara/plugins/hdp/versions/version_2_0_6/services.py +++ b/sahara/plugins/hdp/versions/version_2_0_6/services.py @@ -1255,7 +1255,8 @@ class HueService(Service): username = config.get('useradmin/default_username', '') password = config.get('useradmin/default_user_password', '') - create_user = username != '' and password != '' + # NOTE(tkelsey): test prevents creation of user with defaults + create_user = username != '' and password != '' # nosec(tkelsey) # Install Hue on the appropriate node(s)... hue_ngs = cluster_spec.get_node_groups_containing_component("HUE") diff --git a/tox.ini b/tox.ini index 7fa9f2ff..38520dbc 100644 --- a/tox.ini +++ b/tox.ini @@ -34,7 +34,7 @@ commands = bash -c "find sahara -iname '*.sh' -print0 | xargs -0 bashate -v" bash -c "find devstack -not -name README.rst -and -not -name \*.json -type f -print0 | xargs -0 bashate -v" # Run security linter - bandit -c bandit.yaml -r sahara -n5 -p sahara_default + bandit -c bandit.yaml -r sahara -n5 -p sahara_default -x tests [testenv:venv] commands = {posargs} @@ -78,7 +78,7 @@ commands = oslo_debug_helper {posargs} [testenv:bandit] deps = -r{toxinidir}/test-requirements-bandit.txt -commands = bandit -c bandit.yaml -r sahara -n5 -p sahara_default +commands = bandit -c bandit.yaml -r sahara -n5 -p sahara_default -x tests [flake8] show-source = true