Bandit password tests

These tests were broken, a previous patch failed to fix them
(referenced old docs). This patch actually fixes them and adds
nosec comments as needed. Note that 'hardcoded_password_default'
is disabled until some issues are resolved.

Change-Id: I0c6977b48fd824cfdb13e86086476a4acd945585
This commit is contained in:
Tim Kelsey 2016-04-01 12:03:16 +01:00
parent 72b5a58abc
commit 021d441d6f
3 changed files with 7 additions and 4 deletions

View File

@ -30,7 +30,9 @@ exclude_dirs:
profiles:
sahara_default:
include:
- hardcoded_password
- hardcoded_password_string
- hardcoded_password_funcarg
# - hardcoded_password_default
- blacklist_calls
- blacklist_imports
- subprocess_popen_with_shell_equals_true

View File

@ -1255,7 +1255,8 @@ class HueService(Service):
username = config.get('useradmin/default_username', '')
password = config.get('useradmin/default_user_password', '')
create_user = username != '' and password != ''
# NOTE(tkelsey): test prevents creation of user with defaults
create_user = username != '' and password != '' # nosec(tkelsey)
# Install Hue on the appropriate node(s)...
hue_ngs = cluster_spec.get_node_groups_containing_component("HUE")

View File

@ -34,7 +34,7 @@ commands =
bash -c "find sahara -iname '*.sh' -print0 | xargs -0 bashate -v"
bash -c "find devstack -not -name README.rst -and -not -name \*.json -type f -print0 | xargs -0 bashate -v"
# Run security linter
bandit -c bandit.yaml -r sahara -n5 -p sahara_default
bandit -c bandit.yaml -r sahara -n5 -p sahara_default -x tests
[testenv:venv]
commands = {posargs}
@ -78,7 +78,7 @@ commands = oslo_debug_helper {posargs}
[testenv:bandit]
deps = -r{toxinidir}/test-requirements-bandit.txt
commands = bandit -c bandit.yaml -r sahara -n5 -p sahara_default
commands = bandit -c bandit.yaml -r sahara -n5 -p sahara_default -x tests
[flake8]
show-source = true