Add bandit to pep8 and bandit testenv
This patch adds bandit security linter to tox jobs. It ignores files in the 'tests' directory. This patch will also fix or exclude any issues as a result from scan. Change-Id: I9caa41f596a17a8b961a542d4bc6bb121e7a147f
This commit is contained in:
parent
7207ffaf61
commit
79532ea599
|
@ -72,7 +72,7 @@ class SheepdogImage(object):
|
|||
|
||||
try:
|
||||
return processutils.execute(
|
||||
cmd, process_input=data, shell=True)[0]
|
||||
cmd, process_input=data)[0]
|
||||
except processutils.ProcessExecutionError as exc:
|
||||
LOG.error(exc)
|
||||
raise glance_store.BackendException(exc)
|
||||
|
@ -231,7 +231,7 @@ class Store(glance_store.driver.Store):
|
|||
reason=reason)
|
||||
|
||||
try:
|
||||
processutils.execute("collie", shell=True)
|
||||
processutils.execute("collie")
|
||||
except processutils.ProcessExecutionError as exc:
|
||||
reason = _("Error in store configuration: %s") % exc
|
||||
LOG.error(reason)
|
||||
|
|
|
@ -17,6 +17,7 @@ testscenarios>=0.4 # Apache-2.0/BSD
|
|||
testtools>=1.4.0 # MIT
|
||||
oslotest>=1.10.0 # Apache-2.0
|
||||
os-testr>=0.7.0 # Apache-2.0
|
||||
bandit>=1.0.1 # Apache-2.0
|
||||
|
||||
# this is required for the docs build jobs
|
||||
sphinx!=1.3b1,<1.3,>=1.2.1 # BSD
|
||||
|
|
15
tox.ini
15
tox.ini
|
@ -25,6 +25,21 @@ commands = sphinx-build -a -E -W -d releasenotes/build/.doctrees -b html release
|
|||
[testenv:pep8]
|
||||
commands =
|
||||
flake8 {posargs}
|
||||
# Run security linter
|
||||
# The following bandit tests are being skipped:
|
||||
# B101 - Use of assert detected.
|
||||
# B110 - Try, Except, Pass detected.
|
||||
# B303 - Use of insecure MD2, MD4, or MD5 hash function.
|
||||
bandit -r glance_store -x tests --skip B101,B110,B303
|
||||
|
||||
[testenv:bandit]
|
||||
# NOTE(browne): This is required for the integration test job of the bandit
|
||||
# project. Please do not remove.
|
||||
# The following bandit tests are being skipped:
|
||||
# B101 - Use of assert detected.
|
||||
# B110 - Try, Except, Pass detected.
|
||||
# B303 - Use of insecure MD2, MD4, or MD5 hash function.
|
||||
commands = bandit -r glance_store -x tests --skip B101,B110,B303
|
||||
|
||||
[testenv:cover]
|
||||
# NOTE(nikhil): this target does not use constraints because upstream infra
|
||||
|
|
Loading…
Reference in New Issue