Merge "Fix bandit gate jobs"
This commit is contained in:
commit
1fd2d434b1
@ -67,7 +67,7 @@ EXAMPLES = '''
|
||||
import json
|
||||
import pyudev
|
||||
import re
|
||||
import subprocess
|
||||
import subprocess # nosec
|
||||
|
||||
|
||||
def get_id_part_entry_name(dev):
|
||||
@ -84,7 +84,10 @@ def get_id_part_entry_name(dev):
|
||||
part = re.sub(r'.*[^\d]', '', dev.device_node)
|
||||
parent = dev.find_parent('block').device_node
|
||||
# NOTE(Mech422): Need to use -i as -p truncates the partition name
|
||||
out = subprocess.Popen(['/usr/sbin/sgdisk', '-i', part, parent],
|
||||
# TODO(pbourke): Consider some form of validation to be performed on
|
||||
# part/parent [0]
|
||||
out = subprocess.Popen(['/usr/sbin/sgdisk', '-i', part, # nosec [0]
|
||||
parent],
|
||||
stdout=subprocess.PIPE).communicate()
|
||||
match = re.search(r'Partition name: \'(\w+)\'', out[0])
|
||||
if match:
|
||||
|
@ -22,6 +22,7 @@
|
||||
# in upstream shade we will be able to use more of the shade module. Until then
|
||||
# if we want to be 'stable' we really need to be using it as a passthrough
|
||||
|
||||
import tempfile
|
||||
import traceback
|
||||
|
||||
import shade
|
||||
@ -34,8 +35,8 @@ class SanityChecks(object):
|
||||
|
||||
@staticmethod
|
||||
def glance(cloud):
|
||||
open("/tmp/blank.qcow2", 'a').close()
|
||||
cloud.create_image("test", filename="/tmp/blank.qcow2",
|
||||
with tempfile.NamedTemporaryfile(suffix='qcow2') as image:
|
||||
cloud.create_image("test", filename=image.name,
|
||||
disk_format="qcow2", container_format="bare")
|
||||
testid = cloud.get_image_id("test")
|
||||
cloud.delete_image(testid)
|
||||
|
@ -24,7 +24,7 @@
|
||||
# at this time. Once Docker updates with this feature we will usre this again.
|
||||
|
||||
import nsenter
|
||||
import subprocess
|
||||
import subprocess # nosec
|
||||
import sys
|
||||
|
||||
|
||||
@ -36,7 +36,7 @@ def host_mnt_exec(cmd):
|
||||
'1',
|
||||
'mnt',
|
||||
proc='/var/lib/kolla/host_proc/'))
|
||||
process_ = subprocess.Popen(cmd)
|
||||
process_ = subprocess.Popen(cmd) # nosec
|
||||
|
||||
except Exception as e:
|
||||
print(
|
||||
@ -64,5 +64,5 @@ else:
|
||||
if len(sys.argv) == 2:
|
||||
cmd = cmd + sys.argv[1:]
|
||||
|
||||
process_ = subprocess.Popen(cmd)
|
||||
process_ = subprocess.Popen(cmd) # nosec
|
||||
sys.exit(process_.returncode)
|
||||
|
@ -13,7 +13,7 @@
|
||||
# limitations under the License.
|
||||
|
||||
import json
|
||||
import subprocess
|
||||
import subprocess # nosec
|
||||
import traceback
|
||||
|
||||
|
||||
@ -23,9 +23,11 @@ def extract_gospel_node(term):
|
||||
|
||||
def main():
|
||||
try:
|
||||
# TODO(pbourke): see if can get gospel node without requiring shell
|
||||
raw_status = subprocess.check_output(
|
||||
"rabbitmqctl eval 'rabbit_clusterer:status().'",
|
||||
shell=True, stderr=subprocess.STDOUT
|
||||
"/usr/sbin/rabbitmqctl eval 'rabbit_clusterer:status().'",
|
||||
shell=True, stderr=subprocess.STDOUT # nosec: this command appears
|
||||
# to require a shell to work
|
||||
)
|
||||
if "Rabbit is running in cluster configuration" not in raw_status:
|
||||
raise AttributeError
|
||||
|
@ -19,7 +19,7 @@ This script is a simple wrapper used to create and rebalance Swift ring files.
|
||||
"""
|
||||
|
||||
import argparse
|
||||
import subprocess
|
||||
import subprocess # nosec
|
||||
import sys
|
||||
|
||||
|
||||
@ -54,7 +54,10 @@ def setup_args():
|
||||
|
||||
def run_cmd(cmd):
|
||||
print(' '.join(cmd))
|
||||
subprocess.call(cmd)
|
||||
# NOTE(sdake): [0] we expect Operators to run this command and for their
|
||||
# environment to be properly secured. Since this is not a network
|
||||
# facing tool, there is no risk of untrusted input.
|
||||
subprocess.call(cmd) # nosec [0]
|
||||
|
||||
|
||||
def run(args):
|
||||
|
@ -22,7 +22,7 @@ import yaml
|
||||
from Crypto.PublicKey import RSA
|
||||
|
||||
|
||||
def generate_RSA(bits=2048):
|
||||
def generate_RSA(bits=4096):
|
||||
new_key = RSA.generate(bits, os.urandom)
|
||||
private_key = new_key.exportKey("PEM")
|
||||
public_key = new_key.publickey().exportKey("OpenSSH")
|
||||
@ -52,7 +52,7 @@ def main():
|
||||
length = 40
|
||||
|
||||
with open(passwords_file, 'r') as f:
|
||||
passwords = yaml.load(f.read())
|
||||
passwords = yaml.safe_load(f.read())
|
||||
|
||||
for k, v in passwords.items():
|
||||
if (k in ssh_keys and
|
||||
|
@ -32,7 +32,7 @@ def main():
|
||||
for filename in args.input:
|
||||
with open(filename) as fd:
|
||||
try:
|
||||
yaml.load(fd)
|
||||
yaml.safe_load(fd)
|
||||
except yaml.error.YAMLError as error:
|
||||
res = 1
|
||||
logging.error('%s failed validation: %s',
|
||||
|
Loading…
Reference in New Issue
Block a user