added support for doing bandit checks.
This commit is contained in:
parent
891e3a1365
commit
ee57dcae8a
|
@ -782,5 +782,5 @@ class Inventory(object):
|
|||
json_gen_file.write("print('%s')" % json_out)
|
||||
|
||||
# set executable by group
|
||||
os.chmod(json_gen_path, 0o555)
|
||||
os.chmod(json_gen_path, 0o555) # nosec
|
||||
return json_gen_path
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# under the License.
|
||||
import logging
|
||||
import os
|
||||
import subprocess
|
||||
import subprocess # nosec
|
||||
import traceback
|
||||
|
||||
from kollacli.ansible.inventory import Inventory
|
||||
|
@ -123,7 +123,7 @@ class AnsiblePlaybook(object):
|
|||
# log the inventory
|
||||
dbg_gen = inventory_path
|
||||
(inv, _) = \
|
||||
subprocess.Popen(dbg_gen.split(' '),
|
||||
subprocess.Popen(dbg_gen.split(' '), # nosec
|
||||
stdout=subprocess.PIPE,
|
||||
stderr=subprocess.PIPE).communicate()
|
||||
self.log.debug(inv)
|
||||
|
|
|
@ -58,7 +58,7 @@ class AnsibleProperties(object):
|
|||
ANSIBLE_DEFAULTS_PATH)
|
||||
if os.path.isfile(file_name):
|
||||
with open(file_name) as service_file:
|
||||
service_contents = yaml.load(service_file)
|
||||
service_contents = yaml.safe_load(service_file)
|
||||
self.file_contents[file_name] = service_contents
|
||||
service_contents = self.filter_jinja2(service_contents)
|
||||
prop_file_name = service_name + ':main.yml'
|
||||
|
@ -73,7 +73,7 @@ class AnsibleProperties(object):
|
|||
try:
|
||||
self.allvars_path = os.path.join(kolla_home, ALLVARS_PATH)
|
||||
with open(self.allvars_path) as allvars_file:
|
||||
allvars_contents = yaml.load(allvars_file)
|
||||
allvars_contents = yaml.safe_load(allvars_file)
|
||||
self.file_contents[self.allvars_path] = allvars_contents
|
||||
allvars_contents = self.filter_jinja2(allvars_contents)
|
||||
for key, value in allvars_contents.items():
|
||||
|
@ -87,7 +87,7 @@ class AnsibleProperties(object):
|
|||
try:
|
||||
self.globals_path = os.path.join(kolla_etc, GLOBALS_FILENAME)
|
||||
globals_data = sync_read_file(self.globals_path)
|
||||
globals_contents = yaml.load(globals_data)
|
||||
globals_contents = yaml.safe_load(globals_data)
|
||||
self.file_contents[self.globals_path] = globals_contents
|
||||
globals_contents = self.filter_jinja2(globals_contents)
|
||||
for key, value in globals_contents.items():
|
||||
|
|
|
@ -272,7 +272,7 @@ class HostSetup(Command):
|
|||
with open(yml_path, 'r') as hosts_file:
|
||||
file_data = hosts_file.read()
|
||||
|
||||
hosts_info = yaml.load(file_data)
|
||||
hosts_info = yaml.safe_load(file_data)
|
||||
if not hosts_info:
|
||||
raise CommandError('%s is empty' % yml_path)
|
||||
return hosts_info
|
||||
|
|
|
@ -107,7 +107,7 @@ def _post_setup_checks(net_addr, log):
|
|||
|
||||
try:
|
||||
# a basic test
|
||||
ssh_client.exec_command('ls')
|
||||
ssh_client.exec_command('ls') # nosec
|
||||
|
||||
except Exception as e:
|
||||
raise CommandError("remote command 'ls' failed : %s" % e)
|
||||
|
@ -120,13 +120,13 @@ def _close_ssh_client(ssh_client):
|
|||
if ssh_client:
|
||||
try:
|
||||
ssh_client.close()
|
||||
except Exception:
|
||||
except Exception: # nosec
|
||||
pass
|
||||
|
||||
|
||||
def _exec_ssh_cmd(cmd, ssh_client, log):
|
||||
log.debug(cmd)
|
||||
_, stdout, stderr = ssh_client.exec_command(cmd, get_pty=True)
|
||||
_, stdout, stderr = ssh_client.exec_command(cmd, get_pty=True) # nosec
|
||||
msg = stdout.read()
|
||||
errmsg = stderr.read()
|
||||
log.debug('%s : %s' % (msg, errmsg))
|
||||
|
|
|
@ -18,7 +18,6 @@ import pexpect
|
|||
import pwd
|
||||
import six
|
||||
import sys
|
||||
import yaml
|
||||
|
||||
from kollacli.exceptions import CommandError
|
||||
from oslo_utils.encodeutils import safe_decode
|
||||
|
@ -80,23 +79,6 @@ def get_pk_bits():
|
|||
return 1024
|
||||
|
||||
|
||||
def load_etc_yaml(fileName):
|
||||
contents = {}
|
||||
try:
|
||||
with open(get_kollacli_etc() + fileName, 'r') as f:
|
||||
contents = yaml.load(f)
|
||||
except Exception:
|
||||
# TODO(bmace) if file doesn't exist on a load we don't
|
||||
# want to blow up, some better behavior here?
|
||||
pass
|
||||
return contents or {}
|
||||
|
||||
|
||||
def save_etc_yaml(fileName, contents):
|
||||
with open(get_kollacli_etc() + fileName, 'w') as f:
|
||||
f.write(yaml.dump(contents))
|
||||
|
||||
|
||||
def get_ansible_command(playbook=False):
|
||||
"""get a python2 ansible command
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
# Hacking already pins down pep8, pyflakes and flake8
|
||||
hacking>=0.10.2,<0.11
|
||||
|
||||
bandit>=0.13.2
|
||||
coverage>=3.6
|
||||
discover
|
||||
fixtures>=0.3.14
|
||||
|
|
|
@ -258,7 +258,7 @@ class TestConfig(object):
|
|||
with open(path, 'r+') as cfg_file:
|
||||
yml_data = cfg_file.read()
|
||||
|
||||
test_cfg = yaml.load(yml_data)
|
||||
test_cfg = yaml.safe_load(yml_data)
|
||||
|
||||
hosts_info = test_cfg['hosts']
|
||||
if hosts_info:
|
||||
|
|
6
tox.ini
6
tox.ini
|
@ -1,7 +1,7 @@
|
|||
[tox]
|
||||
minversion = 1.6
|
||||
skipsdist = True
|
||||
envlist = py27,pep8
|
||||
envlist = py27,pep8,bandit
|
||||
|
||||
[testenv]
|
||||
usedevelop = True
|
||||
|
@ -25,3 +25,7 @@ commands = {posargs}
|
|||
[flake8]
|
||||
show-source = True
|
||||
exclude=.venv,.git,.tox,dist,doc,*lib/python*,*egg,build
|
||||
|
||||
[testenv:bandit]
|
||||
deps = -r{toxinidir}/test-requirements.txt
|
||||
commands = bandit -r kollacli
|
||||
|
|
Loading…
Reference in New Issue