Add bandit check to all python code

Bandit was not running in all directories due missing -r parameter. Also, this change fix bandit errors. * Add nosec to subprocess module * Change /tmp/releases to .releases * Change /tmp/ to tmp/, tmp/ is not checked and in unittest is not an issue, simpler that mocking tempfile and make more complex tests. Change-Id: I42bafa4707a9a4d1faeb01cb9b5a843f56280deb
6 years ago · cc7aabc12e
parent e5ea8f678c
commit cc7aabc12e
4 changed files with 9 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -45,6 +45,9 @@ releasenotes/build
 # Files generated by Ansible
 ansible/*.retry

+#OpenStack releases repo used by version_check.py.
+.releases
+
 # Others
 .DS_Store
 .vimrc
--- a/kolla/tests/test_build.py
+++ b/kolla/tests/test_build.py
@ -373,10 +373,10 @@ class KollaWorkerTest(base.TestCase):

    @mock.patch('shutil.copytree')
    def test_work_dir(self, copytree_mock):
-        self.conf.set_override('work_dir', '/tmp/foo')
+        self.conf.set_override('work_dir', 'tmp/foo')
        kolla = build.KollaWorker(self.conf)
        kolla.setup_working_dir()
-        self.assertEqual('/tmp/foo/docker', kolla.working_dir)
+        self.assertEqual('tmp/foo/docker', kolla.working_dir)


 class MainTest(base.TestCase):
--- a/tools/version-check.py
+++ b/tools/version-check.py
@ -16,7 +16,7 @@ import argparse
 import logging
 import os
 import re
-import subprocess
+import subprocess  # nosec
 import sys

 import yaml
@ -38,7 +38,7 @@ logging.basicConfig(level=logging.INFO)
 LOG = logging.getLogger(__name__)

 RELEASE_REPO = 'https://github.com/openstack/releases'
-TARGET = '/tmp/releases'
+TARGET = '.releases'

 SKIP_PROJECTS = {
    'rally': 'Rally is not managed by openstack/releases project',
@ -60,7 +60,7 @@ def update_releases_repo():
    else:
        cmd = ['git', '--git-dir', os.path.join(TARGET, '.git'), '--work-tree',
               TARGET, 'pull']
-    subprocess.call(cmd)
+    subprocess.call(cmd)  # nosec


 def get_default_branch():
--- a/tox.ini
+++ b/tox.ini
@ -36,7 +36,7 @@ commands =
  flake8 {posargs}
  {toxinidir}/tools/validate-all-dockerfiles.sh
  python {toxinidir}/tools/validate-all-file.py
-  bandit docker kolla tests tools
+  bandit -r docker kolla tests tools

 [testenv:bandit]
 commands = bandit -r docker kolla tests tools