openstack/kolla
Code Issues Proposed changes

Add bandit check to all python code

Browse Source 
Bandit was not running in all directories
due missing -r parameter.

Also, this change fix bandit errors.
* Add nosec to subprocess module
* Change /tmp/releases to .releases
* Change /tmp/ to tmp/, tmp/ is not checked
  and in unittest is not an issue, simpler that mocking tempfile
  and make more complex tests.

Change-Id: I42bafa4707a9a4d1faeb01cb9b5a843f56280deb
This commit is contained in:
Eduardo Gonzalez 2017-07-06 15:31:17 +02:00
parent e5ea8f678c
commit cc7aabc12e
4 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -45,6 +45,9 @@ releasenotes/build
# Files generated by Ansible # Files generated by Ansible
ansible/*.retry ansible/*.retry
#OpenStack releases repo used by version_check.py.
.releases
# Others # Others
.DS_Store .DS_Store
.vimrc .vimrc

4
kolla/tests/test_build.py
View File

@ -373,10 +373,10 @@ class KollaWorkerTest(base.TestCase):
@mock.patch('shutil.copytree') @mock.patch('shutil.copytree')
def test_work_dir(self, copytree_mock): def test_work_dir(self, copytree_mock):
self.conf.set_override('work_dir', '/tmp/foo') self.conf.set_override('work_dir', 'tmp/foo')
kolla = build.KollaWorker(self.conf) kolla = build.KollaWorker(self.conf)
kolla.setup_working_dir() kolla.setup_working_dir()
self.assertEqual('/tmp/foo/docker', kolla.working_dir) self.assertEqual('tmp/foo/docker', kolla.working_dir)
class MainTest(base.TestCase): class MainTest(base.TestCase):

6
tools/version-check.py
View File

@ -16,7 +16,7 @@ import argparse
import logging import logging
import os import os
import re import re
import subprocess import subprocess # nosec
import sys import sys
import yaml import yaml
@ -38,7 +38,7 @@ logging.basicConfig(level=logging.INFO)
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
RELEASE_REPO = 'https://github.com/openstack/releases' RELEASE_REPO = 'https://github.com/openstack/releases'
TARGET = '/tmp/releases' TARGET = '.releases'
SKIP_PROJECTS = { SKIP_PROJECTS = {
'rally': 'Rally is not managed by openstack/releases project', 'rally': 'Rally is not managed by openstack/releases project',
@ -60,7 +60,7 @@ def update_releases_repo():
else: else:
cmd = ['git', '--git-dir', os.path.join(TARGET, '.git'), '--work-tree', cmd = ['git', '--git-dir', os.path.join(TARGET, '.git'), '--work-tree',
TARGET, 'pull'] TARGET, 'pull']
subprocess.call(cmd) subprocess.call(cmd) # nosec
def get_default_branch(): def get_default_branch():

2
tox.ini
View File

@ -36,7 +36,7 @@ commands =
flake8 {posargs} flake8 {posargs}
{toxinidir}/tools/validate-all-dockerfiles.sh {toxinidir}/tools/validate-all-dockerfiles.sh
python {toxinidir}/tools/validate-all-file.py python {toxinidir}/tools/validate-all-file.py
bandit docker kolla tests tools bandit -r docker kolla tests tools
[testenv:bandit] [testenv:bandit]
commands = bandit -r docker kolla tests tools commands = bandit -r docker kolla tests tools