Turn on bandit check as part of pep8

Add bandit job as part of pep8 in tox.ini Had to mark two instances of try except pass as OK so that bandit will pass Change-Id: If3b78e9dcbfc65c232a6ba35665430a6463841e6
2017-02-06 12:45:23 -07:00 · 2017-02-06 12:45:23 -07:00 · ef9db22744
commit ef9db22744
parent 7818d81ab3
3 changed files with 21 additions and 4 deletions
--- a/monasca_notification/main.py
+++ b/monasca_notification/main.py
@ -1,4 +1,4 @@
-# (C) Copyright 2014-2016 Hewlett Packard Enterprise Development Company LP
+# (C) Copyright 2014-2017 Hewlett Packard Enterprise Development LP
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -56,7 +56,9 @@ def clean_exit(signum, frame=None):
            if process.is_alive():
                process.terminate()  # Sends sigterm which any processes after a notification is sent attempt to handle
                wait_for_exit = True
-        except Exception:
+        except Exception:  # nosec
+            # There is really nothing to do if the kill fails, so just go on.
+            # The # nosec keeps bandit from reporting this as a security issue
            pass

    # wait for a couple seconds to give the subprocesses a chance to shut down correctly.
@ -68,7 +70,9 @@ def clean_exit(signum, frame=None):
        log.debug('Killing pid %s' % child.pid)
        try:
            os.kill(child.pid, signal.SIGKILL)
-        except Exception:
+        except Exception:  # nosec
+            # There is really nothing to do if the kill fails, so just go on.
+            # The # nosec keeps bandit from reporting this as a security issue
            pass

    if signum == signal.SIGTERM:
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -2,6 +2,7 @@
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
 # Hacking already pins down pep8, pyflakes and flake8
+bandit>=1.1.0  # Apache-2.0
 hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
 coverage>=4.0 # Apache-2.0
 mock>=2.0 # BSD
--- a/tox.ini
+++ b/tox.ini
@ -56,11 +56,19 @@ commands =
  oslo_debug_helper -t ./monasca_notification/tests {posargs}

 [testenv:pep8]
-commands = flake8
+deps =
+  {[testenv]deps}
+commands =
+  {[testenv:flake8]commands}
+  {[bandit]commands}

 [testenv:venv]
 commands = {posargs}

+[testenv:flake8]
+commands =
+    flake8 monasca_notification
+
 [flake8]
 max-line-length = 120
 # TODO: ignored checks should be enabled in the future
@ -68,3 +76,7 @@ max-line-length = 120
 # H405  multi line docstring summary not separated with an empty line
 ignore = F821,H201,H405
 exclude=.venv,.git,.tox,dist,*egg,build
+
+[bandit]
+commands =
+  bandit -r monasca_notification -n5 -x monasca_notification/tests