openstack/neutron-lib
Code Issues Proposed changes

Add bandit to pep8 gate

Browse Source 
Neutron uses bandit to detect security issues. This patch adds
bandit to the pep8 gate to automatically lint for security issues
in neutron-lib.

Fixed two B101 errors it spotted.

Change-Id: I39d713d0d230b5ae759daa6bc1be9794e6fe2a32
This commit is contained in:
Brian Haley 2018-06-14 11:38:33 -04:00
parent c3fcdeb0f9
commit 7ce2f557c6
4 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
neutron_lib/callbacks/registry.py
View File

@ -13,6 +13,7 @@
import collections import collections
import inspect import inspect
from neutron_lib._i18n import _
from neutron_lib.callbacks import manager from neutron_lib.callbacks import manager
from neutron_lib.callbacks import priority_group from neutron_lib.callbacks import priority_group
@ -70,7 +71,9 @@ def receives(resource, events, priority=priority_group.PRIORITY_DEFAULT):
@has_registry_receivers decorator to setup the __new__ method to @has_registry_receivers decorator to setup the __new__ method to
actually register the instance methods after initialization. actually register the instance methods after initialization.
""" """
assert isinstance(events, (list, tuple, set)), 'events must be collection' if not isinstance(events, (list, tuple, set)):
msg = _("'events' must be a collection (list, tuple, set)")
raise AssertionError(msg)
def decorator(f): def decorator(f):
for e in events: for e in events:

5
neutron_lib/db/api.py
View File

@ -345,4 +345,7 @@ def _load_one_to_manys(session):
continue continue
if relationship_attr.key not in state.dict: if relationship_attr.key not in state.dict:
getattr(new_object, relationship_attr.key) getattr(new_object, relationship_attr.key)
assert relationship_attr.key in state.dict if relationship_attr.key not in state.dict:
msg = ("Relationship %s attributes must be loaded in db "
"object %s" % (relationship_attr.key, state.dict))
raise AssertionError(msg)

1
test-requirements.txt
View File

@ -4,6 +4,7 @@
hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0 hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
bandit>=1.1.0 # Apache-2.0
coverage!=4.4,>=4.0 # Apache-2.0 coverage!=4.4,>=4.0 # Apache-2.0
fixtures>=3.0.0 # Apache-2.0/BSD fixtures>=3.0.0 # Apache-2.0/BSD
flake8-import-order==0.12 # LGPLv3 flake8-import-order==0.12 # LGPLv3

6
tox.ini
View File

@ -24,6 +24,7 @@ basepython = python3
commands = commands =
flake8 flake8
{toxinidir}/tools/check_samples.sh {toxinidir}/tools/check_samples.sh
{[testenv:bandit]commands}
[testenv:releasenotes] [testenv:releasenotes]
basepython = python3 basepython = python3
@ -96,6 +97,11 @@ show-source = True
exclude=.venv,.git,.tox,dist,doc,*lib/python*,*egg,build,tools exclude=.venv,.git,.tox,dist,doc,*lib/python*,*egg,build,tools
import-order-style = pep8 import-order-style = pep8
[testenv:bandit]
# B104: Possible binding to all interfaces
deps = -r{toxinidir}/test-requirements.txt
commands = bandit -r neutron_lib -x tests -n5 -s B104
[hacking] [hacking]
import_exceptions = neutron_lib._i18n import_exceptions = neutron_lib._i18n
local-check-factory = neutron_lib.hacking.checks._neutron_lib_factory local-check-factory = neutron_lib.hacking.checks._neutron_lib_factory