From 24156a438fa543e2753fe8a2e7b0e639c7227d21 Mon Sep 17 00:00:00 2001 From: "ChangBo Guo(gcb)" Date: Thu, 7 Dec 2017 13:47:29 +0800 Subject: [PATCH] Add bandit to pep8 job Add the bandit security scanner to the pep8 job. * convert assert statement to raise AssertionError * Don't hard code '/tmp' in test * skip B404 Change-Id: Ie30163d32dc6884667f0725f5aced809c0de82d0 --- oslo_rootwrap/client.py | 3 ++- oslo_rootwrap/tests/test_rootwrap.py | 18 +++++++++++------- test-requirements.txt | 3 +++ tox.ini | 7 ++++++- 4 files changed, 22 insertions(+), 9 deletions(-) diff --git a/oslo_rootwrap/client.py b/oslo_rootwrap/client.py index ecf730f..ee64b74 100644 --- a/oslo_rootwrap/client.py +++ b/oslo_rootwrap/client.py @@ -116,7 +116,8 @@ class Client(object): def _restart(self, proxy): with self._mutex: - assert self._initialized + if not self._initialized: + raise AssertionError("Client should be initialized.") # Verify if someone has already restarted this. if self._proxy is proxy: self._finalize() diff --git a/oslo_rootwrap/tests/test_rootwrap.py b/oslo_rootwrap/tests/test_rootwrap.py index 658fcb0..bca5cf9 100644 --- a/oslo_rootwrap/tests/test_rootwrap.py +++ b/oslo_rootwrap/tests/test_rootwrap.py @@ -15,6 +15,7 @@ import logging import logging.handlers import os +import tempfile import uuid import fixtures @@ -511,7 +512,8 @@ class PathFilterTestCase(testtools.TestCase): def setUp(self): super(PathFilterTestCase, self).setUp() - tmpdir = fixtures.TempDir('/tmp') + self.tmp_root_dir = tempfile.mkdtemp() + tmpdir = fixtures.TempDir(self.tmp_root_dir) self.useFixture(tmpdir) self.f = filters.PathFilter('/bin/chown', 'root', 'nova', tmpdir.path) @@ -519,7 +521,7 @@ class PathFilterTestCase(testtools.TestCase): gen_name = lambda: str(uuid.uuid4()) self.SIMPLE_FILE_WITHIN_DIR = os.path.join(tmpdir.path, 'some') - self.SIMPLE_FILE_OUTSIDE_DIR = os.path.join('/tmp', 'some') + self.SIMPLE_FILE_OUTSIDE_DIR = os.path.join(self.tmp_root_dir, 'some') self.TRAVERSAL_WITHIN_DIR = os.path.join(tmpdir.path, 'a', '..', 'some') self.TRAVERSAL_OUTSIDE_DIR = os.path.join(tmpdir.path, '..', 'some') @@ -538,7 +540,8 @@ class PathFilterTestCase(testtools.TestCase): os.symlink(os.path.join(tmpdir.path, 'a'), self.SYMLINK_WITHIN_DIR) self.SYMLINK_OUTSIDE_DIR = os.path.join(tmpdir.path, gen_name()) - os.symlink(os.path.join('/tmp', 'some_file'), self.SYMLINK_OUTSIDE_DIR) + os.symlink(os.path.join(self.tmp_root_dir, 'some_file'), + self.SYMLINK_OUTSIDE_DIR) def test_empty_args(self): self.assertFalse(self.f.match([])) @@ -551,12 +554,13 @@ class PathFilterTestCase(testtools.TestCase): self.assertTrue(f.match(args)) def test_argument_equality_constraint(self): - f = filters.PathFilter('/bin/chown', 'root', 'nova', '/tmp/spam/eggs') + temp_file_path = os.path.join(self.tmp_root_dir, 'spam/eggs') + f = filters.PathFilter('/bin/chown', 'root', 'nova', temp_file_path) - args = ['chown', 'nova', '/tmp/spam/eggs'] + args = ['chown', 'nova', temp_file_path] self.assertTrue(f.match(args)) - args = ['chown', 'quantum', '/tmp/spam/eggs'] + args = ['chown', 'quantum', temp_file_path] self.assertFalse(f.match(args)) def test_wrong_arguments_number(self): @@ -654,6 +658,6 @@ class DaemonCleanupTestCase(testtools.TestCase): @mock.patch('multiprocessing.managers.BaseManager.get_server', side_effect=DaemonCleanupException) def test_daemon_no_cleanup_for_uninitialized_server(self, gs, mkd, *args): - mkd.return_value = '/tmp/123' + mkd.return_value = '/just_dir/123' self.assertRaises(DaemonCleanupException, daemon.daemon_start, config=None, filters=None) diff --git a/test-requirements.txt b/test-requirements.txt index e8710fd..fc370e7 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -21,3 +21,6 @@ mock>=2.0.0 # BSD eventlet!=0.18.3,!=0.20.1,<0.21.0,>=0.18.2 # MIT reno>=2.5.0 # Apache-2.0 + +# Bandit security code scanner +bandit>=1.1.0 # Apache-2.0 diff --git a/tox.ini b/tox.ini index 51ce23c..94b3d6b 100644 --- a/tox.ini +++ b/tox.ini @@ -16,7 +16,12 @@ commands = env TEST_EVENTLET=1 python setup.py testr --slowest --testr-args='tests.test_functional_eventlet' [testenv:pep8] -commands = flake8 +deps = + -r{toxinidir}/test-requirements.txt +commands = + flake8 + # Run security linter + bandit -r oslo_rootwrap tests -n5 --skip B404 [testenv:cover] deps = {[testenv]deps}