openstack/watcher
Code Issues Proposed changes

pre-commit: Integrate bandit

Browse Source 
Run bandit check from per-commit so that the check is executed in pep8
job.

Also remove requirements installed automatically by pre-commit from
test-requirements.

Change-Id: I45af8c47afb262882ebbee74ae52446fed741e26
This commit is contained in:
Takashi Kajinami
2025-02-09 08:03:34 +09:00
parent 5f6fbaea56
commit dd0082c343
7 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.pre-commit-config.yaml
View File

@@ -34,6 +34,11 @@ repos:
- id: hacking - id: hacking
additional_dependencies: [] additional_dependencies: []
exclude: '^(doc|releasenotes|tools)/.*$' exclude: '^(doc|releasenotes|tools)/.*$'
- repo: https://github.com/PyCQA/bandit
rev: 1.7.6
hooks:
- id: bandit
args: ['-x', 'tests', '-s', 'B101,B311,B320']
- repo: https://github.com/hhatto/autopep8 - repo: https://github.com/hhatto/autopep8
rev: v2.3.1 rev: v2.3.1
hooks: hooks:

3
test-requirements.txt
View File

@@ -1,10 +1,7 @@
coverage>=4.5.1 # Apache-2.0 coverage>=4.5.1 # Apache-2.0
doc8>=0.8.0 # Apache-2.0
freezegun>=0.3.10 # Apache-2.0 freezegun>=0.3.10 # Apache-2.0
hacking>=7.0.0,<7.1.0 # Apache-2.0
oslotest>=3.3.0 # Apache-2.0 oslotest>=3.3.0 # Apache-2.0
testscenarios>=0.5.0 # Apache-2.0/BSD testscenarios>=0.5.0 # Apache-2.0/BSD
testtools>=2.3.0 # MIT testtools>=2.3.0 # MIT
stestr>=2.0.0 # Apache-2.0 stestr>=2.0.0 # Apache-2.0
bandit>=1.6.0 # Apache-2.0
WebTest>=2.0.27 # MIT WebTest>=2.0.27 # MIT

6
tox.ini
View File

@@ -110,8 +110,10 @@ deps = -r{toxinidir}/doc/requirements.txt
commands = sphinx-build -a -W -E -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html commands = sphinx-build -a -W -E -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html
[testenv:bandit] [testenv:bandit]
deps = -r{toxinidir}/test-requirements.txt skip_install = true
commands = bandit -r watcher -x watcher/tests/* -n5 -ll deps = {[testenv:pep8]deps}
commands =
pre-commit run --all-files --show-diff-on-failure bandit
[flake8] [flake8]
filename = *.py,app.wsgi filename = *.py,app.wsgi

2
watcher/db/sqlalchemy/job_store.py
View File

@@ -16,7 +16,7 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
import pickle import pickle # nosec: B403
from apscheduler.jobstores.base import ConflictingIdError from apscheduler.jobstores.base import ConflictingIdError
from apscheduler.jobstores import sqlalchemy from apscheduler.jobstores import sqlalchemy

2
watcher/decision_engine/datasources/manager.py
View File

@@ -139,7 +139,7 @@ class DataSourceManager(object):
ds.METRIC_MAP.update(self.metric_map[ds.NAME]) ds.METRIC_MAP.update(self.metric_map[ds.NAME])
return ds return ds
except Exception: except Exception:
pass pass # nosec: B110
raise exception.MetricNotAvailable(metric=metric) raise exception.MetricNotAvailable(metric=metric)
def load_metric_map(self, file_path): def load_metric_map(self, file_path):

2
watcher/decision_engine/model/element/base.py
View File

@@ -19,7 +19,7 @@
import abc import abc
import collections import collections
from lxml import etree from lxml import etree # nosec: B410
from oslo_log import log from oslo_log import log
from watcher.objects import base from watcher.objects import base

2
watcher/decision_engine/model/model_root.py
View File

@@ -17,7 +17,7 @@ Openstack implementation of the cluster graph.
""" """
import ast import ast
from lxml import etree from lxml import etree # nosec: B410
import networkx as nx import networkx as nx
from oslo_concurrency import lockutils from oslo_concurrency import lockutils
from oslo_log import log from oslo_log import log