Update list of skipped bandit plugins.
Adding a zuul job so that any new bandit failures will be caught. Switching bandit to run in python3. B111 plugin was removed from bandit by: PyCQA/bandit@d93eed5 Cleanup the list of bandit checks that need to be skipped in order for this tox job to pass. Those checks can be removed when the code is updated by future commits. Story: 2004515 Task: 37744 Change-Id: I1809b1124a5a693d288fb7ea893f30c24487af36 Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
This commit is contained in:
parent
28b3bd8ba2
commit
7890be45d2
13
.zuul.yaml
13
.zuul.yaml
|
@ -12,6 +12,7 @@
|
|||
- sysinv-tox-py35
|
||||
- sysinv-tox-flake8
|
||||
- sysinv-tox-pylint
|
||||
- sysinv-tox-bandit
|
||||
- controllerconfig-tox-flake8
|
||||
- controllerconfig-tox-py27
|
||||
- controllerconfig-tox-pylint
|
||||
|
@ -25,6 +26,7 @@
|
|||
- sysinv-tox-py35
|
||||
- sysinv-tox-flake8
|
||||
- sysinv-tox-pylint
|
||||
- sysinv-tox-bandit
|
||||
- controllerconfig-tox-flake8
|
||||
- controllerconfig-tox-py27
|
||||
- controllerconfig-tox-pylint
|
||||
|
@ -90,6 +92,17 @@
|
|||
tox_envlist: pylint
|
||||
tox_extra_args: -c sysinv/sysinv/sysinv/tox.ini
|
||||
|
||||
- job:
|
||||
name: sysinv-tox-bandit
|
||||
parent: tox
|
||||
description: |
|
||||
Run bandit test for sysinv
|
||||
files:
|
||||
- sysinv/sysinv/*
|
||||
vars:
|
||||
tox_envlist: bandit
|
||||
tox_extra_args: -c sysinv/sysinv/sysinv/tox.ini
|
||||
|
||||
- job:
|
||||
name: controllerconfig-tox-flake8
|
||||
parent: tox
|
||||
|
|
|
@ -111,29 +111,39 @@ commands = {posargs}
|
|||
[bandit]
|
||||
# The following bandit tests are being skipped:
|
||||
# B101: Test for use of assert
|
||||
# B103: Test for setting permissive file permissions
|
||||
# B104: Test for binding to all interfaces
|
||||
# B107: Test for use of hard-coded password argument defaults
|
||||
# B108: Probable insecure usage of temp file/directory
|
||||
# B105: Test for use of hard-coded password strings
|
||||
# B108: Test for insecure usage of tmp file/directory
|
||||
# B110: Try, Except, Pass detected.
|
||||
# B111: Execute with run_as_root=True identified, possible security issue
|
||||
# B303: Use of insecure MD2, MD4, MD5, or SHA1 hash function.
|
||||
# B307: Blacklisted call to eval.
|
||||
# B310: Audit url open for permitted schemes
|
||||
# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
|
||||
# B314: Blacklisted calls to xml.etree.ElementTree
|
||||
# B318: Blacklisted calls to xml.dom.minidom
|
||||
# B320: Blacklisted calls to lxml.etree
|
||||
# B404: Import of subprocess module
|
||||
# B410: Import of lxml module
|
||||
# B504: Test for SSL use with no version specified
|
||||
# B405: import xml.etree
|
||||
# B408: import xml.minidom
|
||||
# B410: import lxml
|
||||
# B506: Test for use of yaml load
|
||||
# B603: Test for use of subprocess with shell equals true
|
||||
# B602: Test for use of popen with shell equals true
|
||||
# B603: Test for use of subprocess without shell equals true
|
||||
# B604: Test for any function with shell equals true
|
||||
# B605: Test for starting a process with a shell
|
||||
# B607: Test for starting a process with a partial path
|
||||
skips = B101,B104,B107,B108,B110,B111,B310,B311,B404,B410,B504,B506,B603,B607
|
||||
#
|
||||
# Note: 'skips' entry cannot be split across multiple lines
|
||||
#
|
||||
skips = B101,B103,B104,B105,B108,B110,B303,B307,B310,B311,B314,B318,B320,B404,B405,B408,B410,B506,B602,B603,B604,B605,B607
|
||||
exclude = tests
|
||||
|
||||
[testenv:bandit]
|
||||
basepython = python2.7
|
||||
|
||||
deps = {[testenv]deps}
|
||||
basepython = python3
|
||||
deps = -r{toxinidir}/test-requirements.txt
|
||||
bandit
|
||||
|
||||
commands = bandit --ini tox.ini -n 5 -f xml -o bandit.xml -r sysinv
|
||||
commands = bandit --ini tox.ini -n 5 -r sysinv
|
||||
|
||||
[testenv:pylint]
|
||||
basepython = python2.7
|
||||
|
|
4
tox.ini
4
tox.ini
|
@ -53,6 +53,10 @@ description = Dummy environment to allow flake8 to be run in subdir tox
|
|||
basepython = python3
|
||||
description = Dummy environment to allow pylint to be run in subdir tox
|
||||
|
||||
[testenv:bandit]
|
||||
basepython = python3
|
||||
description = Dummy environment to allow bandit to be run in subdir tox
|
||||
|
||||
[testenv:api-ref]
|
||||
basepython = python3
|
||||
install_command = pip install -U {opts} {packages}
|
||||
|
|
Loading…
Reference in New Issue