starlingx
/
update
Code Issues Proposed changes

Enable py3-bandit and py3-flake8 zuul jobs 

This reverts commit 4146e2a859.

Removed the calls to tox from within tox, and setup the
top level tox.ini for bandit and flake8 for the sub folders.

Change-Id: I682869c8e839f4f59cdce48cd0b97b4a4324f4a7
Story: 2004515
Task: 40232
Signed-off-by: albailey <Al.Bailey@windriver.com>
This commit is contained in:
albailey 2020-06-22 21:54:09 -05:00
parent 551de77c61
commit 2302b0fe2e
3 changed files with 53 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.zuul.yaml
View File

@ -7,8 +7,8 @@
check:
jobs:
- openstack-tox-linters
# - py3-bandit
# - py3-flake8
- py3-bandit
- py3-flake8
- patch-tox-pylint
- patch-tox-py27
- patch-tox-py36
@ -18,8 +18,8 @@
gate:
jobs:
- openstack-tox-linters
# - py3-bandit
# - py3-flake8
- py3-bandit
- py3-flake8
- patch-tox-pylint
- patch-tox-py27
- patch-tox-py36

1
test-requirements.txt
View File

@ -2,6 +2,7 @@ hacking>=2.0<2.1
pycodestyle>=2.0.0 # MIT License
mock>=2.0.0 # BSD
bandit!=1.6.0,>=1.1.0,<2.0.0
bashate >= 0.2
PyYAML >= 3.1.0
yamllint >= 0.5.2

57
tox.ini
View File

@ -67,6 +67,29 @@ commands =
filename=
*.preapply
*.preremove
*.py
# ignore below errors , will fix flake8 errors in future
# H101 Use TODO(NAME)
# H102 Apache 2.0 license header not found
# H105 Don't use author tags
# H306 imports not in alphabetical order
# H401 docstring should not start with a space
# H404 multi line docstring should start without a leading new line
# H405 multi line docstring summary not separated with an empty line
# Note: W503 and W504 are mutually exclusive. Must select one of them to suppress.
# W504 line break after binary operator
# E501 line too long. skipped because some of the code files include templates
# that end up quite wide
# F401 'XXXXX' imported but unused
show-source = True
ignore = H101,H102,H105,H306,H401,H404,H405,
W504,E501,F401
exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build,release-tag-*
# H106: Don't put vim configuration in source files (off by default).
# H203: Use assertIs(Not)None to check for None (off by default).
# enable: H904 Delay string interpolations at logging calls (off by default).
enable-extensions = H106 H203 H904
max-line-length = 120
[testenv:flake8]
basepython = python3
@ -75,8 +98,8 @@ whitelist_externals = cp
tox
recreate = True
commands = {[testenv]commands}
tox -c cgcs-patch/cgcs-patch -e flake8
tox -c patch-alarm/patch-alarm -e flake8
flake8 cgcs-patch/cgcs-patch/cgcs_patch
flake8 patch-alarm/patch-alarm/patch_alarm
flake8 {toxinidir}/patch-scripts/kube-upgrade
[testenv:venv]
@ -108,15 +131,31 @@ commands = {[testenv]commands}
tox -c cgcs-patch/cgcs-patch -e py36
tox -c patch-alarm/patch-alarm -e py36
[bandit]
# B101: Test for use of assert
# B104: Test for binding to all interfaces
# B110: Try, Except, Pass detected.
# B303: Use of insecure MD2, MD4, MD5, or SHA1 hash function.
# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
# B314: Blacklisted calls to xml.etree.ElementTree
# B318: Blacklisted calls to xml.dom.minidom
# B404: Import of subprocess module
# B405: import xml.etree
# B408: import xml.minidom
# B413: import pyCrypto
# B506: Test for use of yaml load
# B602: Test for use of popen with shell equals true
# B603: Test for use of subprocess without shell equals true
# B607: Test for starting a process with a partial path
skips = B101,B104,B110,B303,B311,B314,B318,B404,B405,B408,B413,B506,B602,B603,B607
exclude = tests
[testenv:bandit]
basepython = python3
commands = {[testenv]commands}
tox -c cgcs-patch/cgcs-patch -e bandit
tox -c patch-alarm/patch-alarm -e bandit
deps = {[testenv]deps}
recreate = True
whitelist_externals = find
tox
description = Bandit code scan for *.py files source code folders
deps = -r{toxinidir}/test-requirements.txt
commands = bandit --ini tox.ini -r {toxinidir}/ -x '**/.tox/**,**/.eggs/**' -lll
[testenv:pylint]
basepython = python2.7