add bandit security linter
skip B104:hardcoded_bind_all_interfaces since we are an API, so we need to bind to all interfaces, skip this test for now. Change-Id: I2ce3eccb28872b81c04f79e2434833f8c038af3f
This commit is contained in:
parent
6ff6a3147a
commit
9f5a7ad26b
|
@ -39,7 +39,7 @@ LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
occi_opts = [
|
occi_opts = [
|
||||||
config.cfg.StrOpt('ooi_listen',
|
config.cfg.StrOpt('ooi_listen',
|
||||||
default="0.0.0.0",
|
default="0.0.0.0", # nosec
|
||||||
help='The IP address on which the OCCI (ooi) API '
|
help='The IP address on which the OCCI (ooi) API '
|
||||||
'will listen.'),
|
'will listen.'),
|
||||||
config.cfg.IntOpt('ooi_listen_port',
|
config.cfg.IntOpt('ooi_listen_port',
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
hacking>=0.9.2,<0.10
|
hacking>=0.9.2,<0.10a
|
||||||
|
bandit>=1.1.0 # Apache-2.0
|
||||||
coverage>=3.6
|
coverage>=3.6
|
||||||
fixtures>=0.3.14
|
fixtures>=0.3.14
|
||||||
python-subunit>=0.0.18
|
python-subunit>=0.0.18
|
||||||
|
|
12
tox.ini
12
tox.ini
|
@ -29,7 +29,17 @@ commands =
|
||||||
|
|
||||||
|
|
||||||
[testenv:pep8]
|
[testenv:pep8]
|
||||||
commands = flake8
|
commands =
|
||||||
|
flake8
|
||||||
|
# Run security linter
|
||||||
|
# B110: except: pass
|
||||||
|
# B410: importing etree
|
||||||
|
bandit -r ooi -x tests -s B110,B410
|
||||||
|
|
||||||
|
[testenv:bandit]
|
||||||
|
# NOTE(browne): This is required for the integration test job of the bandit
|
||||||
|
# project. Please do not remove.
|
||||||
|
commands = bandit -r ooi -x tests -s B110,B410
|
||||||
|
|
||||||
[testenv:venv]
|
[testenv:venv]
|
||||||
commands = {posargs}
|
commands = {posargs}
|
||||||
|
|
Loading…
Reference in New Issue