Browse Source

Issue #17: Introduce Bandit static security checks

Implements #17
Denis Makogon 2 years ago
parent
commit
014f31342e
6 changed files with 15 additions and 5 deletions
  1. 1
    0
      .gitignore
  2. 3
    3
      picasso/common/logger.py
  3. 1
    1
      picasso/tests/common/base.py
  4. 1
    0
      test-requirements.txt
  5. 5
    0
      testing.md
  6. 4
    1
      tox.ini

+ 1
- 0
.gitignore View File

@@ -15,3 +15,4 @@ releasenotes/build
15 15
 .coverage.*
16 16
 *.json
17 17
 .cache
18
+*.log*

+ 3
- 3
picasso/common/logger.py View File

@@ -21,7 +21,7 @@ from . import utils
21 21
 
22 22
 def common_logger_setup(
23 23
         level=logging.DEBUG,
24
-        filename='/tmp/picasso-api.log',
24
+        filename='/var/log/picasso-api.log',
25 25
         log_formatter='[%(asctime)s] - '
26 26
                       '%(name)s - '
27 27
                       '%(levelname)s - '
@@ -40,7 +40,7 @@ def common_logger_setup(
40 40
 
41 41
 
42 42
 def setup_logging(name,
43
-                  filename='/tmp/picasso-api-{}.log'.format(
43
+                  filename='/var/log/picasso-api-{}.log'.format(
44 44
                       datetime.datetime.now()),
45 45
                   level=logging.DEBUG,
46 46
                   log_to_console=False,
@@ -68,7 +68,7 @@ class Singleton(type):
68 68
 class UnifiedLogger(object, metaclass=utils.Singleton):
69 69
 
70 70
     def __init__(self,
71
-                 filename='/tmp/picasso-api-{}.log'.format(
71
+                 filename='/var/log/picasso-api-{}.log'.format(
72 72
                      datetime.datetime.now()),
73 73
                  level=logging.DEBUG, log_to_console=False):
74 74
         self.filename = filename

+ 1
- 1
picasso/tests/common/base.py View File

@@ -36,7 +36,7 @@ class PicassoTestsBase(object):
36 36
 
37 37
         logger = log.UnifiedLogger(
38 38
             log_to_console=False,
39
-            filename=("/tmp/picasso-{}-tests-run-{}.log"
39
+            filename=("./picasso-{}-tests-run-{}.log"
40 40
                       .format(test_type, datetime.datetime.now())),
41 41
             level="DEBUG").setup_logger(__package__)
42 42
         return testloop, logger

+ 1
- 0
test-requirements.txt View File

@@ -8,3 +8,4 @@ sphinx!=1.3b1,<1.4,>=1.2.1 # BSD
8 8
 testtools>=1.4.0 # MIT
9 9
 pytest-aiohttp==0.1.3
10 10
 pytest-cov==2.4.0
11
+bandit>=1.1.0  # Apache-2.0

+ 5
- 0
testing.md View File

@@ -105,3 +105,8 @@ So, as part of `Tox` testing new check was added - functional test coverage regr
105 105
 In order to run it use following command:
106 106
 
107 107
     $ tox -e py35-functional-regression
108
+
109
+Static code analysis with Bandit
110
+================================
111
+
112
+    $ tox -e bandit

+ 4
- 1
tox.ini View File

@@ -1,7 +1,7 @@
1 1
 # Project LaOS
2 2
 
3 3
 [tox]
4
-envlist = py35-functional,py35-functional-regression,py35-integration,py35-integration-regression,pep8,docker-build
4
+envlist = py35-functional,py35-functional-regression,py35-integration,py35-integration-regression,pep8,docker-build,bandit
5 5
 minversion = 1.6
6 6
 skipsdist = True
7 7
 
@@ -51,6 +51,9 @@ commands =
51 51
 [testenv:docker-full]
52 52
 commands = {toxinidir}/scripts/docker_full.sh
53 53
 
54
+[testenv:bandit]
55
+commands = bandit -r picasso/
56
+
54 57
 [flake8]
55 58
 ignore = H202,H304,H404,H405,H501
56 59
 show-source = True

Loading…
Cancel
Save