Merge pull request #31 from denismakogon/bandit-security

Issue #17: Introduce Bandit static security checks
This commit is contained in:
Denis Makogon 2016-12-13 09:47:50 +02:00 committed by GitHub
commit cbc157b396
6 changed files with 15 additions and 5 deletions

1
.gitignore vendored
View File

@ -15,3 +15,4 @@ releasenotes/build
.coverage.* .coverage.*
*.json *.json
.cache .cache
*.log*

View File

@ -21,7 +21,7 @@ from . import utils
def common_logger_setup( def common_logger_setup(
level=logging.DEBUG, level=logging.DEBUG,
filename='/tmp/picasso-api.log', filename='/var/log/picasso-api.log',
log_formatter='[%(asctime)s] - ' log_formatter='[%(asctime)s] - '
'%(name)s - ' '%(name)s - '
'%(levelname)s - ' '%(levelname)s - '
@ -40,7 +40,7 @@ def common_logger_setup(
def setup_logging(name, def setup_logging(name,
filename='/tmp/picasso-api-{}.log'.format( filename='/var/log/picasso-api-{}.log'.format(
datetime.datetime.now()), datetime.datetime.now()),
level=logging.DEBUG, level=logging.DEBUG,
log_to_console=False, log_to_console=False,
@ -68,7 +68,7 @@ class Singleton(type):
class UnifiedLogger(object, metaclass=utils.Singleton): class UnifiedLogger(object, metaclass=utils.Singleton):
def __init__(self, def __init__(self,
filename='/tmp/picasso-api-{}.log'.format( filename='/var/log/picasso-api-{}.log'.format(
datetime.datetime.now()), datetime.datetime.now()),
level=logging.DEBUG, log_to_console=False): level=logging.DEBUG, log_to_console=False):
self.filename = filename self.filename = filename

View File

@ -36,7 +36,7 @@ class PicassoTestsBase(object):
logger = log.UnifiedLogger( logger = log.UnifiedLogger(
log_to_console=False, log_to_console=False,
filename=("/tmp/picasso-{}-tests-run-{}.log" filename=("./picasso-{}-tests-run-{}.log"
.format(test_type, datetime.datetime.now())), .format(test_type, datetime.datetime.now())),
level="DEBUG").setup_logger(__package__) level="DEBUG").setup_logger(__package__)
return testloop, logger return testloop, logger

View File

@ -8,3 +8,4 @@ sphinx!=1.3b1,<1.4,>=1.2.1 # BSD
testtools>=1.4.0 # MIT testtools>=1.4.0 # MIT
pytest-aiohttp==0.1.3 pytest-aiohttp==0.1.3
pytest-cov==2.4.0 pytest-cov==2.4.0
bandit>=1.1.0 # Apache-2.0

View File

@ -105,3 +105,8 @@ So, as part of `Tox` testing new check was added - functional test coverage regr
In order to run it use following command: In order to run it use following command:
$ tox -e py35-functional-regression $ tox -e py35-functional-regression
Static code analysis with Bandit
================================
$ tox -e bandit

View File

@ -1,7 +1,7 @@
# Project LaOS # Project LaOS
[tox] [tox]
envlist = py35-functional,py35-functional-regression,py35-integration,py35-integration-regression,pep8,docker-build envlist = py35-functional,py35-functional-regression,py35-integration,py35-integration-regression,pep8,docker-build,bandit
minversion = 1.6 minversion = 1.6
skipsdist = True skipsdist = True
@ -51,6 +51,9 @@ commands =
[testenv:docker-full] [testenv:docker-full]
commands = {toxinidir}/scripts/docker_full.sh commands = {toxinidir}/scripts/docker_full.sh
[testenv:bandit]
commands = bandit -r picasso/
[flake8] [flake8]
ignore = H202,H304,H404,H405,H501 ignore = H202,H304,H404,H405,H501
show-source = True show-source = True