498d5c078f
The three lines of code in pegleg.engine.errorcodes, and
pegleg.engine.util.pegleg_secret_management are giving false positive
bandit errors. This patchset address these by adding # nosec label
to each line, instructing Bandit to ignore that line of code.
The three errors detected are all B105, details below from Bandit:
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password:
'P009'
Severity: Low Confidence: Medium
Location: pegleg/engine/errorcodes.py:22
20 FILE_CONTAINS_INVALID_YAML = 'P007'
21 DOCUMENT_LAYER_MISMATCH = 'P008'
22 SECRET_NOT_ENCRYPTED_POLICY = 'P009'
23
24 ALL_CODES = (
25 SCHEMA_STORAGE_POLICY_MISMATCH_FLAG,
# nosec reasoning: The variable 'SECRET_NOT_ENCRYPTED_POLICY' does not
map to a hardcoded password.
--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password:
'^.{24,}$'
Severity: Low Confidence: Medium
Location: pegleg/engine/util/pegleg_secret_management.py:30
28
29 LOG = logging.getLogger(__name__)
30 PASSPHRASE_PATTERN = '^.{24,}$'
31 ENV_PASSPHRASE = 'PEGLEG_PASSPHRASE'
32 ENV_SALT = 'PEGLEG_SALT'
# nosec reasoning: The variable 'PASSPHRASE_PATTERN' does not map to a
hardcoded password
--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password:
'PEGLEG_PASSPHRASE'
Severity: Low Confidence: Medium
Location: pegleg/engine/util/pegleg_secret_management.py:31
29 LOG = logging.getLogger(__name__)
30 PASSPHRASE_PATTERN = '^.{24,}$'
31 ENV_PASSPHRASE = 'PEGLEG_PASSPHRASE'
32 ENV_SALT = 'PEGLEG_SALT'
33
# nosec reasoning: The variable 'ENV_PASSPHRASE' does not map to a
hardcoded password. This is setting the environment variable name that
passwords are stored in as 'PEGLEG_PASSPHRASE'. The passphrases are not
hardcoded on disk, but retrieved from environment variables later via
os.environ.get(ENV_PASSPHRASE)
Change-Id: I4508b30b763f25e4466c2e2159fbaf3c7df68b5b
Pegleg
Introduction
Pegleg is a document aggregator that provides early linting and validations via Deckhand, a document management micro-service within Airship.
Pegleg supports local and remote Git repositories. Remote repositories can be cloned using a variety of protocols -- HTTP(S) or SSH. Afterward, specific revisions within those repositories can be checked out, their documents aggregated, linted, and passed to the rest of Airship for orchestration, allowing document authors to manage their site definitions using version control.
Find more documentation for Pegleg on Read the Docs.
Core Responsibilities
- aggregation - Aggregates all documents required for site deployment across multiple Git repositories, each of which can be used to maintain separate document sets in isolation
- linting - Configurable linting checks documents for common syntactical and semantical mistakes
Getting Started
For more detailed installation and setup information, please refer to the Getting Started guide.
Integration Points
Pegleg has the following integration points: