openstack/python-openstackclient
Code Issues Proposed changes

Merge "add a bandit environment to tox"

Browse Source
This commit is contained in:
Jenkins 2016-05-02 14:03:29 +00:00 committed by Gerrit Code Review
commit 1ccb26b5c9
2 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
test-requirements.txt
View File

@ -17,6 +17,7 @@ testrepository>=0.0.18 # Apache-2.0/BSD
testtools>=1.4.0 # MIT testtools>=1.4.0 # MIT
tempest>=11.0.0 # Apache-2.0 tempest>=11.0.0 # Apache-2.0
osprofiler>=1.3.0 # Apache-2.0 osprofiler>=1.3.0 # Apache-2.0
bandit>=1.0.1 # Apache-2.0
# Install these to generate sphinx autodocs # Install these to generate sphinx autodocs
python-barbicanclient>=4.0.0 # Apache-2.0 python-barbicanclient>=4.0.0 # Apache-2.0

31
tox.ini
View File

@ -12,7 +12,36 @@ commands = ostestr {posargs}
whitelist_externals = ostestr whitelist_externals = ostestr
[testenv:pep8] [testenv:pep8]
commands = flake8 commands =
flake8
bandit -r openstackclient -x tests -s B105,B106,B107,B401,B404,B603,B606,B607,B110,B605,B101
[testenv:bandit]
# This command runs the bandit security linter against the openstackclient
# codebase minus the tests directory. Some tests are being excluded to
# reduce the number of positives before a team inspection, and to ensure a
# passing gate job for initial addition. The excluded tests are:
# B105-B107: hardcoded password checks - likely to generate false positives
# in a gate environment
# B401: import subprocess - not necessarily a security issue; this plugin is
# mainly used for penetration testing workflow
# B603,B606: process without shell - not necessarily a security issue; this
# plugin is mainly used for penetration testing workflow
# B607: start process with a partial path - this should be a project level
# decision
# NOTE(elmiko): The following tests are being excluded specifically for
# python-openstackclient, they are being excluded to ensure that voting jobs
# in the project and in bandit integration tests continue to pass. These
# tests have generated issue within the project and should be investigated
# by the project.
# B110: try, except, pass detected - possible security issue; this should be
# investigated by the project for possible exploitation
# B605: process with a shell - possible security issue; this should be
# investigated by the project for possible exploitation
# B101: use of assert - this code will be removed when compiling to optimized
# byte code
commands =
bandit -r openstackclient -x tests -s B105,B106,B107,B401,B404,B603,B606,B607,B110,B605,B101
[testenv:functional] [testenv:functional]
setenv = OS_TEST_PATH=./functional/tests setenv = OS_TEST_PATH=./functional/tests