dd6ad90e01
This change is being proposed as part of the OpenStack Security Project working session at the Austin 2016 summit. It adds support for running the bandit[1] security linting tool against the Castellan codebase. This change adds a targetted environment for bandit and also adds bandit as part of the pep8 job. The bandit configuration has been tailored to exclude tests that are currently producing warning against the codebase. These issues will be followed up with bug reports and patches. At the time of submission, Castellan passes all Bandit tests configured in tox. [1]: https://wiki.openstack.org/wiki/Security/Projects/Bandit Change-Id: I19368d3440ad5dc862e7d91f7890f9b1901fced3
67 lines
2.0 KiB
INI
67 lines
2.0 KiB
INI
[tox]
|
|
minversion = 1.6
|
|
envlist = py34,py27,pypy,pep8
|
|
skipsdist = True
|
|
|
|
[testenv]
|
|
usedevelop = True
|
|
install_command = pip install -U {opts} {packages}
|
|
setenv =
|
|
VIRTUAL_ENV={envdir}
|
|
OS_TEST_PATH=./castellan/tests/unit
|
|
deps = -r{toxinidir}/requirements.txt
|
|
-r{toxinidir}/test-requirements.txt
|
|
commands = python setup.py testr --slowest --testr-args='{posargs}'
|
|
|
|
[testenv:pep8]
|
|
commands =
|
|
flake8
|
|
bandit -r castellan -x tests -s B105,B106,B107,B607
|
|
|
|
[testenv:bandit]
|
|
# This command runs the bandit security linter against the castellan
|
|
# codebase minus the tests directory. Some tests are being excluded to
|
|
# reduce the number of positives before a team inspection, and to ensure a
|
|
# passing gate job for initial addition. The excluded tests are:
|
|
# B105-B107: hardcoded password checks - likely to generate false positives
|
|
# in a gate environment
|
|
# B607: start process with a partial path - this should be a project level
|
|
# decision
|
|
commands =
|
|
bandit -r castellan -x tests -s B105,B106,B107,B607
|
|
|
|
[testenv:venv]
|
|
commands = {posargs}
|
|
|
|
[testenv:debug]
|
|
commands = oslo_debug_helper {posargs}
|
|
|
|
[testenv:cover]
|
|
commands = python setup.py testr --coverage --testr-args='{posargs}'
|
|
|
|
[testenv:docs]
|
|
commands = python setup.py build_sphinx
|
|
|
|
[testenv:functional]
|
|
usedevelop = True
|
|
install_command = pip install -U {opts} {packages}
|
|
setenv =
|
|
VIRTUAL_ENV={envdir}
|
|
OS_TEST_PATH=./castellan/tests/functional
|
|
deps = -r{toxinidir}/requirements.txt
|
|
-r{toxinidir}/test-requirements.txt
|
|
commands = python setup.py testr --slowest --testr-args='{posargs}'
|
|
|
|
[testenv:genconfig]
|
|
commands =
|
|
oslo-config-generator --config-file=etc/castellan/functional-config-generator.conf
|
|
oslo-config-generator --config-file=etc/castellan/sample-config-generator.conf
|
|
|
|
[flake8]
|
|
# H803 skipped on purpose per list discussion.
|
|
# E123, E125 skipped as they are invalid PEP-8.
|
|
|
|
show-source = True
|
|
ignore = E123,E125
|
|
exclude=.venv,.git,.tox,dist,doc,*openstack/common*,*lib/python*,*egg,build
|