Fix the bandit security linter test

Add the bandit security linter test to the pep8 target Change-Id: I9324b9d9df77fd05c2e10bb48d7ccf8b4c634525
2018-06-13 16:19:28 -04:00 · 2018-06-13 16:19:28 -04:00 · ae9e673887
commit ae9e673887
parent 044e6f20e6
3 changed files with 16 additions and 12 deletions
--- a/oslo_messaging/_drivers/amqp1_driver/controller.py
+++ b/oslo_messaging/_drivers/amqp1_driver/controller.py
@ -783,7 +783,7 @@ class Hosts(object):
            entry.password = entry.password or default_password
            if default_realm and entry.username and '@' not in entry.username:
                entry.username = entry.username + '@' + default_realm
-        self._current = random.randint(0, len(self._entries) - 1)
+        self._current = random.randint(0, len(self._entries) - 1)  # nosec

    @property
    def current(self):
--- a/oslo_messaging/_drivers/common.py
+++ b/oslo_messaging/_drivers/common.py
@ -426,8 +426,9 @@ class ConnectionContext(Connection):
                    LOG.exception(_LE("Fail to reset the connection, drop it"))
                    try:
                        self.connection.close()
-                    except Exception:
-                        pass
+                    except Exception as exc:
+                        LOG.debug("pooled conn close failure (ignored): %s",
+                                  str(exc))
                    self.connection = self.connection_pool.create()
                finally:
                    self.connection_pool.put(self.connection)
@ -435,7 +436,8 @@ class ConnectionContext(Connection):
                try:
                    self.connection.close()
                except Exception:
-                    pass
+                    LOG.debug("pooled conn close failure (ignored): %s",
+                              str(exc))
            self.connection = None

    def __exit__(self, exc_type, exc_value, tb):
--- a/tox.ini
+++ b/tox.ini
@ -1,6 +1,6 @@
 [tox]
 minversion = 2.0
-envlist = py35,py27,pep8,bandit
+envlist = py35,py27,pep8

 [testenv]
 setenv =
@ -17,8 +17,10 @@ commands = python setup.py testr --slowest --testr-args='{posargs}'

 [testenv:pep8]
 basepython = python3
-commands = flake8
-deps = hacking<0.11,>=0.10.0
+commands =
+  flake8
+  # run security linter
+  bandit -r oslo_messaging -x tests,_drivers/zmq_driver,_drivers/impl_zmq.py -n5

 [testenv:cover]
 basepython = python3
@ -104,13 +106,13 @@ commands = {toxinidir}/setup-test-env-zmq-proxy.sh python setup.py testr --slowe
 basepython = python2.7
 commands = {toxinidir}/setup-test-env-zmq-pub-sub.sh python setup.py testr --slowest --testr-args='{posargs:oslo_messaging.tests.functional}'

+
 [testenv:bandit]
+# NOTE(kgiusti): This is required for the integration test job of the bandit
+# project. Please do not remove.
 basepython = python3
-deps =
-  -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt}
-  -r{toxinidir}/test-requirements.txt
-  -r{toxinidir}/requirements.txt
-commands = bandit -r oslo_messaging -x tests -n5
+# skip ZeroMQ - it is deprecated
+commands = bandit -r oslo_messaging -x tests,_drivers/zmq_driver,_drivers/impl_zmq.py -n5

 [flake8]
 show-source = True