Convert yaml.load to yaml.safe_load
yaml.load is considered unsafe. yaml.safe_load is the recommended method to use. The yaml.load is only being called from scenario tests, and from a forensic tool that is unused. Therefore this code change has no runtime impact. This allow unsuppressing the following pylint error E1120 no-value-for-parameter This allow unsuppressing the following bandit error B506: Test for use of yaml load Adding a new bandit zuul job, and removing the pinning of the version of bandit for this repo. Test Plan: PASS: tox -e pylint PASS: tox -e bandit PASS: build-pkgs -p nfv Story: 2010531 Task: 47174 Signed-off-by: Al Bailey <al.bailey@windriver.com> Change-Id: Ie60dcf98425c95e103d22e7be4212de1954550bf
This commit is contained in:
parent
e6114addac
commit
d87462c851
12
.zuul.yaml
12
.zuul.yaml
@ -43,6 +43,18 @@
|
||||
vars:
|
||||
tox_extra_args: -c nfv/tox.ini
|
||||
|
||||
- job:
|
||||
name: nfv-tox-bandit
|
||||
parent: tox
|
||||
description: Run bandit for nfv
|
||||
nodeset: debian-bullseye
|
||||
required-projects:
|
||||
- starlingx/root
|
||||
vars:
|
||||
tox_envlist: bandit
|
||||
tox_extra_args: -c nfv/tox.ini
|
||||
tox_constraints_file: '{{ ansible_user_dir }}/src/opendev.org/starlingx/root/build-tools/requirements/debian/upper-constraints.txt'
|
||||
|
||||
- job:
|
||||
name: nfv-tox-pylint
|
||||
parent: tox
|
||||
|
@ -108,7 +108,7 @@ def parser_initialize():
|
||||
path = os.path.abspath(__file__)
|
||||
config_file = os.path.dirname(path) + "/config/nfv-vim.yaml"
|
||||
if os.path.isfile(config_file):
|
||||
config_data = yaml.load(open(config_file))
|
||||
config_data = yaml.safe_load(open(config_file))
|
||||
return NfvVimParser(config_data)
|
||||
return None
|
||||
|
||||
|
@ -622,7 +622,7 @@ def process_main():
|
||||
sys.exit(1)
|
||||
|
||||
if args.data:
|
||||
data_fill = yaml.load(open(data_dir + '/data/' + args.data + '.yaml'))
|
||||
data_fill = yaml.safe_load(open(data_dir + '/data/' + args.data + '.yaml'))
|
||||
else:
|
||||
print("No data file given.")
|
||||
sys.exit(1)
|
||||
@ -630,7 +630,7 @@ def process_main():
|
||||
if args.setup:
|
||||
setup_template = j2_env.get_template(args.setup + '.template')
|
||||
setup_yaml = setup_template.render(data_fill)
|
||||
setup_data = yaml.load(setup_yaml)
|
||||
setup_data = yaml.safe_load(setup_yaml)
|
||||
else:
|
||||
print("No setup file given.")
|
||||
sys.exit(1)
|
||||
@ -638,7 +638,7 @@ def process_main():
|
||||
if args.tests:
|
||||
tests_template = j2_env.get_template(args.tests + '.template')
|
||||
tests_yaml = tests_template.render(data_fill)
|
||||
test_data = yaml.load(tests_yaml)
|
||||
test_data = yaml.safe_load(tests_yaml)
|
||||
else:
|
||||
print("No tests given.")
|
||||
sys.exit(1)
|
||||
|
@ -135,15 +135,15 @@ enable=E1603,E1609,E1610,E1602,E1606,E1608,E1607,E1605,E1604,E1601,E1611,W1652,
|
||||
# W0237 arguments-renamed
|
||||
# W4904 deprecated-class
|
||||
# W4905 deprecated-decorator
|
||||
|
||||
# E0012 pylint for python3 does not support inline deprecation
|
||||
# E1101 no-member
|
||||
# E1111 assignment-from-no-return
|
||||
# E1120 no-value-for-parameter
|
||||
# E1121 too-many-function-args
|
||||
disable=C, R, W0120, W0125, W0212, W0221, W0223, W0231, W0235,
|
||||
W0401, W0404, W0511, W0602, W0603, W0612, W0613, W0621, W0622, W0703, W1401,
|
||||
W0107, W0706, W0707, W1310, W1406, W1505, W1514, W1618, W0237, W4904, W4905,
|
||||
E0012, E1101, E1111, E1120, E1121
|
||||
E0012, E1101, E1111, E1121
|
||||
|
||||
[REPORTS]
|
||||
# Set the output format. Available formats are text, parseable, colorized, msvs
|
||||
|
@ -2,7 +2,7 @@
|
||||
# of appearance. Changing the order has an impact on the overall integration
|
||||
# process, which may cause wedges in the gate later.
|
||||
hacking>=1.1.0,<=2.0.0 # Apache-2.0
|
||||
bandit<1.6.0
|
||||
bandit
|
||||
coverage>=3.6
|
||||
fixtures>=3.0.0 # Apache-2.0/BSD
|
||||
mock>=2.0.0 # BSD
|
||||
|
@ -116,14 +116,12 @@ commands = pylint {[nfv]nfv_client_src_dir} \
|
||||
# B108: Probable insecure usage of temp file/directory
|
||||
# B110: Try, Except, Pass detected.
|
||||
# B310: Audit url open for permitted schemes
|
||||
# B506: Test for use of yaml load
|
||||
skips = B104,B108,B110,B310,B506
|
||||
skips = B104,B108,B110,B310
|
||||
exclude = ./nfv-docs,./nfv-tests,./nfv-debug-tools,unit_test
|
||||
|
||||
|
||||
[testenv:bandit]
|
||||
deps = {[nfv]deps}
|
||||
-r{toxinidir}/test-requirements.txt
|
||||
deps = -r{toxinidir}/test-requirements.txt
|
||||
commands = bandit --ini tox.ini -f txt -r {[nfv]nfv_base_dir}
|
||||
|
||||
[testenv:py39]
|
||||
|
Loading…
Reference in New Issue
Block a user