Convert yaml.load to yaml.safe_load
yaml.load is considered unsafe. yaml.safe_load is the recommended method to use. The yaml.load is only being called from scenario tests, and from a forensic tool that is unused. Therefore this code change has no runtime impact. This allow unsuppressing the following pylint error E1120 no-value-for-parameter This allow unsuppressing the following bandit error B506: Test for use of yaml load Adding a new bandit zuul job, and removing the pinning of the version of bandit for this repo. Test Plan: PASS: tox -e pylint PASS: tox -e bandit PASS: build-pkgs -p nfv Story: 2010531 Task: 47174 Signed-off-by: Al Bailey <al.bailey@windriver.com> Change-Id: Ie60dcf98425c95e103d22e7be4212de1954550bf
This commit is contained in:
parent
e6114addac
commit
d87462c851
12
.zuul.yaml
12
.zuul.yaml
@ -43,6 +43,18 @@
|
|||||||
vars:
|
vars:
|
||||||
tox_extra_args: -c nfv/tox.ini
|
tox_extra_args: -c nfv/tox.ini
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: nfv-tox-bandit
|
||||||
|
parent: tox
|
||||||
|
description: Run bandit for nfv
|
||||||
|
nodeset: debian-bullseye
|
||||||
|
required-projects:
|
||||||
|
- starlingx/root
|
||||||
|
vars:
|
||||||
|
tox_envlist: bandit
|
||||||
|
tox_extra_args: -c nfv/tox.ini
|
||||||
|
tox_constraints_file: '{{ ansible_user_dir }}/src/opendev.org/starlingx/root/build-tools/requirements/debian/upper-constraints.txt'
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: nfv-tox-pylint
|
name: nfv-tox-pylint
|
||||||
parent: tox
|
parent: tox
|
||||||
|
@ -108,7 +108,7 @@ def parser_initialize():
|
|||||||
path = os.path.abspath(__file__)
|
path = os.path.abspath(__file__)
|
||||||
config_file = os.path.dirname(path) + "/config/nfv-vim.yaml"
|
config_file = os.path.dirname(path) + "/config/nfv-vim.yaml"
|
||||||
if os.path.isfile(config_file):
|
if os.path.isfile(config_file):
|
||||||
config_data = yaml.load(open(config_file))
|
config_data = yaml.safe_load(open(config_file))
|
||||||
return NfvVimParser(config_data)
|
return NfvVimParser(config_data)
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
@ -622,7 +622,7 @@ def process_main():
|
|||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
if args.data:
|
if args.data:
|
||||||
data_fill = yaml.load(open(data_dir + '/data/' + args.data + '.yaml'))
|
data_fill = yaml.safe_load(open(data_dir + '/data/' + args.data + '.yaml'))
|
||||||
else:
|
else:
|
||||||
print("No data file given.")
|
print("No data file given.")
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
@ -630,7 +630,7 @@ def process_main():
|
|||||||
if args.setup:
|
if args.setup:
|
||||||
setup_template = j2_env.get_template(args.setup + '.template')
|
setup_template = j2_env.get_template(args.setup + '.template')
|
||||||
setup_yaml = setup_template.render(data_fill)
|
setup_yaml = setup_template.render(data_fill)
|
||||||
setup_data = yaml.load(setup_yaml)
|
setup_data = yaml.safe_load(setup_yaml)
|
||||||
else:
|
else:
|
||||||
print("No setup file given.")
|
print("No setup file given.")
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
@ -638,7 +638,7 @@ def process_main():
|
|||||||
if args.tests:
|
if args.tests:
|
||||||
tests_template = j2_env.get_template(args.tests + '.template')
|
tests_template = j2_env.get_template(args.tests + '.template')
|
||||||
tests_yaml = tests_template.render(data_fill)
|
tests_yaml = tests_template.render(data_fill)
|
||||||
test_data = yaml.load(tests_yaml)
|
test_data = yaml.safe_load(tests_yaml)
|
||||||
else:
|
else:
|
||||||
print("No tests given.")
|
print("No tests given.")
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
@ -135,15 +135,15 @@ enable=E1603,E1609,E1610,E1602,E1606,E1608,E1607,E1605,E1604,E1601,E1611,W1652,
|
|||||||
# W0237 arguments-renamed
|
# W0237 arguments-renamed
|
||||||
# W4904 deprecated-class
|
# W4904 deprecated-class
|
||||||
# W4905 deprecated-decorator
|
# W4905 deprecated-decorator
|
||||||
|
|
||||||
# E0012 pylint for python3 does not support inline deprecation
|
# E0012 pylint for python3 does not support inline deprecation
|
||||||
# E1101 no-member
|
# E1101 no-member
|
||||||
# E1111 assignment-from-no-return
|
# E1111 assignment-from-no-return
|
||||||
# E1120 no-value-for-parameter
|
|
||||||
# E1121 too-many-function-args
|
# E1121 too-many-function-args
|
||||||
disable=C, R, W0120, W0125, W0212, W0221, W0223, W0231, W0235,
|
disable=C, R, W0120, W0125, W0212, W0221, W0223, W0231, W0235,
|
||||||
W0401, W0404, W0511, W0602, W0603, W0612, W0613, W0621, W0622, W0703, W1401,
|
W0401, W0404, W0511, W0602, W0603, W0612, W0613, W0621, W0622, W0703, W1401,
|
||||||
W0107, W0706, W0707, W1310, W1406, W1505, W1514, W1618, W0237, W4904, W4905,
|
W0107, W0706, W0707, W1310, W1406, W1505, W1514, W1618, W0237, W4904, W4905,
|
||||||
E0012, E1101, E1111, E1120, E1121
|
E0012, E1101, E1111, E1121
|
||||||
|
|
||||||
[REPORTS]
|
[REPORTS]
|
||||||
# Set the output format. Available formats are text, parseable, colorized, msvs
|
# Set the output format. Available formats are text, parseable, colorized, msvs
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
# of appearance. Changing the order has an impact on the overall integration
|
# of appearance. Changing the order has an impact on the overall integration
|
||||||
# process, which may cause wedges in the gate later.
|
# process, which may cause wedges in the gate later.
|
||||||
hacking>=1.1.0,<=2.0.0 # Apache-2.0
|
hacking>=1.1.0,<=2.0.0 # Apache-2.0
|
||||||
bandit<1.6.0
|
bandit
|
||||||
coverage>=3.6
|
coverage>=3.6
|
||||||
fixtures>=3.0.0 # Apache-2.0/BSD
|
fixtures>=3.0.0 # Apache-2.0/BSD
|
||||||
mock>=2.0.0 # BSD
|
mock>=2.0.0 # BSD
|
||||||
|
@ -116,14 +116,12 @@ commands = pylint {[nfv]nfv_client_src_dir} \
|
|||||||
# B108: Probable insecure usage of temp file/directory
|
# B108: Probable insecure usage of temp file/directory
|
||||||
# B110: Try, Except, Pass detected.
|
# B110: Try, Except, Pass detected.
|
||||||
# B310: Audit url open for permitted schemes
|
# B310: Audit url open for permitted schemes
|
||||||
# B506: Test for use of yaml load
|
skips = B104,B108,B110,B310
|
||||||
skips = B104,B108,B110,B310,B506
|
|
||||||
exclude = ./nfv-docs,./nfv-tests,./nfv-debug-tools,unit_test
|
exclude = ./nfv-docs,./nfv-tests,./nfv-debug-tools,unit_test
|
||||||
|
|
||||||
|
|
||||||
[testenv:bandit]
|
[testenv:bandit]
|
||||||
deps = {[nfv]deps}
|
deps = -r{toxinidir}/test-requirements.txt
|
||||||
-r{toxinidir}/test-requirements.txt
|
|
||||||
commands = bandit --ini tox.ini -f txt -r {[nfv]nfv_base_dir}
|
commands = bandit --ini tox.ini -f txt -r {[nfv]nfv_base_dir}
|
||||||
|
|
||||||
[testenv:py39]
|
[testenv:py39]
|
||||||
|
3
tox.ini
3
tox.ini
@ -20,6 +20,9 @@ setenv = VIRTUAL_ENV={envdir}
|
|||||||
[testenv:venv]
|
[testenv:venv]
|
||||||
commands = {posargs}
|
commands = {posargs}
|
||||||
|
|
||||||
|
[testenv:bandit]
|
||||||
|
description = Dummy environment to allow bandit to be run in subdir tox
|
||||||
|
|
||||||
[testenv:flake8]
|
[testenv:flake8]
|
||||||
description = Dummy environment to allow flake8 to be run in subdir tox
|
description = Dummy environment to allow flake8 to be run in subdir tox
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user