4134023ab8
Setting up the bandit tool for the scanning of HIGH severity issues in the python codes under Starlingx/stx-puppet folder. Expecting this merge will enable zuul job for CI/CD of bandit scan. Configuration files: 1. tox.ini for adding bandit environment and command. 2. test-requirements.txt for adding bandit version. 3. .zuul.yaml file for adding bandit job and configuring under check job to run code scan every time before code commit. Test: Run tox -e bandit command inside the fault folder to validate the bandit scan and result. Story: 2007541 Task: 39687 Depends-On: https://review.opendev.org/#/c/721294/ Change-Id: I2982268db2b5e75feeb287bc95420fedc9b0d816 Signed-off-by: Sharath Kumar K <sharath.kumar@intel.com>
89 lines
2.4 KiB
INI
89 lines
2.4 KiB
INI
[tox]
|
|
envlist = linters,pep8,pylint
|
|
minversion = 2.3
|
|
skipsdist = True
|
|
sitepackages=False
|
|
|
|
[testenv]
|
|
install_command = pip install -U {opts} {packages}
|
|
setenv =
|
|
VIRTUAL_ENV={envdir}
|
|
OS_STDOUT_CAPTURE=1
|
|
OS_STDERR_CAPTURE=1
|
|
OS_DEBUG=1
|
|
OS_LOG_CAPTURE=1
|
|
deps =
|
|
-r{toxinidir}/requirements.txt
|
|
-r{toxinidir}/test-requirements.txt
|
|
whitelist_externals =
|
|
bash
|
|
|
|
[testenv:bashate]
|
|
# Treat all E* codes as Errors rather than warnings using: -e 'E*'
|
|
# The following codes are being suppressed:
|
|
# E006 Line too long
|
|
commands =
|
|
bash -c "find {toxinidir} \
|
|
-not \( -type d -name .?\* -prune \) \
|
|
-type f \
|
|
-not -name \*~ \
|
|
-not -name \*.md \
|
|
-name \*.sh \
|
|
-print0 | xargs -r -n 1 -0 bashate -v \
|
|
-i E006 \
|
|
-e 'E*'"
|
|
|
|
[testenv:linters]
|
|
# Note: centos developer env requires ruby-devel
|
|
# Ubuntu developer env requires ruby-dev
|
|
whitelist_externals =
|
|
gem
|
|
bash
|
|
setenv =
|
|
GEM_HOME = {envdir}
|
|
GEM_PATH = {envdir}
|
|
skip_tests = \
|
|
--no-autoloader_layout-check \
|
|
--no-documentation-check
|
|
commands =
|
|
gem install --no-document json puppet-lint:2.3.6
|
|
bash -c "find {toxinidir}/puppet-manifests {toxinidir}/modules \
|
|
-name \*.pp -print0 \
|
|
| xargs -0 puppet-lint --fail-on-warnings {[testenv:linters]skip_tests}"
|
|
{[testenv:bashate]commands}
|
|
|
|
[testenv:pep8]
|
|
basepython = python3
|
|
usedevelop = False
|
|
description =
|
|
Run style checks.
|
|
|
|
|
|
commands =
|
|
flake8 puppet-manifests/src/modules/platform/files
|
|
|
|
[testenv:pylint]
|
|
basepython = python3
|
|
sitepackages = False
|
|
|
|
deps = {[testenv]deps}
|
|
ruamel.yaml
|
|
pylint<2.5.0
|
|
commands =
|
|
pylint {posargs} --rcfile=./pylint.rc puppet-manifests
|
|
|
|
[flake8]
|
|
# E123, E125 skipped as they are invalid PEP-8.
|
|
# E501 skipped because some of the code files include templates
|
|
# that end up quite wide
|
|
# H405: multi line docstring summary not separated with an empty line
|
|
show-source = True
|
|
ignore = E123,E125,E501,H405,W504
|
|
exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build,release-tag-*
|
|
|
|
[testenv:bandit]
|
|
basepython = python3
|
|
description = Bandit code scan for *.py files under config folder
|
|
deps = -r{toxinidir}/test-requirements.txt
|
|
commands = bandit -r {toxinidir}/ -x '**/.tox/**,**/.eggs/**' -lll
|