Enable bandit for utilities

Story: 2008929
Task: 42530

Change-Id: Id63488414ae16b384549fcf8cbd9805b5b1a81ad
Signed-off-by: Chen, Haochuan Z <haochuan.z.chen@intel.com>
This commit is contained in:
Chen, Haochuan Z 2021-05-27 07:46:09 +08:00 committed by chen haochuan
parent 931887828b
commit 6829ac785f
6 changed files with 68 additions and 3 deletions

View File

@ -4,10 +4,14 @@
jobs:
- openstack-tox-linters
- stx-tox-pylint
- utilities-ceph-manager-tox-bandit
- utilities-ceph-client-tox-bandit
gate:
jobs:
- openstack-tox-linters
- stx-tox-pylint
- utilities-ceph-manager-tox-bandit
- utilities-ceph-client-tox-bandit
post:
jobs:
- stx-utilities-upload-git-mirror
@ -35,6 +39,30 @@
secret: stx-utilities-github-secret
pass-to-parent: true
- job:
name: utilities-ceph-manager-tox-bandit
parent: tox
description: |
Run bandit test for utilities ceph-mananger
nodeset: ubuntu-bionic
files:
- ./ceph/ceph-manager/ceph-manager/*
vars:
tox_envlist: bandit
tox_extra_args: -c ./ceph/ceph-manager/ceph-manager/tox.ini
- job:
name: utilities-ceph-client-tox-bandit
parent: tox
description: |
Run bandit test for utilities python-cephclient
nodeset: ubuntu-bionic
files:
- ./ceph/python-cephclient/python-cephclient/*
vars:
tox_envlist: bandit
tox_extra_args: -c ./ceph/python-cephclient/python-cephclient/tox.ini
- secret:
name: stx-utilities-github-secret
data:

View File

@ -2,6 +2,7 @@
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
bandit;python_version>="3.0"
mock
flake8
eventlet

View File

@ -22,3 +22,18 @@ commands =
[flake8]
exclude = .venv,.git,.tox,dist,doc,etc,*glance/locale*,*lib/python*,*egg,build
[bandit]
# The following bandit tests are being skipped:
# B104: Test for use of assert
# B110: Try, Except, Pass detected.
#
# Note: 'skips' entry cannot be split across multiple lines
#
skips = B104,B110
exclude = tests
[testenv:bandit]
basepython = python3
deps = -r{toxinidir}/test-requirements.txt
commands = bandit --ini tox.ini -n 5 -r ceph_manager

View File

@ -2,5 +2,6 @@
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
bandit;python_version>="3.0"
flake8
pytest

View File

@ -1,12 +1,12 @@
[tox]
envlist = py27,pep8
skipsdist = True
toxworkdir = /tmp/{env:USER}_ceph_manager_tox
toxworkdir = /tmp/{env:USER}_python_cephclient_tox
[testenv]
setenv = VIRTUAL_ENV={envdir}
usedevelop = True
install_command = pip install --no-binary --upgrade --force-reinstall {opts} {packages}
install_command = pip install -U --force-reinstall {opts} {packages}
deps = -r{toxinidir}/test-requirements.txt
commands = py.test {posargs}
whitelist_externals = bash
@ -17,3 +17,19 @@ commands =
[flake8]
exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build
[bandit]
# The following bandit tests are being skipped:
# B101: Test for use of assert
# B404: Import of subprocess modul
# B602: Test for use of popen with shell equals true
#
# Note: 'skips' entry cannot be split across multiple lines
#
skips = B101,B404,B602
exclude = tests
[testenv:bandit]
basepython = python3
deps = -r{toxinidir}/test-requirements.txt
commands = bandit --ini tox.ini -n 5 -r cephclient

View File

@ -98,3 +98,7 @@ commands = pylint {posargs} \
commands =
{[testenv:bashate]commands}
{[testenv:flake8]commands}
[testenv:bandit]
basepython = python3
description = Dummy environment to allow bandit to be run in subdir tox