Commit Graph

45 Commits

Author SHA1 Message Date
lhinds 2d2170273b Project Migration to PyCQA
This change rehomes the project to PyCQA[1] as reported to the
openstack-dev mailing list [1]

[0] https://github.com/PyCQA/bandit
[1] http://lists.openstack.org/pipermail/openstack-dev/2018-April/129386.html

Change-Id: I6aad329a60799ea24a3d9bc49e35c3c35ed9dc3b
2018-05-04 06:59:50 +02:00
Paul Belanger 59c66c9100
Add bindep.txt file
Bindep is a tool for checking the presence of binary packages needed
to use an application / library. It started life as a way to make it
easier to set up a development environment for OpenStack projects.

Change-Id: I1a6cfa255a6473febf0fb7b7d4f1bf8ca32d02c2
Depends-On: https://review.openstack.org/563717
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2018-04-23 15:39:00 -04:00
Doug Hellmann 5b781f8b7a add lower-constraints job
Create a tox environment for running the unit tests against the lower
bounds of the dependencies.

Create a lower-constraints.txt to be used to enforce the lower bounds
in those tests.

Add openstack-tox-lower-constraints job to the zuul configuration.

See http://lists.openstack.org/pipermail/openstack-dev/2018-March/128352.html
for more details.

Change-Id: Ifb4030c25ebc3342da15c8c903d8fd22fe743586
Depends-On: https://review.openstack.org/555034
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
2018-03-22 09:00:05 -04:00
Gage Hugo 13e80ac52c Create doc/requirements.txt
This change migrates the docs building requirements in order to meet
the compliance with the Project Testing Interface[0]. See [1] for
more details.

[0] https://governance.openstack.org/tc/reference/project-testing-interface.html#documentation
[1] http://lists.openstack.org/pipermail/openstack-dev/2017-November/124815.html

Change-Id: I8e31da06b946d18a760bc59b6fee63db25eebdc5
2017-12-19 11:16:06 -06:00
Andreas Jaeger 3977c673e0 Avoid tox_install.sh for constraints support
We do not need tox_install.sh, pip can handle constraints itself
and install the project correctly. Thus update tox.ini and remove
the now obsolete tools/tox_install.sh file.

This follows https://review.openstack.org/#/c/508061 to remove
tools/tox_install.sh.

Change-Id: I85d256e9e66bbf940f5b645c4a887b1f2a3707de
2017-12-02 17:06:26 +00:00
Gage Hugo ce108f0eda Migrate to stestr
This change migrates the testing suite from using ostestr and testr
to using stester. Also cleaned up a missing space from tox.ini.

Change-Id: I886401a1efce6cb617a4db7a90ec9454bbea1d71
2017-11-16 20:53:48 +00:00
lioplhp f10fd4f5d4 Enable some off-by-default checks
Some of the available checks are diskabled by default, like:
[H106] Don't put vim configuration in source files;
[H203] Use assertIs(Not)None to check for None.

Change-Id: Ib822b3b4cb9ae1176a8d69bbc0ab45126adc1bab
2017-06-23 15:46:30 +08:00
Jeremy Liu c2af2c8f5a Enable coverage report in console output
This will output coverage rate of every module in console.

Change-Id: Iffa984bd404d7f197786029d5f50ee3b0a2e3e49
2017-03-06 17:41:14 +08:00
Eric Brown 0acf9f95db Fix up nits in the README and other files
* Consistently use single space after period, not double
* Keep line width at 80 where possible
* Replace Pythion 3.4 references with 3.5 since the gate no longer
  tests 3.4.

Change-Id: Ia6a1b9a5582f37e359b069b4a97f7c180e32ab3a
2017-01-05 15:12:11 -08:00
Tony Breeds 9eac3911a0 Add Constraints support
Adding constraints support to libraries is slightly more complex than
services as the libraries themselves are listed in upper-constraints.txt
which leads to errors that you can't install a specific version and a
constrained version.

This change adds constraints support by also adding a helper script to
edit the constraints to remove bandit.

Change-Id: Id9826953ea4f63702af427c0170c235afb91abaf
2016-12-20 15:32:16 +11:00
Jenkins 3cf14c773e Merge "Don't include openstack/common in flake8 exclude list" 2016-11-28 14:00:47 +00:00
gecong1973 2e7c236454 Don't include openstack/common in flake8 exclude list
There is no this directory openstack/common which was used
to keep codes from oslo-incubator, we have retired oslo-incubator.
Removing openstack/commonfrom all OpenStack code in favor of the
Oslo libraries is a project wide goal for the Ocata release. So
don't use this directory any more. We should drop it for improving
searching efficiency.

Change-Id: I090fd6ab7e382868b8e782b6b9a9ab81ecbe8f85
2016-11-25 11:39:54 +08:00
Eric Brown 3be3ca4de0 Trivial fixes based on pylint scan
* Constants should be in caps
* Redundant ( ) in if statements
* Use isinstance instead of type ==
* Indentation

Change-Id: I79fda14112a9dd02fe867f6d850762216e0ca9a1
2016-11-21 13:16:32 -08:00
qinchunhua 3a0647ebdc Update flake8 ignore list
In hacking > 0.10.0, there is no E123 and E125, so this commit to
delete them.

Change-Id: Id93dab3ac78fe3144d0fc1e19616204f7e7098b2
2016-09-23 00:34:25 +00:00
Stanisław Pitucha 72ed8ae95c Enforce no star-imports since code complies
Change-Id: Ic5d741c6c5193d794d6d051ae17754445053d890
2016-08-25 15:13:04 +10:00
Stanisław Pitucha 97932384ed Fix remaining object imports and enforce the rule
Change-Id: I26fc7e3c09a725624bf46ae9d8d9e5f1c9b70e5d
2016-08-25 15:10:15 +10:00
Rahul Nair a54ab7561d Fixing jenkins failing on coverage reporting
Coverage combine deletes reports and thus jenkins failed
saying `no data to report`, this change fixes it.

Change-Id: Ia95ec755513d4382f9ad945e9688836445aee4d3
2016-07-31 21:55:39 -05:00
Eric Brown bb1538f047 Add a py35 tox venv for upcoming py35 support
Soon the gate jobs will support Python 3.5. This patch adds the
tox virtualenv in preparation for the move from 3.4 to 3.5.

Change-Id: Ifda38d02f97510f7687924e83b4c7b01c28bf10b
2016-07-04 23:29:44 -07:00
Eric Brown b630d972ed Add reno for release notes management
An initial patch to add reno and create a base directory for
release notes.

Change-Id: Ia0cbfd77c7043db71cb92e9dc2a4f534c57ccf88
2016-06-30 10:20:55 -07:00
Christopher J Schaefer e44656cc0c Adding debug tox testenv for bandit
Allows a user to run tests in debug mode for bandit, which can be very
helpful. This requires oslotest as a dependency, which has been added
as a test requirement.

Change-Id: I1614ebf2afff87a1e9b6d66e0abaa7b203234afc
2016-03-18 13:03:41 -05:00
pradeepcsekar 78c87e5385 Pass environment variables of proxy to tox
When a development environment is under a proxy, tox fails even
when the environment variables are set.

This patch fixes the problem by passing them on to the env.

Change-Id: I903a023918d48e4cd9625576522c4df7d118949b
Closes-Bug: #1465086
2016-02-29 09:40:33 -08:00
Ian Cordasco b86cafc95c Add bandit to pep8 dependencies
Deduplicate the portions of linters and pep8 that are identical

Change-Id: Ic3b0099ceee24110e97aaabe543d21fba492bd8e
2016-02-12 16:03:04 -06:00
Andreas Jaeger 91ce93a21d Make pep8 *the* linting interface
According to the PTI (=Python Test Interface,
http://governance.openstack.org/reference/cti/python_cti.html), pep8
is the interface for codestyle checks. Move all tests from linters to
pep8.

This change will be followed by a change to project-config to use pep8
for testing in the gate.

Note that the deps line is not needed, pep8 will use the default
environment.

Change-Id: I791b6f6e073e316e4e11867493647c917350eb4f
2016-02-10 21:02:16 +01:00
Eric Brown fc927b04e0 Remove ignore of F403
Bandit isn't affected by F403, so might as well not ignore the
flake8 check.

Change-Id: I299f6e170aab54eebdba690b819dee6e45eeb6ce
2016-02-09 15:32:35 -08:00
Eric Brown e51a28bf2e Support hacking H104
H104 checks that empty files do not contain license headers. This
patch enables that check and fixes a couple files impacted.

Change-Id: I8ede271bfdb0e53d01cfebc69ac398e849a0e1aa
2016-01-19 17:05:32 -08:00
Jenkins d4dcdbd13b Merge "Add script to test bandit against projects at gate" 2016-01-16 20:49:44 +00:00
Ian Cordasco 8b33b16b60 Add script to test bandit against projects at gate
This is stolen (and slightly modified) from openstack-dev/hacking:
https://git.openstack.org/cgit/openstack-dev/hacking/tree/integration-test/test.sh
and https://review.openstack.org/268275/

This allows us to define a gate job that will run bandit against the
different OpenStack projects that have adopted Bandit at their gates.

Change-Id: I38bfc2f8298761ebf86152933630f629e545029d
Needed-by: I9c243ce734d7653145d5fa916cc25da5d664603e
2016-01-15 14:53:47 -06:00
Eric Brown 90e1db43b7 Enable pep8 testing on tests
* Add tests directory to the flake8 and linters env
* Fix up the tests failing pep8

Change-Id: I18446ed58b654fa9829e4de77219792e7b0bbbc4
2016-01-14 12:56:01 -08:00
hparekh ddcfe20a3a Fix db error when running python34 unit tests
If tests for py27 is executed before py34 tests, then testrepository may
create a database that python 3.4 cannot use.

Change-Id: I0c43ff92f1fadced9ebc188bc1b902a7ec65f669
Closes-bug: #1489059
2016-01-06 16:27:01 +00:00
Travis McPeak a6135ab643 Changing severity on Bandit Baseline tox target
This commit adds a medium severity and confidence filter on the
Bandit baseline tox target.  Some of the lower threshold tests
aren't appropriate for a gate.

Change-Id: Iba75392d777bf93bece6d87b2fee4ff6b334b463
2015-12-21 14:09:19 -08:00
Travis McPeak 3e8cfcb911 Adding linters target to tox.ini
This commit adds the linters target to Bandit.  The idea is that
we will add a linters target that runs both the pep8 checks and
Bandit baseline.  A new commit will add the 'linters' target to
infra.

Change-Id: I7cce523cbefe23c9ce77dc87c3662c8453cd9899
2015-12-21 11:34:15 -08:00
Ian Cordasco d96a5c3bbd Fix codesec tox env
If we use a develop version of bandit, setup.py does not execute via
pip, it executes standalone which does not properly install the config
file.

By listing the project itself (.) as a dependency, it properly installs
bandit as we expect it to and installs our config file appropriately.

Closes-bug: #1527415
Change-Id: I406a4843f1c0f3b3f1fc54bd6f32dd8ec68f5d31
2015-12-17 17:35:44 -06:00
Travis McPeak bbae9452a4 Adding Bandit Baseline Tox Target
This commit adds a tox target that runs the Bandit baseline tool.

Change-Id: Id288e00598d07837b11eeb22abdfcc2914ab419d
2015-12-17 14:24:46 -08:00
Timothy Kelsey 02f5ae7a7e Remove coverage files after run
Change-Id: I636bf23ee1c44aa57fc85fa2c7e225662cd646c9
2015-10-30 03:22:12 +00:00
Jenkins f9f0a168bb Merge "Enabling coverage reporting in tox" 2015-09-23 07:38:19 +00:00
Eric Brown 70effc4070 Remove tox envirnoment for pypy
As discussed at the security IRC meeting, there's no real need for
testing of pypy.  Therefore this patch will remove it.

Change-Id: I584dbe1b5aa6928740dfb18deaf4c162f616b7fa
2015-09-10 10:44:24 -07:00
Tim Kelsey a55ef26b0b Enabling coverage reporting in tox
Change-Id: I3d5f3c45155326bdc7320048be2a19cc7acd333e
2015-09-05 17:57:54 +01:00
Eric Brown adc0ba18e0 Add unit tests for the formatters
Unit tests for bandit/core/formatters.py

Change-Id: I73a93e845f5233facbbab09b732c87f2c8ef85ed
2015-09-03 12:50:41 -07:00
Tom Cocozzello 1fed78194a Activate pep8 check that _ is imported
Remove the specification in tox.ini that _ is a builtin so that
it will no longer assume that _ does not need to be imported.
This helps ensure that the _ from i18n is used.

Activating this check did not flag any violations.

Change-Id: I458c7749de5bd88909f23554485f2adfcb56e2d4
2015-07-29 13:31:21 -05:00
Tim Kelsey 42f3e2961a Adding documentation framework
This adds documentation framework for Bandit. To build the new
documentation you can use the new tox target:

  tox -e docs

This will spit out various formatted output into the docs/build
folder.

Change-Id: I3497e26052021900ad55ecdd2517198b22e82f0e
Partial-Bug: 1474796
2015-07-24 13:20:16 +01:00
Jamie Finnigan 297a0bb4c2 Add tool for reporting Bandit OpenStack coverage
This script is intended for inclusion in the Bandit repository and usage
by the Bandit and other OpenStack teams.  It is not intended for inclusion
in Bandit packages / distribution.

It executes against Jenkins and Zuul configuration files in the
openstack-infra/project-config repository, parses out Bandit jobs
and tests, and prints a summary of results.

It includes definition of an openstack_coverage testenv in tox.ini with
basic PyYAML and request dependencies to allow easy venv creation and
script execution.

Co-Authored-By: Ian Cordasco <graffatcolmingov@gmail.com>
Change-Id: I2d133146223a6b185347662b47cc2bd6355a0900
2015-07-13 20:39:17 -07:00
Ian Cordasco ddf75663ce Add Python 3.4 compatibility to bandit
This includes a number of changes to make this happen:

- We handle the fact that in Python 3.3 and later, ast.TryExcept and
  ast.TryFinally were replaced by ast.Try

- We handle the fact that ast.NameConstant is now the node type for
  True/False

- We handle the cases where map and range need to return lists

- We remove a property from the result store to prevent errors assigning
  to the underlying attribute

- We check for exec conditionally based on the version of Python

- We use proper octal notation, e.g., 0o755

Change-Id: I71c0bb61c9ee0bf1b751a719a4eb95bf7a0b4943
2015-06-03 11:19:03 -05:00
Tim Kelsey 1d633d7c6d Removing Py26 from the test env list, it's being deprecated
Change-Id: I78ffa9a7b0b8de40dd1b3cc62d78b2e5b40068a2
2014-10-27 18:56:46 +00:00
Tim Kelsey d764198ae1 Enabling PEP8 tests in tox and re-working source to comply
Change-Id: Ia75aea24419fdef92aa81b213bd5178b2718f716
2014-10-23 14:34:05 +01:00
Tim Kelsey 8e6697b063 Making Bandit into an installable package and adding tox tests
This large change makes bandit into an installable packahge, needed
for tox testing. I have added the tox testing scaffolding but no
real tests, they will come in a later change. I have also disabled
all failing PEP8 test (lots) since I have changed enough stuff for
one patch. I'll start re-enabling and fixing PEP8 stuff soon.

Change-Id: I774ed9149f285e4e2bceacda0484a7e2a934a3aa
2014-10-22 10:15:28 +01:00