Turn on bandit check as part of pep8

Add bandit job as part of pep8 in tox.ini

Had to mark two instances of try except pass as OK so that bandit
will pass

Change-Id: If3b78e9dcbfc65c232a6ba35665430a6463841e6
This commit is contained in:
Craig Bryant 2017-02-06 12:45:23 -07:00
parent 7818d81ab3
commit ef9db22744
3 changed files with 21 additions and 4 deletions

View File

@ -1,4 +1,4 @@
# (C) Copyright 2014-2016 Hewlett Packard Enterprise Development Company LP
# (C) Copyright 2014-2017 Hewlett Packard Enterprise Development LP
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -56,7 +56,9 @@ def clean_exit(signum, frame=None):
if process.is_alive():
process.terminate() # Sends sigterm which any processes after a notification is sent attempt to handle
wait_for_exit = True
except Exception:
except Exception: # nosec
# There is really nothing to do if the kill fails, so just go on.
# The # nosec keeps bandit from reporting this as a security issue
pass
# wait for a couple seconds to give the subprocesses a chance to shut down correctly.
@ -68,7 +70,9 @@ def clean_exit(signum, frame=None):
log.debug('Killing pid %s' % child.pid)
try:
os.kill(child.pid, signal.SIGKILL)
except Exception:
except Exception: # nosec
# There is really nothing to do if the kill fails, so just go on.
# The # nosec keeps bandit from reporting this as a security issue
pass
if signum == signal.SIGTERM:

View File

@ -2,6 +2,7 @@
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
# Hacking already pins down pep8, pyflakes and flake8
bandit>=1.1.0 # Apache-2.0
hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
coverage>=4.0 # Apache-2.0
mock>=2.0 # BSD

14
tox.ini
View File

@ -56,11 +56,19 @@ commands =
oslo_debug_helper -t ./monasca_notification/tests {posargs}
[testenv:pep8]
commands = flake8
deps =
{[testenv]deps}
commands =
{[testenv:flake8]commands}
{[bandit]commands}
[testenv:venv]
commands = {posargs}
[testenv:flake8]
commands =
flake8 monasca_notification
[flake8]
max-line-length = 120
# TODO: ignored checks should be enabled in the future
@ -68,3 +76,7 @@ max-line-length = 120
# H405 multi line docstring summary not separated with an empty line
ignore = F821,H201,H405
exclude=.venv,.git,.tox,dist,*egg,build
[bandit]
commands =
bandit -r monasca_notification -n5 -x monasca_notification/tests