Issue #17: Introduce Bandit static security checks

Implements #17
2016-12-13 02:35:51 +02:00 · 2016-12-13 02:35:51 +02:00 · 014f31342e
parent 43184a31a1
commit 014f31342e
6 changed files with 15 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -15,3 +15,4 @@ releasenotes/build
 .coverage.*
 *.json
 .cache
+*.log*
--- a/picasso/common/logger.py
+++ b/picasso/common/logger.py
@ -21,7 +21,7 @@ from . import utils

 def common_logger_setup(
        level=logging.DEBUG,
-        filename='/tmp/picasso-api.log',
+        filename='/var/log/picasso-api.log',
        log_formatter='[%(asctime)s] - '
                      '%(name)s - '
                      '%(levelname)s - '
@ -40,7 +40,7 @@ def common_logger_setup(


 def setup_logging(name,
-                  filename='/tmp/picasso-api-{}.log'.format(
+                  filename='/var/log/picasso-api-{}.log'.format(
                      datetime.datetime.now()),
                  level=logging.DEBUG,
                  log_to_console=False,
@ -68,7 +68,7 @@ class Singleton(type):
 class UnifiedLogger(object, metaclass=utils.Singleton):

    def __init__(self,
-                 filename='/tmp/picasso-api-{}.log'.format(
+                 filename='/var/log/picasso-api-{}.log'.format(
                     datetime.datetime.now()),
                 level=logging.DEBUG, log_to_console=False):
        self.filename = filename
--- a/picasso/tests/common/base.py
+++ b/picasso/tests/common/base.py
@ -36,7 +36,7 @@ class PicassoTestsBase(object):

        logger = log.UnifiedLogger(
            log_to_console=False,
-            filename=("/tmp/picasso-{}-tests-run-{}.log"
+            filename=("./picasso-{}-tests-run-{}.log"
                      .format(test_type, datetime.datetime.now())),
            level="DEBUG").setup_logger(__package__)
        return testloop, logger
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -8,3 +8,4 @@ sphinx!=1.3b1,<1.4,>=1.2.1 # BSD
 testtools>=1.4.0 # MIT
 pytest-aiohttp==0.1.3
 pytest-cov==2.4.0
+bandit>=1.1.0  # Apache-2.0
--- a/testing.md
+++ b/testing.md
@ -105,3 +105,8 @@ So, as part of `Tox` testing new check was added - functional test coverage regr
 In order to run it use following command:

    $ tox -e py35-functional-regression
+
+Static code analysis with Bandit
+================================
+
+    $ tox -e bandit
--- a/tox.ini
+++ b/tox.ini
@ -1,7 +1,7 @@
 # Project LaOS

 [tox]
-envlist = py35-functional,py35-functional-regression,py35-integration,py35-integration-regression,pep8,docker-build
+envlist = py35-functional,py35-functional-regression,py35-integration,py35-integration-regression,pep8,docker-build,bandit
 minversion = 1.6
 skipsdist = True

@ -51,6 +51,9 @@ commands =
 [testenv:docker-full]
 commands = {toxinidir}/scripts/docker_full.sh

+[testenv:bandit]
+commands = bandit -r picasso/
+
 [flake8]
 ignore = H202,H304,H404,H405,H501
 show-source = True