Merge "Add a bandit environment to tox"

2016-04-29 14:38:12 +00:00 · 2016-04-29 14:38:12 +00:00 · d4b3d60789
parent 72e8950478 dd6ad90e01
commit d4b3d60789
2 changed files with 16 additions and 1 deletions
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -13,3 +13,4 @@ oslotest>=1.10.0 # Apache-2.0
 testrepository>=0.0.18 # Apache-2.0/BSD
 testscenarios>=0.4 # Apache-2.0/BSD
 testtools>=1.4.0 # MIT
+bandit>=1.0.1 # Apache-2.0
--- a/tox.ini
+++ b/tox.ini
@ -14,7 +14,21 @@ deps = -r{toxinidir}/requirements.txt
 commands = python setup.py testr --slowest --testr-args='{posargs}'

 [testenv:pep8]
-commands = flake8
+commands =
+  flake8
+  bandit -r castellan -x tests -s B105,B106,B107,B607
+
+[testenv:bandit]
+# This command runs the bandit security linter against the castellan
+# codebase minus the tests directory. Some tests are being excluded to
+# reduce the number of positives before a team inspection, and to ensure a
+# passing gate job for initial addition. The excluded tests are:
+# B105-B107: hardcoded password checks - likely to generate false positives
+#            in a gate environment
+# B607: start process with a partial path - this should be a project level
+#       decision
+commands =
+  bandit -r castellan -x tests -s B105,B106,B107,B607

 [testenv:venv]
 commands = {posargs}