From 119c906ba6931ca6e8d2683aa0aa6ad42b78518c Mon Sep 17 00:00:00 2001
From: Elvis Acheampong <kobi.elvis790@yahoo.com>
Date: Tue, 6 Feb 2024 20:31:09 +0000
Subject: [PATCH] Adds Bandit testing environment to tox.ini

Enable the bandit test env in manila-ui
Execute tox -e bandit to run it and also include zuul continous integration
Getting rid of mark_safe()from the utils.py.
This fix the issues in the utils.py

Change-Id: Id75cbd8ce7e33ab4d920bdf389ac66f8d93f19dc
---
 .zuul.yaml                    | 16 ++++++++++++++++
 manila_ui/dashboards/utils.py |  2 +-
 tox.ini                       |  4 ++++
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/.zuul.yaml b/.zuul.yaml
index fddf5ec9..05cb8584 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -12,6 +12,7 @@
             voting: false
         - manila-ui-integration-tests:
             voting: false
+        - manila-ui-tox-bandit
     gate:
       jobs:
         - manila-ui-integration-tests:
@@ -87,3 +88,18 @@
       devstack_services:
         horizon: true
       tox_envlist: integration
+
+
+- job:
+  # Security testing for known issues
+    name: manila-ui-tox-bandit
+    parent: openstack-tox
+    timeout: 2400
+    vars:
+      tox_envlist: bandit
+    irrelevant-files:
+      - ^.*\.rst$
+      - ^doc/.*$
+      - ^manila-ui/tests/.*$
+      - ^releasenotes/.*$
+      - ^tox.ini$
diff --git a/manila_ui/dashboards/utils.py b/manila_ui/dashboards/utils.py
index 25eb0dec..a77e955d 100644
--- a/manila_ui/dashboards/utils.py
+++ b/manila_ui/dashboards/utils.py
@@ -96,7 +96,7 @@ def metadata_to_str(metadata, meta_visible_limit=4, text_length_limit=25):
     meta_str = "<br/>".join(meta)
     if len(metadata.keys()) > meta_visible_limit and meta_str[-3:] != "...":
         meta_str += '...'
-    return mark_safe(meta_str)
+    return mark_safe(meta_str)  # nosec B308
 
 
 def get_nice_security_service_type(security_service):
diff --git a/tox.ini b/tox.ini
index 03fb5dbe..64a73cb8 100644
--- a/tox.ini
+++ b/tox.ini
@@ -31,6 +31,10 @@ commands =
   pip install {env:HORIZON_REPO:git+https://opendev.org/openstack/horizon}
   {[testenv]commands}
 
+[testenv:bandit]
+deps = bandit
+commands = bandit -r manila_ui -x manila_ui/tests/* -n5 -ll
+
 [testenv:integration]
 # Run integration tests only
 passenv = AVCONV_INSTALLED