Enable bandit in gate
Bandit is a tool designed to find common security issues in Python code. and pep8 is the usual linter target. So enable it in pep8 target. Change-Id: Ie5e4350cde906c206fd5041e88983678eb37999e
This commit is contained in:
parent
54d58a7758
commit
f776ba2757
|
@ -128,7 +128,7 @@ def signed_unpack(data, hmac_data, hmac_keys):
|
|||
for hmac_key in hmac_keys:
|
||||
try:
|
||||
user_hmac_data = generate_hmac(data, hmac_key)
|
||||
except Exception:
|
||||
except Exception: # nosec
|
||||
pass
|
||||
else:
|
||||
if compare_digest(hmac_data, user_hmac_data):
|
||||
|
|
|
@ -9,3 +9,6 @@ testtools>=1.4.0
|
|||
|
||||
oslosphinx>=2.5.0,!=3.4.0 # Apache-2.0
|
||||
sphinx>=1.1.2,!=1.2.0,!=1.3b1,<1.3
|
||||
|
||||
# Bandit security code scanner
|
||||
bandit>=0.17.3 # Apache-2.0
|
8
tox.ini
8
tox.ini
|
@ -17,7 +17,10 @@ commands = python setup.py testr --slowest --testr-args='{posargs}'
|
|||
distribute = false
|
||||
|
||||
[testenv:pep8]
|
||||
commands = flake8
|
||||
commands =
|
||||
flake8
|
||||
# Run security linter
|
||||
bandit -r osprofiler -n5
|
||||
distribute = false
|
||||
|
||||
[testenv:venv]
|
||||
|
@ -30,6 +33,9 @@ commands = python setup.py testr --coverage --testr-args='{posargs}'
|
|||
changedir = doc/source
|
||||
commands = make html
|
||||
|
||||
[testenv:bandit]
|
||||
commands = bandit -r osprofiler -n5
|
||||
|
||||
[flake8]
|
||||
show-source = true
|
||||
builtins = _
|
||||
|
|
Loading…
Reference in New Issue