Merge "add bandit security linter"

2016-11-29 22:14:31 +00:00 · 2016-11-29 22:14:31 +00:00 · bd63013ce9
parent f1389f3179 9f5a7ad26b
commit bd63013ce9
3 changed files with 14 additions and 3 deletions
--- a/ooi/wsgi/init.py
+++ b/ooi/wsgi/init.py
@ -39,7 +39,7 @@ LOG = logging.getLogger(__name__)

 occi_opts = [
    config.cfg.StrOpt('ooi_listen',
-                      default="0.0.0.0",
+                      default="0.0.0.0",  # nosec
                      help='The IP address on which the OCCI (ooi) API '
                           'will listen.'),
    config.cfg.IntOpt('ooi_listen_port',
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -1,4 +1,5 @@
-hacking>=0.9.2,<0.10
+hacking>=0.9.2,<0.10a
+bandit>=1.1.0 # Apache-2.0
 coverage>=3.6
 fixtures>=0.3.14
 python-subunit>=0.0.18
--- a/tox.ini
+++ b/tox.ini
@ -29,7 +29,17 @@ commands =


 [testenv:pep8]
-commands = flake8
+commands = 
+  flake8
+  # Run security linter
+  # B110: except: pass
+  # B410: importing etree
+  bandit -r ooi -x tests -s B110,B410
+
+[testenv:bandit]
+# NOTE(browne): This is required for the integration test job of the bandit
+# project. Please do not remove.
+commands = bandit -r ooi -x tests -s B110,B410

 [testenv:venv]
 commands = {posargs}