diff --git a/barbican/cmd/barbican_manage.py b/barbican/cmd/barbican_manage.py index 6ccfdf1cd..af0ad63cd 100644 --- a/barbican/cmd/barbican_manage.py +++ b/barbican/cmd/barbican_manage.py @@ -143,8 +143,8 @@ class DbCommands(object): commands.current(verbose, sql_url=CONF.sql_connection) else: commands.current(verbose, sql_url=str(dburl)) - - sync_secret_stores_description = "Sync secret_stores with barbican.conf" + sync_secret_stores_description = ("Sync secret_stores with " # nosec + "barbican.conf") @args('--db-url', '-d', metavar='', dest='dburl', help='barbican database URL') diff --git a/barbican/common/utils.py b/barbican/common/utils.py index a9740b561..46a3147ed 100644 --- a/barbican/common/utils.py +++ b/barbican/common/utils.py @@ -43,7 +43,7 @@ API_VERSION = 'v1' # barbican.plugin.interface.secret_store which introduces a cyclic dependency # if `secret_store` plugin needs to use db model classes. So moving shared # value to another common python module which is already imported in both. -SECRET_TYPE_OPAQUE = "opaque" +SECRET_TYPE_OPAQUE = "opaque" # nosec def _do_allow_certain_content_types(func, content_types_list=[]): diff --git a/barbican/plugin/dogtag.py b/barbican/plugin/dogtag.py index 95c983952..961af2373 100644 --- a/barbican/plugin/dogtag.py +++ b/barbican/plugin/dogtag.py @@ -165,8 +165,8 @@ class DogtagKRAPlugin(sstore.SecretStoreBase): BIT_LENGTH = "bit_length" GENERATED = "generated" KEY_ID = "key_id" - SECRET_MODE = "secret_mode" - PASSPHRASE_KEY_ID = "passphrase_key_id" + SECRET_MODE = "secret_mode" # nosec + PASSPHRASE_KEY_ID = "passphrase_key_id" # nosec CONVERT_TO_PEM = "convert_to_pem" # string constants diff --git a/barbican/plugin/interface/secret_store.py b/barbican/plugin/interface/secret_store.py index 65f1eb077..f705756c9 100644 --- a/barbican/plugin/interface/secret_store.py +++ b/barbican/plugin/interface/secret_store.py @@ -278,7 +278,7 @@ class SecretType(object): PRIVATE = "private" """Constant to define the passphrase type. Used by getSecret to retrieve a passphrase.""" - PASSPHRASE = "passphrase" + PASSPHRASE = "passphrase" # nosec """Constant to define the certificate type. Used by getSecret to retrieve a certificate.""" CERTIFICATE = "certificate" diff --git a/tox.ini b/tox.ini index 995803c43..bf77573b1 100644 --- a/tox.ini +++ b/tox.ini @@ -149,7 +149,7 @@ exclude = .git,.idea,.tox,bin,dist,debian,rpmbuild,tools,*.egg-info,*.eggs,contr [testenv:bandit] basepython = python3 deps = -r{toxinidir}/test-requirements.txt -commands = bandit -r barbican -x tests -n5 -s B105 +commands = bandit -r barbican -x tests -n5 [testenv:bindep] basepython = python3