openstack
/
senlin
Code Issues Proposed changes

Add a bandit environment to tox 

This change is being proposed as part of the OpenStack Security Project
working session at the Austin 2016 summit. It adds support for running
the bandit[1] security linting tool against the Senlin codebase.
This change adds a targeted environment for bandit.

The bandit configuration has been tailored to exclude tests that are
currently producing warning against the codebase. These issues will be
followed up with bug reports and patches.

At the time of submission, Senlin passes all Bandit tests configured
in tox.

[1]: https://wiki.openstack.org/wiki/Security/Projects/Bandit

Change-Id: I54ef7329b9d6f6429838afdc5319f48bcc2e9f33
This commit is contained in:
Jeremy Liu 2016-10-30 15:06:45 +08:00
parent e567237c44
commit c914eb14d7
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
test-requirements.txt
View File

@ -21,3 +21,6 @@ os-api-ref>=1.0.0 # Apache-2.0
oslosphinx>=4.7.0 # Apache-2.0
sphinx!=1.3b1,<1.4,>=1.2.1 # BSD
reno>=1.8.0 # Apache2
# Bandit build requirements
bandit>=1.1.0 # Apache-2.0

4
tox.ini
View File

@ -101,3 +101,7 @@ max-complexity=20
[hacking]
local-check-factory = senlin.hacking.checks.factory
import_exceptions = senlin.common.i18n
[testenv:bandit]
deps = -r{toxinidir}/test-requirements.txt
commands = bandit -r senlin -x tests -s B101,B104,B110,B310,B311,B506