Files
67513fc17c23066f6547b5e3c4ab2dc852e4f7f0
janonymous
67513fc17c
Adding bandit for security static analysis testing in swift
This change adds a basic bandit config for Swift. It can be invoked by running the tox environment for bandit; tox -e bandit This is an initial step for using bandit with Swift and it should be revisited to improve the testing as more is learned about the specific needs of the Swift code base.As per now some tests are excluded as they were used on purpose. https://wiki.openstack.org/wiki/Security/Projects/Bandit Implements: blueprint swift-bandit Change-Id: I621be9a68ae9311f3a6eadd1636b05e646260cf2
68 lines
1.7 KiB
INI
68 lines
1.7 KiB
INI
[tox]
envlist = py27,pep8
minversion = 1.6
skipsdist = True
[testenv]
usedevelop = True
install_command = pip install --allow-external netifaces --allow-insecure netifaces -U {opts} {packages}
setenv = VIRTUAL_ENV={envdir}
NOSE_WITH_COVERAGE=1
NOSE_COVER_BRANCHES=1
deps =
-r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
commands = nosetests {posargs:test/unit}
passenv = SWIFT_* *_proxy
[testenv:cover]
setenv = VIRTUAL_ENV={envdir}
NOSE_WITH_COVERAGE=1
NOSE_COVER_BRANCHES=1
NOSE_COVER_HTML=1
NOSE_COVER_HTML_DIR={toxinidir}/cover
[tox:jenkins]
downloadcache = ~/cache/pip
[testenv:pep8]
commands =
flake8 swift test doc setup.py
flake8 --filename=swift* bin
[testenv:py3pep8]
basepython = python3
install_command = echo {packages}
commands =
# Gross hack. There's no other way to get it to /not/ install swift itself
# (which triggers installing eventlet) but also get flake8 installed.
pip install flake8
flake8 swift test doc setup.py
flake8 --filename=swift* bin
[testenv:func]
commands = nosetests {posargs:test/functional}
[testenv:venv]
commands = {posargs}
[testenv:docs]
commands = python setup.py build_sphinx
[testenv:bandit]
deps = -r{toxinidir}/test-requirements.txt
commands = bandit -c bandit.yaml -r swift bin -n 5 -p gate
[flake8]
# it's not a bug that we aren't using all of hacking
# H102 -> apache2 license exists
# H103 -> license is apache
# H201 -> no bare excepts (unless marked with " # noqa")
# H231 -> Check for except statements to be Python 3.x compatible
# H501 -> don't use locals() for str formatting
# H903 -> \n not \r\n
ignore = H
select = F,E,W,H102,H103,H201,H231,H501,H903
exclude = .venv,.tox,dist,doc,*egg
show-source = True