From affd3e013bf2709330a2ed479d5ebc9f14098c20 Mon Sep 17 00:00:00 2001 From: Al Bailey Date: Mon, 23 Apr 2018 14:29:05 -0500 Subject: [PATCH] Sysinv: run pep8 with same ignore list as flake8 Added comments in tox.ini to indicate what is being ignored. Added a new bandit target to help highlight security issues Change-Id: I6f8ee29a85cb9029adce796ddc8e98a12933b6ef --- sysinv/sysinv/sysinv/tox.ini | 67 ++++++++++++++++++++++++++++++++---- 1 file changed, 60 insertions(+), 7 deletions(-) diff --git a/sysinv/sysinv/sysinv/tox.ini b/sysinv/sysinv/sysinv/tox.ini index a5e2115da0..fa2f7f1c7e 100644 --- a/sysinv/sysinv/sysinv/tox.ini +++ b/sysinv/sysinv/sysinv/tox.ini @@ -47,12 +47,34 @@ commands = pip install -e {toxinidir}/../../../../util/recipes-common/platform-util/platform-util find . -type f -name "*.pyc" -delete -# bash tools/pretty_tox.sh '{posargs}' python tools/patch_tox_venv.py py.test {posargs} -# python setup.py testr --slowest --testr-args='{posargs}' # TODO: remove ignore E722 when issue 8174 is resolved +# F series are flake8 +# F401 'sysinv.common.exception' imported but unused +# F403 'from netaddr import *' used; unable to detect undefined names +# F821 undefined name 'exc' +# F841 local variable 'response' is assigned to but never used +# E series are pep8 +# E116 unexpected indentation (comment) +# E121 continuation line under-indented for hanging indent +# E126 continuation line over-indented for hanging indent +# E127 continuation line over-indented for visual indent +# E128 continuation line under-indented for visual indent +# E203 whitespace before ':' +# E231 missing whitespace after ',' +# E266 too many leading '#' for block comment +# E402 module level import not at top of file +# E501 line too long > 80 +# E702 multiple statements on one line (semicolon) +# E711 comparison to None should be 'if cond is not None:' +# E712 comparison to True should be 'if cond is True:' or 'if cond:' +# E713 test for membership should be 'not in' +# E714 test for object identity should be 'is not' +# E722 do not use bare except +# E731 do not assign a lambda expression, use a def +# H series are hacking # H101 is TODO # H102 is apache license # H104 file contains only comments (ie: license) @@ -63,9 +85,6 @@ commands = ignore = F403,F401,F821,F841,E501,E127,E128,E231,E266,E402,E711,E116,E203,E731,E712,E713,E702,E714,E126,E121,E722,H101,H102,H104,H105,H231,H232,H233,H234,H235,H236,H237,H238,H401,H403,H404,H405 -# [tox:jenkins] -# downloadcache = ~/cache/pip - [testenv:flake8] basepython = python2.7 deps = flake8 @@ -74,15 +93,48 @@ commands = flake8 {posargs} [testenv:py27] basepython = python2.7 -# -r{toxinidir}/test-requirements.txt [testenv:pep8] +basepython = python2.7 +deps = flake8 commands = flake8 {posargs} [testenv:venv] commands = {posargs} +[testenv:bandit] +basepython = python2.7 + +deps = {[testenv]deps} + -e{[tox]cgcsdir}/tsconfig/tsconfig + -e{[tox]cgcsdir}/configutilities/configutilities + -e{[tox]cgcsdir}/middleware/fault/recipes-common/fm-api + -e{[tox]cgcsdir}/controllerconfig/controllerconfig + -e{[tox]cgcsdir}/middleware/patching/recipes-common/cgcs-patch/cgcs-patch + -e{[tox]cgcsdir}/middleware/util/recipes-common/platform-util/platform-util + -e{[tox]cgcsdir}/sysinv/cgts-client/cgts-client + -e{[tox]avsdir}/python-vswitchclient + bandit + +# The following bandit tests are being skipped: +# B101: Test for use of assert +# B104: Test for binding to all interfaces +# B107: Test for use of hard-coded password argument defaults +# B108: Probable insecure usage of temp file/directory +# B110: Try, Except, Pass detected. +# B111: Execute with run_as_root=True identified, possible security issue +# B310: Audit url open for permitted schemes +# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes +# B404: Import of subprocess module +# B410: Import of lxml module +# B504: Test for SSL use with no version specified +# B506: Test for use of yaml load +# B603: Test for use of subprocess with shell equals true +# B607: Test for starting a process with a partial path + +commands = bandit -r sysinv -x tests --skip B101,B104,B107,B108,B110,B111,B310,B311,B404,B410,B504,B506,B603,B607 + [testenv:pylint] basepython = python2.7 @@ -95,7 +147,8 @@ deps = {[testenv]deps} -e{[tox]cgcsdir}/middleware/util/recipes-common/platform-util/platform-util -e{[tox]cgcsdir}/middleware/sysinv/recipes-common/cgts-client/cgts-client pylint -commands = pylint {posargs} sysinv --rcfile=./pylint.rc --extension-pkg-whitelist=lxml.etree,greenlet +commands = + pylint {posargs} sysinv --rcfile=./pylint.rc --extension-pkg-whitelist=lxml.etree,greenlet [testenv:cover] basepython = python2.7