Enable bandit for ansible-playbooks
Story: 2008929 Task: 42531 Change-Id: Ibc7ba6ec327f87775a61f96c709654b75ce78489 Signed-off-by: Chen, Haochuan Z <haochuan.z.chen@intel.com>
This commit is contained in:
		
							
								
								
									
										14
									
								
								.zuul.yaml
									
									
									
									
									
								
							
							
						
						
									
										14
									
								
								.zuul.yaml
									
									
									
									
									
								
							| @@ -3,10 +3,12 @@ | ||||
|       jobs: | ||||
|         - openstack-tox-linters | ||||
|         - openstack-tox-pep8 | ||||
|         - ansible-playbooks-tox-bandit | ||||
|     gate: | ||||
|       jobs: | ||||
|         - openstack-tox-linters | ||||
|         - openstack-tox-pep8 | ||||
|         - ansible-playbooks-tox-bandit | ||||
|     post: | ||||
|       jobs: | ||||
|         - stx-ansible-playbooks-upload-git-mirror | ||||
| @@ -24,6 +26,18 @@ | ||||
|         secret: stx-ansible-playbooks-github-secret | ||||
|         pass-to-parent: true | ||||
|  | ||||
| - job: | ||||
|     name: ansible-playbooks-tox-bandit | ||||
|     parent: tox | ||||
|     description: | | ||||
|       Run bandit test for ansible-playbooks | ||||
|     nodeset: ubuntu-bionic | ||||
|     files: | ||||
|       - ./* | ||||
|     vars: | ||||
|       tox_envlist: bandit | ||||
|       tox_extra_args: -c ./tox.ini | ||||
|  | ||||
| - secret: | ||||
|     name: stx-ansible-playbooks-github-secret | ||||
|     data: | ||||
|   | ||||
| @@ -1,4 +1,5 @@ | ||||
| ansible-lint <= 4.3.7 | ||||
| bandit;python_version>="3.0" | ||||
| bashate >= 0.2 | ||||
| flake8 >= 2.5.4 # MIT | ||||
| PyYAML >= 3.1.0 | ||||
|   | ||||
							
								
								
									
										19
									
								
								tox.ini
									
									
									
									
									
								
							
							
						
						
									
										19
									
								
								tox.ini
									
									
									
									
									
								
							| @@ -61,3 +61,22 @@ exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build,release-tag-* | ||||
| [testenv:venv] | ||||
| basepython = python3 | ||||
| commands = {posargs} | ||||
|  | ||||
| [bandit] | ||||
| # The following bandit tests are being skipped: | ||||
| # B108: Test for insecure usage of tmp file/directory | ||||
| # B110: Try, Except, Pass detected. | ||||
| # B404: Import of subprocess module | ||||
| # B603: Test for use of subprocess without shell equals true | ||||
| # B607: Test for starting a process with a partial path | ||||
| # B608: Possible SQL injection vector through string-based query | ||||
| # | ||||
| # Note: 'skips' entry cannot be split across multiple lines | ||||
| # | ||||
| skips = B108,B110,B404,B603,B607,B608 | ||||
| exclude = tests | ||||
|  | ||||
| [testenv:bandit] | ||||
| basepython = python3 | ||||
| deps = -r{toxinidir}/test-requirements.txt | ||||
| commands = bandit --ini tox.ini -n 5 -r playbookconfig/src/playbooks/roles | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Chen, Haochuan Z
					Chen, Haochuan Z