--- /dev/null
+# -*- coding: utf8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/validation-scripts
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the "License");
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+skips: ['B101']
#
# ============LICENSE_END============================================
#
+import contextlib
import csv
+import io
import json
import os
-import subprocess
+import subprocess #nosec
import sys
import pytest
+from flake8.main.application import Application
from update_reqs import get_requirements
def check_flake8_passes():
- result = subprocess.run(
- ["flake8", "."],
- encoding="utf-8",
- stdout=subprocess.PIPE,
- stderr=subprocess.PIPE,
- )
+ output = io.StringIO()
+ with contextlib.redirect_stdout(output), contextlib.redirect_stderr(output):
+ app = Application()
+ app.run(["ice_validator"])
+ output.seek(0)
+ lines = [f" {l}" for l in output.readlines()]
+ return ["flake8 errors detected:"] + lines if lines else []
+
+
+def check_bandit_passes():
+ result = subprocess.run( #nosec
+ ["bandit", "-c", "bandit.yaml", "-r", ".", "-x", "./.tox/**"], #nosec
+ encoding="utf-8", #nosec
+ stdout=subprocess.PIPE, #nosec
+ stderr=subprocess.PIPE, #nosec
+ ) #nosec
msgs = result.stdout.split("\n") if result.returncode != 0 else []
- return ["flake8 errors detected:"] + [f" {e}" for e in msgs] if msgs else []
+ return ["bandit errors detected:"] + [f" {e}" for e in msgs] if msgs else []
if __name__ == "__main__":
check_testable_requirements_are_mapped,
check_non_testable_requirements_are_not_mapped,
check_flake8_passes,
+ check_bandit_passes,
]
results = [check() for check in checks]
errors = "\n".join("\n".join(msg) for msg in results if msg)
# noinspection PyShadowingNames
@pytest.fixture(scope="module")
def config():
- return vvp.Config(yaml.load(StringIO(DEFAULT_CONFIG)))
+ return vvp.Config(yaml.safe_load(StringIO(DEFAULT_CONFIG)))
def test_app_name(config):
def test_missing_category_fields():
- settings = yaml.load(StringIO(MISSING_CATEGORY_FIELD))
+ settings = yaml.safe_load(StringIO(MISSING_CATEGORY_FIELD))
with pytest.raises(RuntimeError) as e:
vvp.Config(settings)
assert "Missing: name" in str(e)
if abs_path not in YAML_CACHE:
YAML_CACHE[abs_path] = yaml.safe_load(fp)
return YAML_CACHE[abs_path]
+
+
+safe_load = load
:param path: string directory containing files
:return: string MD5 hash code (hex)
"""
- md5 = hashlib.md5()
+ md5 = hashlib.md5() # nosec
for dir_path, sub_dirs, filenames in os.walk(path):
for filename in filenames:
file_path = os.path.join(dir_path, filename)
try:
with open(yaml_file) as fh:
- normal_yaml.load(fh)
+ normal_yaml.safe_load(fh)
except ConstructorError as e:
pytest.fail("{} {}".format(e.problem, e.problem_mark))
actually exists in all yaml files
"""
with open(yaml_file) as fh:
- yml = yaml.load(fh)
+ yml = yaml.safe_load(fh)
# skip if resources are not defined
if "resources" not in yml:
self._config = config
else:
with open(self.DEFAULT_FILENAME, "r") as f:
- self._config = yaml.load(f)
+ self._config = yaml.safe_load(f)
self._user_settings = UserSettings(
self._config["namespace"], self._config["owner"]
)
coverage xml
flake8 --version
flake8 ice_validator
+ bandit -c bandit.yaml -r . -x ./.tox/**,./venv-tox/**
deps = --no-use-pep517
-rrequirements.txt
- flake8==3.6.0
- coverage==4.5.1
+ flake8
+ coverage
+ bandit
[flake8]
def get_requirements():
"""Retrieves the binary JSON content fom REQS_URL"""
- return request.urlopen(REQS_URL)
+ return request.urlopen(REQS_URL) # nosec
def write_file(contents, path):
Code Review / vvp / validation-scripts.git / commitdiff