Remediate failing Bandit gate
Adds a #nosec exclusion to a known Bandit error that has been evaluated as low severity, and included comments about how the severity is further reduced. Adds a target Python version for Bandit job so that it does not fail to scan several more files that are not working with a Python 2 run of Bandit. Change-Id: I251abd092b3049a663b8758bbec0926f4b4836f7
This commit is contained in:
parent
18ed6674d2
commit
7d9ca0b69b
|
@ -83,9 +83,13 @@ class DeckhandCreateSiteActionTagOperator(DeckhandBaseOperator):
|
||||||
|
|
||||||
# Retrieve result of task execution
|
# Retrieve result of task execution
|
||||||
#
|
#
|
||||||
# TODO(eanylin): Use Airflow API instead of CLI once the API is
|
# Using nosec because:
|
||||||
# ready for consumption, i.e. no longer experimental
|
# 1) this subprocess runs within the same container
|
||||||
response = subprocess.run(
|
# that runs this code
|
||||||
|
# 2) has no input that is sourced from an external user
|
||||||
|
# 3) Is not supported via any API that is also accessible to this
|
||||||
|
# container.
|
||||||
|
response = subprocess.run( # nosec
|
||||||
['airflow',
|
['airflow',
|
||||||
'task_state',
|
'task_state',
|
||||||
self.main_dag_name,
|
self.main_dag_name,
|
||||||
|
|
|
@ -35,6 +35,7 @@ commands = flake8 {posargs}
|
||||||
|
|
||||||
[testenv:bandit]
|
[testenv:bandit]
|
||||||
skipsdist=True
|
skipsdist=True
|
||||||
|
basepython=python3
|
||||||
commands =
|
commands =
|
||||||
bandit \
|
bandit \
|
||||||
-r shipyard_airflow \
|
-r shipyard_airflow \
|
||||||
|
|
|
@ -9,6 +9,7 @@ deps = -r{toxinidir}/requirements.txt
|
||||||
-r{toxinidir}/test-requirements.txt
|
-r{toxinidir}/test-requirements.txt
|
||||||
|
|
||||||
[testenv:py35]
|
[testenv:py35]
|
||||||
|
skipsdist=True
|
||||||
commands =
|
commands =
|
||||||
pytest \
|
pytest \
|
||||||
{posargs} \
|
{posargs} \
|
||||||
|
@ -19,6 +20,7 @@ commands =
|
||||||
--cov-report=html
|
--cov-report=html
|
||||||
|
|
||||||
[testenv:py36]
|
[testenv:py36]
|
||||||
|
skipsdist=True
|
||||||
commands =
|
commands =
|
||||||
pytest \
|
pytest \
|
||||||
{posargs} \
|
{posargs} \
|
||||||
|
@ -33,6 +35,8 @@ basepython=python3
|
||||||
commands = flake8 {posargs}
|
commands = flake8 {posargs}
|
||||||
|
|
||||||
[testenv:bandit]
|
[testenv:bandit]
|
||||||
|
basepython=python3
|
||||||
|
skipsdist=True
|
||||||
commands =
|
commands =
|
||||||
bandit \
|
bandit \
|
||||||
-r shipyard_client \
|
-r shipyard_client \
|
||||||
|
|
Loading…
Reference in New Issue