Add bandit code static analyzer for security, some false positives removed with #nosec.
Bandit is a python package for staticly scanning code for security issues. * Added to tox.ini * Added to setup.py * Added to .travis.yml As part of CI/CD pipeline
This commit is contained in:
parent
d2094fed38
commit
78fe97b9cb
|
@ -21,6 +21,10 @@ matrix:
|
|||
python: 3.6
|
||||
- env: TOX_ENV=check
|
||||
python: 3.6
|
||||
- env: TOX_ENV=security
|
||||
python: 3.7
|
||||
dist: xenial
|
||||
sudo: true
|
||||
install:
|
||||
- pip install -U tox
|
||||
- pip install codecov
|
||||
|
|
|
@ -80,7 +80,7 @@ class Config(dict):
|
|||
module.__file__ = filename
|
||||
try:
|
||||
with open(filename) as config_file:
|
||||
exec(
|
||||
exec( # nosec
|
||||
compile(config_file.read(), filename, "exec"),
|
||||
module.__dict__,
|
||||
)
|
||||
|
|
2
setup.py
2
setup.py
|
@ -112,7 +112,7 @@ if strtobool(os.environ.get("SANIC_NO_UVLOOP", "no")):
|
|||
|
||||
extras_require = {
|
||||
"test": tests_require,
|
||||
"dev": tests_require + ["aiofiles", "tox", "black", "flake8"],
|
||||
"dev": tests_require + ["aiofiles", "tox", "black", "flake8", "bandit"],
|
||||
"docs": [
|
||||
"sphinx",
|
||||
"sphinx_rtd_theme",
|
||||
|
|
12
tox.ini
12
tox.ini
|
@ -1,5 +1,5 @@
|
|||
[tox]
|
||||
envlist = py36, py37, {py36,py37}-no-ext, lint, check
|
||||
envlist = py36, py37, {py36,py37}-no-ext, lint, check, security
|
||||
|
||||
[testenv]
|
||||
usedevelop = True
|
||||
|
@ -31,10 +31,11 @@ deps =
|
|||
flake8
|
||||
black
|
||||
isort
|
||||
bandit
|
||||
|
||||
commands =
|
||||
flake8 sanic
|
||||
black --config ./.black.toml --check --verbose sanic
|
||||
black --config ./.black.toml --check --verbose sanic/
|
||||
isort --check-only --recursive sanic
|
||||
|
||||
[testenv:check]
|
||||
|
@ -47,3 +48,10 @@ commands =
|
|||
[pytest]
|
||||
filterwarnings =
|
||||
ignore:.*async with lock.* instead:DeprecationWarning
|
||||
|
||||
[testenv:security]
|
||||
deps =
|
||||
bandit
|
||||
|
||||
commands =
|
||||
bandit --recursive sanic --skip B404,B101 --exclude sanic/reloader_helpers.py
|
Loading…
Reference in New Issue
Block a user