Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixing Bandit findings and adding travis Bandit job (#759) 

* Fixes for Bandit

This commit fixes a couple of issues so that Bandit can run
cleanly using medium+ severity and confidence filtering.

* Adding Lemur Bandit job to TravisCI
This commit is contained in:
Travis McPeak 2017-04-24 18:37:03 -07:00 committed by kevgliss
parent 1c295896e6
commit bc66ede9aa
5 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -34,9 +34,11 @@ before_script:
install: install:
- pip install coveralls - pip install coveralls
- pip install bandit
script: script:
- make test - make test
- bandit -r . -ll -ii -x lemur/tests/,docs
after_success: after_success:
- coveralls - coveralls

3
lemur/factory.py
View File

@ -73,7 +73,8 @@ def from_file(file_path, silent=False):
d.__file__ = file_path d.__file__ = file_path
try: try:
with open(file_path) as config_file: with open(file_path) as config_file:
exec(compile(config_file.read(), file_path, 'exec'), d.__dict__) exec(compile(config_file.read(), # nosec: config file safe
file_path, 'exec'), d.__dict__)
except IOError as e: except IOError as e:
if silent and e.errno in (errno.ENOENT, errno.EISDIR): if silent and e.errno in (errno.ENOENT, errno.EISDIR):
return False return False

5
lemur/plugins/lemur_email/templates/config.py
View File

@ -1,11 +1,12 @@
import os import os
import arrow import arrow
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader, select_autoescape
from lemur.plugins.utils import get_plugin_option from lemur.plugins.utils import get_plugin_option
loader = FileSystemLoader(searchpath=os.path.dirname(os.path.realpath(__file__))) loader = FileSystemLoader(searchpath=os.path.dirname(os.path.realpath(__file__)))
env = Environment(loader=loader) env = Environment(loader=loader, # nosec: potentially dangerous types esc.
autoescape=select_autoescape(['html', 'xml']))
def human_time(time): def human_time(time):

4
lemur/plugins/lemur_kubernetes/plugin.py
View File

@ -11,6 +11,7 @@
.. moduleauthor:: Mikhail Khodorovskiy <mikhail.khodorovskiy@jivesoftware.com> .. moduleauthor:: Mikhail Khodorovskiy <mikhail.khodorovskiy@jivesoftware.com>
""" """
import base64 import base64
import os
import urllib import urllib
import requests import requests
import itertools import itertools
@ -139,7 +140,8 @@ class K8sSession(requests.Session):
'Authorization': 'Bearer %s' % bearer 'Authorization': 'Bearer %s' % bearer
}) })
k8_ca = '/tmp/k8.cert' k8_ca = os.path.join(os.path.abspath(os.path.dirname(__file__)),
'k8.cert')
with open(k8_ca, "w") as text_file: with open(k8_ca, "w") as text_file:
text_file.write(cert) text_file.write(cert)

2
setup.py
View File

@ -30,7 +30,7 @@ sys.path.insert(0, ROOT)
about = {} about = {}
with open(os.path.join(ROOT, "lemur", "__about__.py")) as f: with open(os.path.join(ROOT, "lemur", "__about__.py")) as f:
exec(f.read(), about) exec(f.read(), about) # nosec: about file is benign
install_requires = [ install_requires = [