Merge "Enable Bandit testing in Manila"

2024-05-23 21:47:44 +00:00 · 2024-05-23 21:47:44 +00:00 · ebdccfab58
commit ebdccfab58
parent 4109b81f21 333e6aee90
3 changed files with 19 additions and 1 deletions
--- a/manila/service.py
+++ b/manila/service.py
@ -352,7 +352,7 @@ class WSGIService(service.ServiceBase):
        if not rpc.initialized():
            rpc.init(CONF)
        self.app = self.loader.load_app(name)
-        self.host = getattr(CONF, '%s_listen' % name, "0.0.0.0")
+        self.host = getattr(CONF, '%s_listen' % name, "0.0.0.0")  # nosec B104
        self.port = getattr(CONF, '%s_listen_port' % name, 0)
        self.workers = getattr(CONF, '%s_workers' % name, None)
        self.use_ssl = getattr(CONF, '%s_use_ssl' % name, False)
--- a/tox.ini
+++ b/tox.ini
@ -64,6 +64,13 @@ commands = oslopolicy-sample-generator --config-file=etc/manila/manila-policy-ge
 [testenv:venv]
 commands = {posargs}

+[testenv:bandit]
+deps = bandit
+commands = bandit -r manila --ini tox.ini -n5 -ll
+
+[bandit]
+exclude = tests,tegile,hitachi,glusterfs,vnx,ssh_utils.py
+
 [testenv:docs]
 # NOTE(elod.illes): requirements.txt is needed because otherwise
 # dependencies are installed during 'develop-inst' tox phase without
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@ -31,6 +31,8 @@
            voting: false
        - manila-rally-ss:
            voting: false
+        - manila-tox-bandit:
+            voting: false
    gate:
      jobs:
        - manila-tox-py311-with-sqlalchemy-2x
@ -98,3 +100,12 @@
        GLOBAL_VENV: false
    required-projects:
      - openstack/rally-openstack
+
+- job:
+  # Security testing for known issues
+    name: manila-tox-bandit
+    parent: openstack-tox
+    timeout: 2400
+    vars:
+      tox_envlist: bandit
+    irrelevant-files: *irrelevant-files