Module: check_mk
Branch: master
Commit: da14fb485f9069a452cf15e48bdec535c51006a8
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=da14fb485f9069…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Nov 12 13:56:38 2018 +0100
Extracted python file finding from bandit test target
* Moved python file searching to separate tests/find-python-files script
* Exclude .venv files from tests/static/.venv
* Moved bandit.ini creation to separate phony target
Change-Id: Ie4e02f22ee76b63c83c2a4abbf421774a7d598bf
---
tests/Makefile | 33 +++++----------------------------
tests/find-python-files | 39 +++++++++++++++++++++++++++++++++++++++
2 files changed, 44 insertions(+), 28 deletions(-)
diff --git a/tests/Makefile b/tests/Makefile
index af85575..0ba7f03 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -23,7 +23,7 @@ help:
# This target needs to be phony so it is run every time because only the other
# makefile can determine that there's nothing to be done.
# TODO: Move everything to top level makefile?
-.PHONY: ../.venv
+.PHONY: ../.venv bandit.ini
../.venv:
$(MAKE) -C .. .venv
@@ -53,33 +53,10 @@ test-docker: ../.venv
$(MAKE) -C ../docker test-lint-dockerfile test-lint-entrypoint
$(PYTEST) -T docker
-test-bandit: ../.venv
-# Finding all the Python stuff in our project is a bit tricky/ugly...
- ( cd .. ; \
- echo '[bandit]'; \
- echo -n 'targets: '; \
- for i in $$(find $$(realpath active_checks \
- agents \
- bin \
- checks \
- cmk \
- cmk_base \
- doc \
- enterprise \
- inventory \
- livestatus \
- managed \
- notifications \
- omd/packages/cma \
- omd/packages/maintenance \
- omd/packages/omd \
- scripts \
- tests \
- web/app \
- werk ) \
- -type f | sort ); do \
- { [[ "$$i" == *.py ]] || { head -n 1 "$$i" | grep -q
'^#!.*python$$'; } ; } && echo -n "$$i,"; \
- done ) | sed 's/,$$//' > bandit.ini
+bandit.ini:
+ echo -e "[bandit]\ntargets: $$(./find-python-files | tr '\n' ',' |
sed 's/,$$//')" > bandit.ini
+
+test-bandit: ../.venv bandit.ini
# Currently only care about high severity reported issues. Once this is reached,
# go and enable the medium/low checks.
$(BANDIT) -c ../bandit.yaml -r -lll --ini bandit.ini $(BANDIT_OUTPUT_ARGS)
diff --git a/tests/find-python-files b/tests/find-python-files
new file mode 100755
index 0000000..19d0056
--- /dev/null
+++ b/tests/find-python-files
@@ -0,0 +1,39 @@
+#!/bin/bash
+# Find and print the absolute paths of all python source code files
+set -e
+
+REPO_PATH=$(dirname $(dirname $(realpath "$0")))
+cd "$REPO_PATH"
+
+SEARCH=
+SEARCH+=" active_checks"
+SEARCH+=" agents"
+SEARCH+=" bin"
+SEARCH+=" checks"
+SEARCH+=" cmk"
+SEARCH+=" cmk_base"
+SEARCH+=" doc"
+SEARCH+=" enterprise"
+SEARCH+=" inventory"
+SEARCH+=" livestatus"
+SEARCH+=" managed"
+SEARCH+=" notifications"
+# Do not search whole omd/ because it may contain unpacked sub-packages
+SEARCH+=" omd/packages/cma"
+SEARCH+=" omd/packages/maintenance"
+SEARCH+=" omd/packages/omd"
+
+SEARCH+=" scripts"
+SEARCH+=" tests"
+SEARCH+=" web/app"
+SEARCH+=" werk"
+
+# Resolve search paths to real paths before the search for performance reasons
+REAL_SEARCH=$(realpath $SEARCH)
+
+# while read F is used to deal with files containing whitespaces
+find $REAL_SEARCH -name .venv -prune -o -type f -print | while read F; do
+ if [[ "$F" == *.py ]] || head -n 1 "$F" | grep -q
'^#!.*python$' >/dev/null 2>&1; then
+ echo "$F"
+ fi
+done