Module: check_mk
Branch: master
Commit: f7afc1e72ce2e55f94976b5b07ccb72d3f6072e4
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f7afc1e72ce2e5…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Nov 8 20:48:41 2016 +0100
Added makefile target for manual bandit test calls
---
bandit.yaml | 7 +++++++
tests/Makefile | 24 ++++++++++++++++--------
2 files changed, 23 insertions(+), 8 deletions(-)
diff --git a/bandit.yaml b/bandit.yaml
index 5829195..de70674 100644
--- a/bandit.yaml
+++ b/bandit.yaml
@@ -1,4 +1,11 @@
+# a list of strings, which if found in the path will cause files to be excluded
+# for example /tests/ - to remove all all files in tests directory
+exclude_dirs:
+ - '/tests/'
+ - '/doc/treasures/localchecks'
+ - '/doc/treasures/notifications'
+
### Bandit config file generated from:
# '/usr/local/bin/bandit-config-generator -o ../bandit.yaml'
diff --git a/tests/Makefile b/tests/Makefile
index b66c5bf..2c1882f 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -4,16 +4,27 @@ help:
@echo "test - Run all tests"
@echo "test-pylint - Run pylint based tests"
@echo "test-pylint-ci - Run pylint based tests within Jenkins"
+ @echo "test-bandit - Run bandit (security) tests"
@echo "test-bandit-ci - Run bandit (security) tests within Jenkins"
@echo "setup - Install dependencies"
test:
py.test
+
test-pylint:
py.test -k pylint
-test-bandit-ci:
+
+test-pylint-ci:
+ export TERM="linux" ; \
+ export PYLINT_ARGS="--output-format=cmk_parseable" ; \
+ export PYLINT_OUTPUT="$$WORKDIR/pylint.log" ; \
+ echo -n > $$WORKDIR/pylint.log ; \
+ $(MAKE) test-pylint
+
+
+test-bandit:
# Currently only care about high severity reported issues. Once this is
# reached, go and enable the medium/low checks.
CMK_DIR="$(realpath ..)" ; \
@@ -22,19 +33,16 @@ test-bandit-ci:
-c "$$CMK_DIR/bandit.yaml" \
-r \
-lll \
- -f xml -o "$$WORKDIR/bandit_results.xml" \
+ $(OUTPUT_ARGS) \
"$$CMK_DIR" \
"$$CMK_DIR"/{checks,inventory}/* \
"$$CMC_DIR" \
"$$CMC_DIR"/agents/{plugins,bakery}/*
-test-pylint-ci:
- export TERM="linux" ; \
- export PYLINT_ARGS="--output-format=cmk_parseable" ; \
- export PYLINT_OUTPUT="$$WORKDIR/pylint.log" ; \
- echo -n > $$WORKDIR/pylint.log ; \
- $(MAKE) test-pylint
+test-bandit-ci:
+ OUTPUT_ARGS="-f xml -o \"$$WORKDIR/bandit_results.xml\"" \
+ $(MAKE) test-bandit
setup: