[checkmk-commits] Added makefile target for manual bandit test calls

Module: check_mk Branch: master Commit: f7afc1e72ce2e55f94976b5b07ccb72d3f6072e4 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f7afc1e72ce2e5… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Nov 8 20:48:41 2016 +0100 Added makefile target for manual bandit test calls --- bandit.yaml | 7 +++++++ tests/Makefile | 24 ++++++++++++++++-------- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/bandit.yaml b/bandit.yaml index 5829195..de70674 100644 --- a/bandit.yaml +++ b/bandit.yaml @@ -1,4 +1,11 @@ +# a list of strings, which if found in the path will cause files to be excluded +# for example /tests/ - to remove all all files in tests directory +exclude_dirs: + - '/tests/' + - '/doc/treasures/localchecks' + - '/doc/treasures/notifications' + ### Bandit config file generated from: # '/usr/local/bin/bandit-config-generator -o ../bandit.yaml' diff --git a/tests/Makefile b/tests/Makefile index b66c5bf..2c1882f 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -4,16 +4,27 @@ help: @echo "test - Run all tests" @echo "test-pylint - Run pylint based tests" @echo "test-pylint-ci - Run pylint based tests within Jenkins" + @echo "test-bandit - Run bandit (security) tests" @echo "test-bandit-ci - Run bandit (security) tests within Jenkins" @echo "setup - Install dependencies" test: py.test + test-pylint: py.test -k pylint -test-bandit-ci: + +test-pylint-ci: + export TERM="linux" ; \ + export PYLINT_ARGS="--output-format=cmk_parseable" ; \ + export PYLINT_OUTPUT="$$WORKDIR/pylint.log" ; \ + echo -n > $$WORKDIR/pylint.log ; \ + $(MAKE) test-pylint + + +test-bandit: # Currently only care about high severity reported issues. Once this is # reached, go and enable the medium/low checks. CMK_DIR="$(realpath ..)" ; \ @@ -22,19 +33,16 @@ test-bandit-ci: -c "$$CMK_DIR/bandit.yaml" \ -r \ -lll \ - -f xml -o "$$WORKDIR/bandit_results.xml" \ + $(OUTPUT_ARGS) \ "$$CMK_DIR" \ "$$CMK_DIR"/{checks,inventory}/* \ "$$CMC_DIR" \ "$$CMC_DIR"/agents/{plugins,bakery}/* -test-pylint-ci: - export TERM="linux" ; \ - export PYLINT_ARGS="--output-format=cmk_parseable" ; \ - export PYLINT_OUTPUT="$$WORKDIR/pylint.log" ; \ - echo -n > $$WORKDIR/pylint.log ; \ - $(MAKE) test-pylint +test-bandit-ci: + OUTPUT_ARGS="-f xml -o \"$$WORKDIR/bandit_results.xml\"" \ + $(MAKE) test-bandit setup: