The Wayback Machine - https://web.archive.org/web/20210918134345/https://github.com/mitre/caldera/pull/1539
Skip to content

/ caldera Public

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Virts 1106d bandit ci #1539

Merged
merged 9 commits into from Apr 20, 2020
Merged

Virts 1106d bandit ci #1539

merged 9 commits into from Apr 20, 2020

Conversation

@unkempthenry
Copy link
Contributor

@unkempthenry unkempthenry commented Apr 16, 2020
edited

WIP because CI should fail until: #1535 #1540 makes it in (hardcoded binding to 0.0.0.0 is a medium finding)

This PR configures bandit to fail pipelines on medium and high severity problems.

Changes:

  • Add bandit pre-commit hook
  • Add bandit https://bandit.readthedocs.io/en/latest/ to tox config
  • Configure travis ci to run bandit checks
  • the "style" stage of Travis CI will now run bandit in addition to flake8 linting

Bandit is a nice tool for identifying quality issues in Python code (especially more obvious security issues).
Possible next steps:

  • run bandit on low severity findings too
  • this PR will not scan the plugins/ directory. Bandit would definitely be valuable for scanning plugins, but unsure if we want to do this here, or in the plugins themselves.
@codecov
Copy link

@codecov codecov bot commented Apr 16, 2020
edited

Codecov Report

Merging #1539 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #1539   +/-   ##
=======================================
  Coverage   54.92%   54.92%           
=======================================
  Files          46       46           
  Lines        2895     2895           
=======================================
  Hits         1590     1590           
  Misses       1305     1305

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5a17fd5...fba0d1f. Read the comment docs.
Henry Foster added 6 commits Apr 17, 2020
add bandit to tox
d7aa0c3
align pre-commit bandit settings to tox config
b5eae9d
remove plugins/ for now
e451fc0
make sure bandit gets run recursively
4a3950b
make sure bandit gets run recursively
55f384d
add bandit to travis
59c3b85
@unkempthenry unkempthenry force-pushed the virts-1106d-bandit-ci branch from 1c90674 to 59c3b85 Apr 17, 2020
tox style only runs flake8 pre-commmit
46a7aa5 
Since this check runs on --all-files, it was causing
to run on files that should be ignored (tests/) and failing
the pipeline.

Also, remove .bandit file and just use cli args.
@unkempthenry unkempthenry changed the title WIP: Virts 1106d bandit ci Virts 1106d bandit ci Apr 17, 2020
christophert
christophert requested changes Apr 17, 2020
View changes
.pre-commit-config.yaml Outdated Show resolved Hide resolved
tox.ini Outdated Show resolved Hide resolved
tox.ini Outdated Show resolved Hide resolved
Henry Foster added 2 commits Apr 17, 2020
fix bandit invocation
a54214a
consolidate bandit into the style check
fba0d1f
@unkempthenry unkempthenry requested a review from christophert Apr 17, 2020
christophert
christophert approved these changes Apr 17, 2020
View changes
Copy link
Contributor

@christophert christophert left a comment

Changes look good!
@privateducky privateducky merged commit 038ba7d into master Apr 20, 2020
3 checks passed
@privateducky privateducky deleted the virts-1106d-bandit-ci branch Apr 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
3 participants
@unkempthenry @christophert @privateducky