diff options
author | Neil Williams <neil.williams@linaro.org> | 2018-10-01 08:33:51 +0100 |
---|---|---|
committer | Neil Williams <neil.williams@linaro.org> | 2018-10-01 16:14:00 +0100 |
commit | d353200b923472e09039ef7d7d59cbbad1967d33 (patch) | |
tree | b33dad5249fa109f07b21a88758acaeba2983b59 /lava_dispatcher/actions | |
parent | b69f7c11e41e0094d49b2fe2f60a8bb8fb6ee019 (diff) |
Add overrides for bandit false positives
Reduce the noise in the SAST report further.
Override bandit warnings in lava-dispatcher as bandit is
overly based on a web UI mindset.
Add overrides and fixes for files in ./share/
Signed-off-by: Neil Williams <neil.williams@linaro.org>
Diffstat (limited to 'lava_dispatcher/actions')
-rw-r--r-- | lava_dispatcher/actions/deploy/apply_overlay.py | 9 | ||||
-rw-r--r-- | lava_dispatcher/actions/deploy/docker.py | 6 | ||||
-rw-r--r-- | lava_dispatcher/actions/deploy/download.py | 12 | ||||
-rw-r--r-- | lava_dispatcher/actions/deploy/overlay.py | 4 | ||||
-rw-r--r-- | lava_dispatcher/actions/deploy/testdef.py | 2 |
5 files changed, 16 insertions, 17 deletions
diff --git a/lava_dispatcher/actions/deploy/apply_overlay.py b/lava_dispatcher/actions/deploy/apply_overlay.py index 66ce304eb..e74c09081 100644 --- a/lava_dispatcher/actions/deploy/apply_overlay.py +++ b/lava_dispatcher/actions/deploy/apply_overlay.py @@ -20,7 +20,7 @@ import os import shutil -import subprocess +import subprocess # nosec - internal use. from lava_dispatcher.action import ( Action, Pipeline, @@ -247,7 +247,7 @@ class ApplyOverlayTftp(Action): # not be removed if umount fails. directory = mkdtemp(autoremove=False) try: - subprocess.check_output(['mount', '-t', 'nfs', nfs_address, directory]) + subprocess.check_output(['mount', '-t', 'nfs', nfs_address, directory]) # nosec - internal. except subprocess.CalledProcessError as exc: raise JobError(exc) elif self.parameters.get('ramdisk') is not None: @@ -279,7 +279,7 @@ class ApplyOverlayTftp(Action): self.logger.debug("[%s] Applying overlay %s to directory %s", namespace, overlay_file, directory) untar_file(overlay_file, directory) if nfs_address: - subprocess.check_output(['umount', directory]) + subprocess.check_output(['umount', directory]) # nosec - internal. os.rmdir(directory) # fails if the umount fails return connection @@ -549,8 +549,7 @@ class CompressRamdisk(Action): ramdisk_data, ramdisk_dir) cmd = "find . | cpio --create --format='newc' > %s" % ramdisk_data try: - # safe to use shell=True here, no external arguments - log = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT) + log = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT) # nosec - safe to use shell=True here, no external arguments log = log.decode("utf-8", errors="replace") except OSError as exc: raise InfrastructureError('Unable to create cpio filesystem: %s' % exc) diff --git a/lava_dispatcher/actions/deploy/docker.py b/lava_dispatcher/actions/deploy/docker.py index 004373030..6da65c361 100644 --- a/lava_dispatcher/actions/deploy/docker.py +++ b/lava_dispatcher/actions/deploy/docker.py @@ -19,7 +19,7 @@ # with this program; if not, see <http://www.gnu.org/licenses>. import re -import subprocess +import subprocess # nosec - internal from lava_common.exceptions import InfrastructureError, JobError from lava_dispatcher.action import Pipeline @@ -42,10 +42,10 @@ class DockerAction(DeployAction): # Print docker version try: - out = subprocess.check_output(["docker", "version", "-f", "{{.Server.Version}}"]) + out = subprocess.check_output(["docker", "version", "-f", "{{.Server.Version}}"]) # nosec - internal out = out.decode("utf-8", errors="replace").strip("\n") self.logger.debug("docker server, installed at version: %s", out) - out = subprocess.check_output(["docker", "version", "-f", "{{.Client.Version}}"]) + out = subprocess.check_output(["docker", "version", "-f", "{{.Client.Version}}"]) # nosec - internal out = out.decode("utf-8", errors="replace").strip("\n") self.logger.debug("docker client, installed at version: %s", out) except subprocess.CalledProcessError as exc: diff --git a/lava_dispatcher/actions/deploy/download.py b/lava_dispatcher/actions/deploy/download.py index 53682dd0a..0f087d989 100644 --- a/lava_dispatcher/actions/deploy/download.py +++ b/lava_dispatcher/actions/deploy/download.py @@ -30,7 +30,7 @@ import shutil import time import hashlib import requests -import subprocess +import subprocess # nosec - verified. from lava_dispatcher.power import ResetDevice from lava_dispatcher.protocols.lxc import LxcProtocol from lava_dispatcher.actions.deploy import DeployAction @@ -212,7 +212,7 @@ class DownloadHandler(Action): # pylint: disable=too-many-instance-attributes connection = super().run(connection, max_end_time) # self.cookies = self.job.context.config.lava_cookies # FIXME: work out how to restore - md5 = hashlib.md5() + md5 = hashlib.md5() # nosec - not being used for cryptography. sha256 = hashlib.sha256() # Create a fresh directory if the old one has been removed by a previous cleanup @@ -286,7 +286,7 @@ class DownloadHandler(Action): # pylint: disable=too-many-instance-attributes if compression and decompress_command: try: with open(fname, 'wb') as dwnld_file: - proc = subprocess.Popen([decompress_command], + proc = subprocess.Popen([decompress_command], # nosec - internal. stdin=subprocess.PIPE, stdout=dwnld_file) except OSError as exc: @@ -502,7 +502,7 @@ class ScpDownloadAction(DownloadHandler): def validate(self): super().validate() try: - size = subprocess.check_output(['nice', 'ssh', + size = subprocess.check_output(['nice', 'ssh', # nosec - internal. self.url.netloc, 'stat', '-c', '%s', self.url.path], @@ -514,7 +514,7 @@ class ScpDownloadAction(DownloadHandler): def reader(self): process = None try: - process = subprocess.Popen( + process = subprocess.Popen( # nosec - internal. ['nice', 'ssh', self.url.netloc, 'cat', self.url.path], stdout=subprocess.PIPE ) @@ -605,7 +605,7 @@ class QCowConversionAction(Action): self.logger.debug("Converting downloaded image from qcow2 to raw") try: - subprocess.check_output(['qemu-img', 'convert', + subprocess.check_output(['qemu-img', 'convert', # nosec - checked. '-f', 'qcow2', '-O', 'raw', origin, fname], stderr=subprocess.STDOUT) diff --git a/lava_dispatcher/actions/deploy/overlay.py b/lava_dispatcher/actions/deploy/overlay.py index ac6fe5452..26589b8fa 100644 --- a/lava_dispatcher/actions/deploy/overlay.py +++ b/lava_dispatcher/actions/deploy/overlay.py @@ -223,7 +223,7 @@ class MultinodeOverlayAction(OverlayAction): # Multinode-only self.lava_multi_node_test_dir = os.path.realpath( '%s/../../lava_test_shell/multi_node' % os.path.dirname(__file__)) - self.lava_multi_node_cache_file = '/tmp/lava_multi_node_cache.txt' + self.lava_multi_node_cache_file = '/tmp/lava_multi_node_cache.txt' # nosec - on the DUT self.role = None self.protocol = MultinodeProtocol.name @@ -316,7 +316,7 @@ class VlandOverlayAction(OverlayAction): # vland-only self.lava_vland_test_dir = os.path.realpath( '%s/../../lava_test_shell/vland' % os.path.dirname(__file__)) - self.lava_vland_cache_file = '/tmp/lava_vland_cache.txt' + self.lava_vland_cache_file = '/tmp/lava_vland_cache.txt' # nosec - on the DUT self.params = {} self.sysfs = [] self.tags = [] diff --git a/lava_dispatcher/actions/deploy/testdef.py b/lava_dispatcher/actions/deploy/testdef.py index b77786e7b..400536eca 100644 --- a/lava_dispatcher/actions/deploy/testdef.py +++ b/lava_dispatcher/actions/deploy/testdef.py @@ -452,7 +452,7 @@ class InlineRepoAction(RepoAction): # pylint: disable=too-many-public-methods # Grab the inline test definition testdef = self.parameters['repository'] - sha1 = hashlib.sha1() + sha1 = hashlib.sha1() # nosec - not used for cryptography # Dump the test definition and compute the sha1 yaml_file = os.path.join(runner_path, self.parameters['path']) |