Add bandit to the quality tools

Adding the bandit tool to the toolbox. And fix some trivial py3 syntax errors in the op3 example so it doesn't blow up right away.
CZ-NIC · Apr 15, 2019 · c1470bb · c1470bb
1 parent de5d6e4
commit c1470bb
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 4 deletions.
diff --git a/Makefile b/Makefile
@@ -16,6 +16,7 @@ help:
 	@echo "  test       to run the tests"
 	@echo "  isort      to sort imports"
 	@echo "  blacken    to format the code"
+	@echo "  bandit     to run some simple security checkers"
 .PHONY: help
 
 clean:
@@ -55,6 +56,10 @@ check-black:
 	@pipenv run black src/ --check
 .PHONY: blacken check-black
 
+bandit:
+	@pipenv run bandit -a file -r src/ oauth_example/ oidc_example/ 
+.PHONY: bandit
+
 check-pylama:
 	@pipenv run pylama $(OICDIR) $(TESTDIR)
 .PHONY: check-pylama

diff --git a/oidc_example/op3/server.py b/oidc_example/op3/server.py
@@ -10,6 +10,8 @@
 import traceback
 import argparse
 import importlib
+import logging
+
 from mako.lookup import TemplateLookup
 
 from oic import rndstr
@@ -243,7 +245,7 @@ def meta_info(self, environ, start_response):
              ]}
 
         """
-        print '\n in meta-info'
+        print('\n in meta-info')
         pass
 
     def webfinger(self, environ, start_response):
@@ -275,7 +277,7 @@ def application(self, environ, start_response):
         """
         path = environ.get('PATH_INFO', '').lstrip('/')
 
-        print 'start_response: ', start_response
+        print('start_response: ', start_response)
 
         if path == "robots.txt":
             return static(self, environ, start_response, "static/robots.txt")
@@ -470,7 +472,7 @@ def mako_renderer(template_name, context):
     server = wsgiserver.CherryPyWSGIServer(('0.0.0.0', config.PORT), _app.application)
     server.ssl_adapter = BuiltinSSLAdapter(config.SERVER_CERT, config.SERVER_KEY)
 
-    print "OIDC Provider server started (issuer={}, port={})".format(config.ISSUER, config.PORT)
+    print("OIDC Provider server started (issuer={}, port={})".format(config.ISSUER, config.PORT))
 
     try:
         server.start()

diff --git a/setup.py b/setup.py
@@ -75,7 +75,7 @@ def run_tests(self):
         'develop': ["cherrypy==3.2.4", "pyOpenSSL"],
         'testing': tests_requires,
         'docs': ['Sphinx', 'sphinx-autobuild', 'alabaster'],
-        'quality': ['pylama', 'isort', 'eradicate', 'mypy', 'black'],
+        'quality': ['pylama', 'isort', 'eradicate', 'mypy', 'black', 'bandit'],
         'ldap_authn': ['pyldap'],
     },
     install_requires=[