forked from in-toto/in-toto
-
Notifications
You must be signed in to change notification settings - Fork 0
/
tox.ini
47 lines (40 loc) · 2 KB
/
tox.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Tox (http://tox.testrun.org/) is a tool for running tests
# in multiple virtualenvs. This configuration file will run the
# test suite on all supported python versions. To use it, "pip install tox"
# and then run "tox" from this directory.
# To run an individual test environment run e.g. tox -e py27
[tox]
envlist = lint,py{27,35,36,37}
skipsdist=True
[testenv]
deps =
-rrequirements-tox.txt
commands =
# Run unittests with coverage
coverage run tests/runtests.py
coverage report -m --fail-under 99
[testenv:lint]
# NOTE: As opposed to above pyXY environments, which run in pythonX.Y, this
# environment uses the `python` available on the path.
commands =
# Run pylint, using the Secure System Lab's pylintrc as base config
# https://github.com/secure-systems-lab/sample-documents/blob/master/pylintrc
pylint in_toto
# Run pylint on tests with required exemptions to allow protected member
# access (W0212) and test methods that don't use self (R0201). Also be less
# strict about naming (C0103, C0202), docs (C0111) and line length (C0301).
pylint tests --disable W0212,R0201,C0103,C0202,C0111,C0301
# Run bandit, a security linter from OpenStack Security
# Exclude files that need special treatment and are tested below
bandit -r in_toto -x in_toto/util.py,in_toto/process.py,in_toto/gpg/util.py
# Ignore false positive "hardcoded password" warning
# NOTE: Should become obsolete with in-toto/in-toto#80
# https://bandit.readthedocs.io/en/latest/plugins/b107_hardcoded_password_funcdef.html
bandit in_toto/util.py --skip B107
# Allow blacklisted but required subprocess
# https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess
bandit in_toto/process.py --skip B404
# Allow blacklisted SHA1 required for gpg keyids
# TODO: Will become obsolete with in-toto/in-toto#275
# https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b303-md5
bandit in_toto/gpg/util.py --skip B303