-
Notifications
You must be signed in to change notification settings - Fork 334
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Bandit security linting; update requirements #562
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding this and cleaning things up. ¡muy bien! 🚢
@austinbyers one comment: you mention this is enforced in travis ci... does it only take adding a |
.bandit
Outdated
@@ -0,0 +1,10 @@ | |||
[bandit] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can this live in the setup.cfg
file instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great idea! Yes, it works
requirements.txt
Outdated
@@ -1,90 +1,85 @@ | |||
Sphinx==1.6.5 | |||
alabaster==0.7.10 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the changes this file breaks the separation that previously existed, can you follow these two steps in order to retain that?
# Installing the top-level dependencies, upgrading them if necessary
pip install –r requirements-top-level.txt --upgrade
# Updating requirements.txt
pip freeze –r requirements-top-level.txt > requirements.txt
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The main issue I foresee with this is that dev requirements are lost with this workflow
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ryandeivert how's that? developers just pip install requirements.txt
as normal
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah sorry I didn't realize the dev/test requirements were also in the normal requirements file. we should definitely move away from that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jacknagz, that is exactly what I did, with the exception that I didn't order the requirements with the -r
flag to pip freeze
. So it was just the requirements order that changed (the files have the same meaning and contents).
I've put the order back, thanks for listing the command!
@ryandeivert good catch! Yep, I forgot to add |
👍 |
to: @jacknagz or @ryandeivert
cc: @airbnb/streamalert-maintainers
size: small
Background
Bandit is a Python scanner which checks for common security issues in Python source code. I've already successfully added Bandit to BinaryAlert, and now we add to StreamAlert.
Changes
Fortunately, Bandit did not flag any security issues! No code changes were necessary
bandit
to requirementsvirtualenv
from requirements (you don't need to installvirtualenv
, you are already in a venv when installing requirements)Testing