From b395eb5bb6c79558202a3d414982a56fac7c9e1d Mon Sep 17 00:00:00 2001 From: "Lovett, Trevor" Date: Tue, 23 Jul 2019 18:09:09 -0500 Subject: [VVP] Adding bandit security scans and fixes Issue-ID: VVP-244 Change-Id: Ia782f4cc7bf5a379ff8cdcce96cd2e7235998345 Signed-off-by: Lovett, Trevor --- ice_validator/app_tests/test_app_config.py | 4 ++-- ice_validator/tests/cached_yaml.py | 3 +++ ice_validator/tests/conftest.py | 2 +- ice_validator/tests/test_initial_configuration.py | 4 ++-- ice_validator/vvp.py | 2 +- 5 files changed, 9 insertions(+), 6 deletions(-) (limited to 'ice_validator') diff --git a/ice_validator/app_tests/test_app_config.py b/ice_validator/app_tests/test_app_config.py index 223006f..a021b53 100644 --- a/ice_validator/app_tests/test_app_config.py +++ b/ice_validator/app_tests/test_app_config.py @@ -62,7 +62,7 @@ settings: # noinspection PyShadowingNames @pytest.fixture(scope="module") def config(): - return vvp.Config(yaml.load(StringIO(DEFAULT_CONFIG))) + return vvp.Config(yaml.safe_load(StringIO(DEFAULT_CONFIG))) def test_app_name(config): @@ -114,7 +114,7 @@ settings: def test_missing_category_fields(): - settings = yaml.load(StringIO(MISSING_CATEGORY_FIELD)) + settings = yaml.safe_load(StringIO(MISSING_CATEGORY_FIELD)) with pytest.raises(RuntimeError) as e: vvp.Config(settings) assert "Missing: name" in str(e) diff --git a/ice_validator/tests/cached_yaml.py b/ice_validator/tests/cached_yaml.py index 1b977a6..196d9b8 100644 --- a/ice_validator/tests/cached_yaml.py +++ b/ice_validator/tests/cached_yaml.py @@ -55,3 +55,6 @@ def load(fp): if abs_path not in YAML_CACHE: YAML_CACHE[abs_path] = yaml.safe_load(fp) return YAML_CACHE[abs_path] + + +safe_load = load diff --git a/ice_validator/tests/conftest.py b/ice_validator/tests/conftest.py index e3c21e6..5653cca 100644 --- a/ice_validator/tests/conftest.py +++ b/ice_validator/tests/conftest.py @@ -963,7 +963,7 @@ def hash_directory(path): :param path: string directory containing files :return: string MD5 hash code (hex) """ - md5 = hashlib.md5() + md5 = hashlib.md5() # nosec for dir_path, sub_dirs, filenames in os.walk(path): for filename in filenames: file_path = os.path.join(dir_path, filename) diff --git a/ice_validator/tests/test_initial_configuration.py b/ice_validator/tests/test_initial_configuration.py index f911ce9..654d75d 100644 --- a/ice_validator/tests/test_initial_configuration.py +++ b/ice_validator/tests/test_initial_configuration.py @@ -80,7 +80,7 @@ def test_02_no_duplicate_keys_in_file(yaml_file): try: with open(yaml_file) as fh: - normal_yaml.load(fh) + normal_yaml.safe_load(fh) except ConstructorError as e: pytest.fail("{} {}".format(e.problem, e.problem_mark)) @@ -93,7 +93,7 @@ def test_03_all_referenced_resources_exists(yaml_file): actually exists in all yaml files """ with open(yaml_file) as fh: - yml = yaml.load(fh) + yml = yaml.safe_load(fh) # skip if resources are not defined if "resources" not in yml: diff --git a/ice_validator/vvp.py b/ice_validator/vvp.py index 547a3b4..43baee0 100644 --- a/ice_validator/vvp.py +++ b/ice_validator/vvp.py @@ -367,7 +367,7 @@ class Config: self._config = config else: with open(self.DEFAULT_FILENAME, "r") as f: - self._config = yaml.load(f) + self._config = yaml.safe_load(f) self._user_settings = UserSettings( self._config["namespace"], self._config["owner"] ) -- cgit 1.2.3-korg