diff options
author | Omer Katz <omer.drow@gmail.com> | 2018-12-20 16:06:57 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-12-20 16:06:57 +0200 |
commit | c9a997e0959876393f506a5caf0fc05b5d9edd9e (patch) | |
tree | 57f4a78b4301e86570ab875c177431556cba35eb | |
parent | 2d9410d17be0a748ae390ea466672157fe373d5a (diff) | |
parent | 5d76d02f32b1cdb9af6b9806df907f3802ebb22b (diff) | |
download | oauthlib-add-metadata-doc.tar.gz |
Merge branch 'master' into add-metadata-docadd-metadata-doc
-rw-r--r-- | .travis.yml | 2 | ||||
-rw-r--r-- | bandit.json | 48 | ||||
-rw-r--r-- | docs/contributing.rst | 4 | ||||
-rw-r--r-- | requirements-test.txt | 3 | ||||
-rw-r--r-- | tox.ini | 11 |
5 files changed, 62 insertions, 6 deletions
diff --git a/.travis.yml b/.travis.yml index e304ce6..c7978d7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,6 +15,8 @@ matrix: env: TOXENV=py36 - python: 3.7 env: TOXENV=py37 + - python: 3.7 + env: TOXENV=bandit - python: pypy3.5 env: TOXENV=pypy3 install: diff --git a/bandit.json b/bandit.json new file mode 100644 index 0000000..02e15a8 --- /dev/null +++ b/bandit.json @@ -0,0 +1,48 @@ +{ + "errors": [], + "generated_at": "2018-12-13T10:39:37Z", + "results": [ + { + "code": "182 if request.body is not None and content_type_eligible:\n183 params.append(('oauth_body_hash', base64.b64encode(hashlib.sha1(request.body.encode('utf-8')).digest()).decode('utf-8')))\n184 \n", + "filename": "oauthlib/oauth1/rfc5849/__init__.py", + "issue_confidence": "HIGH", + "issue_severity": "MEDIUM", + "issue_text": "Use of insecure MD2, MD4, MD5, or SHA1 hash function.", + "line_number": 183, + "line_range": [ + 183 + ], + "more_info": "https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b303-md5", + "test_id": "B303", + "test_name": "blacklist" + }, + { + "code": "45 def __init__(self, endpoints, claims={}, raise_errors=True):\n46 assert isinstance(claims, dict)\n47 for endpoint in endpoints:\n", + "filename": "oauthlib/oauth2/rfc6749/endpoints/metadata.py", + "issue_confidence": "HIGH", + "issue_severity": "LOW", + "issue_text": "Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.", + "line_number": 46, + "line_range": [ + 46 + ], + "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html", + "test_id": "B101", + "test_name": "assert_used" + }, + { + "code": "47 for endpoint in endpoints:\n48 assert isinstance(endpoint, BaseEndpoint)\n49 \n", + "filename": "oauthlib/oauth2/rfc6749/endpoints/metadata.py", + "issue_confidence": "HIGH", + "issue_severity": "LOW", + "issue_text": "Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.", + "line_number": 48, + "line_range": [ + 48 + ], + "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html", + "test_id": "B101", + "test_name": "assert_used" + } + ] +} diff --git a/docs/contributing.rst b/docs/contributing.rst index 771262d..e101f70 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -144,7 +144,7 @@ the project root via: .. sourcecode:: bash - $ python -m unittest discover + $ py.test The first thing the core committers will do is run this command. Any pull request that fails this test suite will be **rejected**. @@ -301,7 +301,7 @@ First we pull the code into a local branch:: Then we run the tests:: - python -m unittest discover + py.test We finish with a non-fastforward merge (to preserve the branch history) and push to GitHub:: diff --git a/requirements-test.txt b/requirements-test.txt index c3e0a7b..64485a6 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,3 +1,4 @@ -r requirements.txt -coverage>=3.7.1 mock>=2.0 +pytest>=4.0 +pytest-cov>=2.6 @@ -1,12 +1,11 @@ [tox] -envlist = py27,py34,py35,py36,py37,pypy,pypy3,docs,readme +envlist = py27,py34,py35,py36,py37,pypy,pypy3,docs,readme,bandit [testenv] deps= -rrequirements-test.txt commands= - coverage run --source oauthlib -m unittest discover - coverage report + py.test --cov=oauthlib tests/ # tox -e docs to mimick readthedocs build. @@ -27,3 +26,9 @@ whitelist_externals=echo commands= python setup.py check -r -s echo setup.py/long description is syntaxly correct + +[testenv:bandit] +skipsdist=True +deps=bandit +commands=bandit -b bandit.json -r oauthlib/ +whitelist_externals=bandit |