diff options
| author | Diego Russo <diego.russo@arm.com> | 2022-07-29 22:16:46 +0100 |
|---|---|---|
| committer | Diego Russo <diego.russo@arm.com> | 2022-08-03 12:30:25 +0100 |
| commit | 35e42b1d223066e475a6588ec9b5ee37cb2c52b9 (patch) | |
| tree | 8c2caf1588406851bdb517b43ea888a8255174fa /src/mlia/tools/metadata/corstone.py | |
| parent | 5d81f37de09efe10f90512e50252be9c36925fcf (diff) | |
| download | mlia-35e42b1d223066e475a6588ec9b5ee37cb2c52b9.tar.gz | |
MLIA-389 Enable bandit check in pre-commit
Add bandit to pre-commit and fix some bandit errors.
We use the default security level (low) with few exceptions:
* B101 assert_use: apart of tests, we use assert in our codebase
hence we globally ignore error B101.
* B404/B603: these are errors related to subprocesse and they are
being ignored locally when used.
* B604 Test for any function with shell equals true: we have disabled
this locally because of its safe use in the tests.
Change-Id: If654e5e92285f7c86ac210a6f1373dbab6be17c9
Diffstat (limited to 'src/mlia/tools/metadata/corstone.py')
| -rw-r--r-- | src/mlia/tools/metadata/corstone.py | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/src/mlia/tools/metadata/corstone.py b/src/mlia/tools/metadata/corstone.py index 6a3c1c8..023369c 100644 --- a/src/mlia/tools/metadata/corstone.py +++ b/src/mlia/tools/metadata/corstone.py @@ -1,9 +1,14 @@ # SPDX-FileCopyrightText: Copyright 2022, Arm Limited and/or its affiliates. # SPDX-License-Identifier: Apache-2.0 -"""Module for Corstone based FVPs.""" +"""Module for Corstone based FVPs. + +The import of subprocess module raises a B404 bandit error. MLIA usage of +subprocess is needed and can be considered safe hence disabling the security +check. +""" import logging import platform -import subprocess +import subprocess # nosec import tarfile from dataclasses import dataclass from pathlib import Path @@ -25,6 +30,7 @@ from mlia.utils.filesystem import get_mlia_resources from mlia.utils.filesystem import temp_directory from mlia.utils.filesystem import working_directory + logger = logging.getLogger(__name__) @@ -296,7 +302,11 @@ class Corstone300Installer: "--i-agree-to-the-contained-eula", ] - subprocess.check_call(fvp_install_cmd) + # The following line raises a B603 error for bandit. In this + # specific case, the input is pretty much static and cannot be + # changed byt the user hence disabling the security check for + # this instance + subprocess.check_call(fvp_install_cmd) # nosec except subprocess.CalledProcessError as err: raise Exception( "Error occurred during Corstone-300 installation" |