Add bandit to CI

This commit is contained in:
Jens Langhammer 2018-12-09 17:44:54 +01:00
parent f4c5ba27cc
commit 10bb06cc7e
No known key found for this signature in database
GPG key ID: BEBC05297D92821B
4 changed files with 9 additions and 15 deletions

View file

@ -31,6 +31,10 @@ coverage:
- coverage run manage.py test
- coverage report
stage: test
bandit:
script:
- bandit -r passbook
stage: test
# package-3.5:
# before_script:

View file

@ -19,7 +19,7 @@ class BaseOAuthClient:
_session = None
def __init__(self, source, token=''):
def __init__(self, source, token=''): # nosec
self.source = source
self.token = token
self._session = Session()
@ -238,7 +238,7 @@ class OAuth2Client(BaseOAuthClient):
return 'oauth-client-{0}-request-state'.format(self.source.name)
def get_client(source, token=''):
def get_client(source, token=''): # nosec
"Return the API client for the given source."
cls = OAuth2Client
if source.request_token_url:

View file

@ -152,18 +152,7 @@ class OAuthCallback(OAuthClientMixin, View):
# pylint: disable=unused-argument
def get_or_create_user(self, source, access, info):
"Create a shell auth.User."
digest = hashlib.sha1(smart_bytes(access)).digest()
# Base 64 encode to get below 30 characters
# Removed padding characters
username = force_text(base64.urlsafe_b64encode(digest)).replace('=', '')
# pylint: disable=invalid-name
User = get_user_model() # noqa
kwargs = {
User.USERNAME_FIELD: username,
'email': '',
'password': None
}
return User.objects.create_user(**kwargs)
raise NotImplementedError()
# pylint: disable=unused-argument
def get_user_id(self, source, info):

View file

@ -9,4 +9,5 @@ django-debug-toolbar
pycodestyle<2.4.0,>=2.0.0
bumpversion
unittest-xml-reporting
autopep8
autopep8
bandit