#332 Fix some flake8 and bandit issues
Merged 4 months ago by lucarval. Opened 5 months ago by cqi.

file modified
+3 -3

@@ -24,7 +24,7 @@ 

  

  import requests

  

- import lxml.etree

+ from defusedxml import ElementTree

I don't think this package is properly packaged internally.

  from freshmaker import log, conf

  

  

@@ -65,10 +65,10 @@ 

          r.raise_for_status()

  

          # Parse

-         root = lxml.etree.fromstring(r.text.encode('utf-8'))

+         root = ElementTree.fromstring(r.text.encode('utf-8'))

  

          # List the major xml elements

-         elements = root.getchildren()[0].getchildren()

+         elements = list(list(root)[0])

  

          # Extract the whiteboard string

          whiteboard = [e.text for e in elements if e.tag == 'status_whiteboard']

file modified
+2 -2

@@ -378,7 +378,7 @@ 

              return data

  

          try:

-             content_sets_yaml = yaml.load(content_sets_data)

+             content_sets_yaml = yaml.safe_load(content_sets_data)

          except Exception as err:

              log.exception(err)

              data["generate_pulp_repos"] = True

@@ -393,7 +393,7 @@ 

              data["generate_pulp_repos"] = True

              return data

  

-         container_yaml = yaml.load(container_data)

+         container_yaml = yaml.safe_load(container_data)

  

          if ("compose" not in container_yaml or

                  "pulp_repos" not in container_yaml["compose"] or

@@ -97,8 +97,10 @@ 

                  'Restore odcs compose id %s from Compose %s back to Event %s',

                  compose.odcs_compose_id, compose.id, event.id)

              connection.execute(

-                 'UPDATE events SET compose_id = {} WHERE id = {}'.format(

-                     compose.odcs_compose_id, event.id))

+                 'UPDATE events SET compose_id = :compose_id WHERE id = :event_id'

+                 .bindparams(

+                     compose_id=compose.odcs_compose_id,

+                     event_id=event.id))

  

          logger.info('Clear data from ArtifactBuildCompose')

          connection.execute('DELETE FROM artifact_build_composes')

file modified
+1

@@ -26,3 +26,4 @@ 

  tabulate

  lxml

  prometheus_client

+ defusedxml

file modified
+1 -1

@@ -101,7 +101,7 @@ 

          hub.config = {}

          hub.config['freshmakerconsumer'] = True

          hub.config['validate_signatures'] = False

-         consumer =  freshmaker.consumer.FreshmakerConsumer(hub)

+         consumer = freshmaker.consumer.FreshmakerConsumer(hub)

          consumer.incoming = queue.Queue()

          return consumer

  

file modified
-1

@@ -18,7 +18,6 @@ 

  # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

  # SOFTWARE.

  

- import fedmsg.config

  import mock

  import unittest

  

@@ -20,15 +20,12 @@ 

  #

  # Written by Chenxiong Qi <cqi@redhat.com>

  

- import fedmsg.config

- 

  from mock import patch

- from mock import MagicMock, PropertyMock

+ from mock import PropertyMock

  

  import freshmaker

  

  from freshmaker import models

- from freshmaker.consumer import FreshmakerConsumer

  from freshmaker.types import ArtifactType

  from freshmaker.config import any_

  from tests import get_fedmsg, helpers

file modified
-2

@@ -19,10 +19,8 @@ 

  # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

  # SOFTWARE.

  

- import fedmsg.config

  import mock

  import freshmaker

- from six.moves import queue

  

  from freshmaker import app, db, events, models, login_manager

  from tests import helpers

file modified
+1 -4

@@ -22,11 +22,9 @@ 

  # Written by Chenxiong Qi <cqi@redhat.com>

  #            Jan kaluza <jkaluza@redhat.com>

  

- import fedmsg

  import six

- from six.moves import queue

  

- from mock import patch, Mock, MagicMock

+ from mock import patch, Mock

  from odcs.client.odcs import AuthMech

  

  from freshmaker import conf, db

@@ -34,7 +32,6 @@ 

  from freshmaker.odcsclient import create_odcs_client

  from freshmaker.types import ArtifactBuildState, EventState, ArtifactType

  from freshmaker.handlers import ContainerBuildHandler

- from freshmaker.consumer import FreshmakerConsumer

  from tests import helpers

  

  

file modified
-2

@@ -23,12 +23,10 @@ 

  # Written by Jan Kaluza <jkaluza@redhat.com>

  

  import koji

- import fedmsg.config

  

  from mock import patch, MagicMock

  from six.moves import queue

  

- import freshmaker

  from freshmaker import db

  from freshmaker.events import ErrataAdvisoryRPMsSignedEvent

  from freshmaker.models import ArtifactBuild, Event

file modified
+5 -2

@@ -28,7 +28,10 @@ 

  skip_install = true

  deps = bandit

  commands =

-     /bin/bash -c "bandit -r -ll $(find . -mindepth 1 -maxdepth 1 ! -name tests ! -name \.\* -type d -o -name \*.py)"

+     ; 0.0.0.0 is set in BaseConfiguration, which is ok for local dev and it

+     ; will be replace with a specific host IP when deploy to a server. So, it

+     ; works to ignore B104.

+     /bin/bash -c "bandit -r -s B104 -ll $(find . -mindepth 1 -maxdepth 1 ! -name tests ! -name \.\* -type d -o -name \*.py)"

  ignore_outcome = True

  

  [flake8]

@@ -46,4 +49,4 @@ 

       .tox

       .env

       tests/*

-      /usr/* 

\ No newline at end of file

+      /usr/*

no initial comment

2 new commits added

  • Fix issues reported by bandit
  • Fix flake8 errors
5 months ago

I don't think this package is properly packaged internally.

I don't think this package is properly packaged internally.

There is version 0.5.0 package built in internal. ODCS requires defusedxml as well. You could find out those packages in page /packageinfo?packageID=42520 in Brew. I'm not sure if the required python-defusedxml by odcs is that el7 one, but we can rebuild it for eng-rhel-7 or just tag that build.

:+1:

We now use fedora 28 based container images anyways. So this shouldn't be a problem.

@cqi, this has merge conflicts now.

@cqi, the flake8 errors are preventing the release from proceeding :( could you take a moment to resolve the merge conflicts?

rebased onto 7575862

4 months ago

Pretty please pagure-ci rebuild

These tests pass locally, merging it.

Pull-Request has been merged by lucarval

4 months ago