diff options
author | Martin Jansa <Martin.Jansa@gmail.com> | 2021-03-21 09:40:16 +0100 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2021-03-21 09:40:16 +0100 |
commit | 317a1769d8c54009ce0076ec03a270aff196f047 (patch) | |
tree | 53a781d13223dc05a1d9ce17ca5cf7fd43c386e4 /classes | |
parent | 5f4db648e00cf1c41e0999d3b184a02cde225143 (diff) | |
download | meta-python2-317a1769d8c54009ce0076ec03a270aff196f047.tar.gz |
bandit.bbclass: drop
* the identical bbclass is in meta-openembedded/meta-python layer, it depends
on python3-bandit-native and isn't inherited by default, anyone who wants to
use it can add meta-python layer
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'classes')
-rw-r--r-- | classes/bandit.bbclass | 63 |
1 files changed, 0 insertions, 63 deletions
diff --git a/classes/bandit.bbclass b/classes/bandit.bbclass deleted file mode 100644 index dc1041e..0000000 --- a/classes/bandit.bbclass +++ /dev/null @@ -1,63 +0,0 @@ -# Class to scan Python code for security issues, using Bandit. -# -# $ bitbake python-foo -c bandit -# -# Writes the report to $DEPLOY_DIR/bandit/python-foo.html. -# No output if no issues found, a warning if issues found. -# -# https://github.com/PyCQA/bandit - -# Default location of sources, based on standard distutils -BANDIT_SOURCE ?= "${S}/build" - -# The report format to use. -# https://bandit.readthedocs.io/en/latest/formatters/index.html -BANDIT_FORMAT ?= "html" - -# Whether a scan should be done every time the recipe is built. -# -# By default the scanning needs to be done explicitly, but by setting BANDIT_AUTO -# to 1 the scan will be done whenever the recipe it built. Note that you -# shouldn't set BANDIT_AUTO to 1 globally as it will then try to scan every -# recipe, including non-Python recipes, causing circular loops. -BANDIT_AUTO ?= "0" - -# Whether Bandit finding issues results in a warning (0) or an error (1). -BANDIT_FATAL ?= "0" - -do_bandit[depends] = "python3-bandit-native:do_populate_sysroot" -python do_bandit() { - import os, subprocess - try: - report = d.expand("${DEPLOY_DIR}/bandit/${PN}-${PV}.${BANDIT_FORMAT}") - os.makedirs(os.path.dirname(report), exist_ok=True) - - args = ("bandit", - "--format", d.getVar("BANDIT_FORMAT"), - "--output", report, - "-ll", - "--recursive", d.getVar("BANDIT_SOURCE")) - subprocess.check_output(args, stderr=subprocess.STDOUT) - bb.note("Bandit found no issues (report written to %s)" % report) - except subprocess.CalledProcessError as e: - if e.returncode == 1: - if oe.types.boolean(d.getVar("BANDIT_FATAL")): - bb.error("Bandit found issues (report written to %s)" % report) - else: - bb.warn("Bandit found issues (report written to %s)" % report) - else: - bb.error("Bandit failed:\n" + e.output.decode("utf-8")) -} - -python() { - before = "do_build" - after = "do_compile" - - if oe.types.boolean(d.getVar("BANDIT_AUTO")): - bb.build.addtask("do_bandit", before, after, d) - else: - bb.build.addtask("do_bandit", None, after, d) -} - -# TODO: store report in sstate -# TODO: a way to pass extra args or .bandit file, basically control -ll |