aboutsummaryrefslogtreecommitdiffstats
path: root/classes
diff options
context:
space:
mode:
authorMartin Jansa <Martin.Jansa@gmail.com>2021-03-21 09:40:16 +0100
committerMartin Jansa <Martin.Jansa@gmail.com>2021-03-21 09:40:16 +0100
commit317a1769d8c54009ce0076ec03a270aff196f047 (patch)
tree53a781d13223dc05a1d9ce17ca5cf7fd43c386e4 /classes
parent5f4db648e00cf1c41e0999d3b184a02cde225143 (diff)
downloadmeta-python2-317a1769d8c54009ce0076ec03a270aff196f047.tar.gz
bandit.bbclass: drop
* the identical bbclass is in meta-openembedded/meta-python layer, it depends on python3-bandit-native and isn't inherited by default, anyone who wants to use it can add meta-python layer Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'classes')
-rw-r--r--classes/bandit.bbclass63
1 files changed, 0 insertions, 63 deletions
diff --git a/classes/bandit.bbclass b/classes/bandit.bbclass
deleted file mode 100644
index dc1041e..0000000
--- a/classes/bandit.bbclass
+++ /dev/null
@@ -1,63 +0,0 @@
-# Class to scan Python code for security issues, using Bandit.
-#
-# $ bitbake python-foo -c bandit
-#
-# Writes the report to $DEPLOY_DIR/bandit/python-foo.html.
-# No output if no issues found, a warning if issues found.
-#
-# https://github.com/PyCQA/bandit
-
-# Default location of sources, based on standard distutils
-BANDIT_SOURCE ?= "${S}/build"
-
-# The report format to use.
-# https://bandit.readthedocs.io/en/latest/formatters/index.html
-BANDIT_FORMAT ?= "html"
-
-# Whether a scan should be done every time the recipe is built.
-#
-# By default the scanning needs to be done explicitly, but by setting BANDIT_AUTO
-# to 1 the scan will be done whenever the recipe it built. Note that you
-# shouldn't set BANDIT_AUTO to 1 globally as it will then try to scan every
-# recipe, including non-Python recipes, causing circular loops.
-BANDIT_AUTO ?= "0"
-
-# Whether Bandit finding issues results in a warning (0) or an error (1).
-BANDIT_FATAL ?= "0"
-
-do_bandit[depends] = "python3-bandit-native:do_populate_sysroot"
-python do_bandit() {
- import os, subprocess
- try:
- report = d.expand("${DEPLOY_DIR}/bandit/${PN}-${PV}.${BANDIT_FORMAT}")
- os.makedirs(os.path.dirname(report), exist_ok=True)
-
- args = ("bandit",
- "--format", d.getVar("BANDIT_FORMAT"),
- "--output", report,
- "-ll",
- "--recursive", d.getVar("BANDIT_SOURCE"))
- subprocess.check_output(args, stderr=subprocess.STDOUT)
- bb.note("Bandit found no issues (report written to %s)" % report)
- except subprocess.CalledProcessError as e:
- if e.returncode == 1:
- if oe.types.boolean(d.getVar("BANDIT_FATAL")):
- bb.error("Bandit found issues (report written to %s)" % report)
- else:
- bb.warn("Bandit found issues (report written to %s)" % report)
- else:
- bb.error("Bandit failed:\n" + e.output.decode("utf-8"))
-}
-
-python() {
- before = "do_build"
- after = "do_compile"
-
- if oe.types.boolean(d.getVar("BANDIT_AUTO")):
- bb.build.addtask("do_bandit", before, after, d)
- else:
- bb.build.addtask("do_bandit", None, after, d)
-}
-
-# TODO: store report in sstate
-# TODO: a way to pass extra args or .bandit file, basically control -ll