From 33889e26a1affa352cb11179ab0854f1f822a1f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Tue, 29 Mar 2022 13:41:51 +0200 Subject: [PATCH 1/4] add flake8 ignores: assert and subprocess MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- .flake8 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.flake8 b/.flake8 index 16298f4..71cd3a0 100644 --- a/.flake8 +++ b/.flake8 @@ -51,6 +51,11 @@ extend-ignore = D205, D400, D401, + DUO116, # use of "shell=True" is insecure in "subprocess" module + S101, # Use of assert detected + S404, # Consider possible security implications associated with subprocess module + S602, # subprocess call with shell=True identified + S603, # subprocess call # Allow certain violations in certain files: per-file-ignores = From c767c1a5f7b62c0382e8574d222ff56f743782c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Tue, 29 Mar 2022 13:45:31 +0200 Subject: [PATCH 2/4] fix flake8/bandit S607/B607 Test for starting a process with a partial path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- tests/test_vagrant.py | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/tests/test_vagrant.py b/tests/test_vagrant.py index 3c66215..01266c6 100644 --- a/tests/test_vagrant.py +++ b/tests/test_vagrant.py @@ -30,6 +30,9 @@ import vagrant from vagrant import compat +# location of Vagrant executable +VAGRANT_EXE = vagrant.get_vagrant_executable() + # location of a test file on the created box by provisioning in vm_Vagrantfile TEST_FILE_PATH = "/home/vagrant/python_vagrant_test_file" # location of Vagrantfiles used for testing. @@ -51,7 +54,6 @@ TEST_BOX_URL = "generic/alpine315" TEST_BOX_NAME = TEST_BOX_URL TEST_PROVIDER = "virtualbox" -# temp dir for testing. @pytest.fixture(name="test_dir", scope="session") @@ -70,14 +72,14 @@ def fixture_test_dir() -> Generator[str, None, None]: sys.stderr.write("test temp dir: {}\n".format(my_dir)) boxes = list_box_names() if TEST_BOX_NAME not in boxes: - cmd = f"vagrant box add --provider {TEST_PROVIDER} {TEST_BOX_URL}" + cmd = f"{VAGRANT_EXE} box add --provider {TEST_PROVIDER} {TEST_BOX_URL}" subprocess.check_call(cmd, shell=True) yield my_dir # Removes the directory created initially, runs once after the last test sys.stderr.write("module teardown()\n") if my_dir is not None: - subprocess.check_call("vagrant destroy -f", cwd=TD, shell=True) + subprocess.check_call(f"{VAGRANT_EXE} destroy -f", cwd=my_dir, shell=True) shutil.rmtree(my_dir) @@ -88,7 +90,9 @@ def list_box_names(): even if the `Vagrant.box_list()` implementation is broken. """ listing = compat.decode( - subprocess.check_output("vagrant box list --machine-readable", shell=True) + subprocess.check_output( + f"{VAGRANT_EXE} box list --machine-readable", shell=True + ) ) box_names = [] for line in listing.splitlines(): @@ -121,7 +125,7 @@ def fixture_vm_dir(request: FixtureRequest, test_dir) -> Generator[str, None, No # It is not an error if a VM has already been destroyed. try: # Try to destroy any vagrant box that might be running. - subprocess.check_call("vagrant destroy -f", cwd=test_dir, shell=True) + subprocess.check_call(f"{VAGRANT_EXE} destroy -f", cwd=test_dir, shell=True) except subprocess.CalledProcessError: pass finally: @@ -238,19 +242,19 @@ def test_vm_status(vm_dir): assert ( v.NOT_CREATED == v.status()[0].state ), "Before going up status should be vagrant.NOT_CREATED" - command = "vagrant up" + command = f"{VAGRANT_EXE} up" subprocess.check_call(command, cwd=vm_dir, shell=True) assert ( v.RUNNING in v.status()[0].state ), "After going up status should be vagrant.RUNNING" - command = "vagrant halt" + command = f"{VAGRANT_EXE} halt" subprocess.check_call(command, cwd=vm_dir, shell=True) assert ( v.POWEROFF in v.status()[0].state ), "After halting status should be vagrant.POWEROFF" - command = "vagrant destroy -f" + command = f"{VAGRANT_EXE} destroy -f" subprocess.check_call(command, cwd=vm_dir, shell=True) assert ( v.NOT_CREATED in v.status()[0].state @@ -289,7 +293,7 @@ def test_vm_config(vm_dir): """ v = vagrant.Vagrant(vm_dir) v.up() - command = "vagrant ssh-config" + command = f"{VAGRANT_EXE} ssh-config" ssh_config = compat.decode(subprocess.check_output(command, cwd=vm_dir, shell=True)) parsed_config = dict( line.strip().split(None, 1) @@ -444,7 +448,7 @@ def test_boxesvm(test_dir): # Start fresh with no dummy box if box_name in list_box_names(): - subprocess.check_call(["vagrant", "box", "remove", box_name]) + subprocess.check_call([f"{VAGRANT_EXE}", "box", "remove", box_name]) # Test that there is no dummy box listed assert box_name not in [ @@ -529,7 +533,7 @@ def test_multivm_config(vm_dir): """ v = vagrant.Vagrant(vm_dir, quiet_stdout=False, quiet_stderr=False) v.up(vm_name=VM_1) - command = "vagrant ssh-config " + VM_1 + command = f"{VAGRANT_EXE} ssh-config " + VM_1 ssh_config = compat.decode(subprocess.check_output(command, cwd=vm_dir, shell=True)) parsed_config = dict( line.strip().split(None, 1) @@ -641,13 +645,11 @@ def _execute_command_in_vm(v, command): Run command via ssh on the test vagrant box. Returns a tuple of the return code and output of the command. """ - vagrant_exe = vagrant.get_vagrant_executable() - - if not vagrant_exe: + if not VAGRANT_EXE: raise RuntimeError(vagrant.VAGRANT_NOT_FOUND_WARNING) # ignore the fact that this host is not in our known hosts - ssh_command = [vagrant_exe, "ssh", "-c", command] + ssh_command = [VAGRANT_EXE, "ssh", "-c", command] return compat.decode(subprocess.check_output(ssh_command, cwd=v.root)) From 20fc6d05c43989d1e5fcf4ba79691e696076bffa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Tue, 29 Mar 2022 14:52:36 +0200 Subject: [PATCH 3/4] remove unnecessary VAGRANT_EXE check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- tests/test_vagrant.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/test_vagrant.py b/tests/test_vagrant.py index 01266c6..ded4fc0 100644 --- a/tests/test_vagrant.py +++ b/tests/test_vagrant.py @@ -645,9 +645,6 @@ def _execute_command_in_vm(v, command): Run command via ssh on the test vagrant box. Returns a tuple of the return code and output of the command. """ - if not VAGRANT_EXE: - raise RuntimeError(vagrant.VAGRANT_NOT_FOUND_WARNING) - # ignore the fact that this host is not in our known hosts ssh_command = [VAGRANT_EXE, "ssh", "-c", command] return compat.decode(subprocess.check_output(ssh_command, cwd=v.root)) From a36a22dcf7b3e51dbc6c324f65f5aeddeac1e77e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Wed, 30 Mar 2022 11:36:05 +0200 Subject: [PATCH 4/4] remove DUO116 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- .flake8 | 1 - 1 file changed, 1 deletion(-) diff --git a/.flake8 b/.flake8 index 71cd3a0..8884218 100644 --- a/.flake8 +++ b/.flake8 @@ -51,7 +51,6 @@ extend-ignore = D205, D400, D401, - DUO116, # use of "shell=True" is insecure in "subprocess" module S101, # Use of assert detected S404, # Consider possible security implications associated with subprocess module S602, # subprocess call with shell=True identified