added a simple way to verify osc code base with the python security scanner bandit

2024-09-19 16:56:17 +02:00 · 2015-04-08 10:02:10 +02:00 · 2015-04-08 10:02:10 +02:00 · 6368761b04
commit 6368761b04
parent 40f4a61cbc
1 changed files with 18 additions and 0 deletions
--- a/run_bandit.sh
+++ b/run_bandit.sh
@ -0,0 +1,18 @@
+#!/bin/bash
+
+# you can pass as argument "csv","json" or "txt" (default)
+if [ "$1" != "" ];then
+    OUTPUT=$1
+else
+    OUTPUT="txt"
+fi
+
+# check if bandit is installed
+command -v bandit >/dev/null 2>&1 || { echo "bandit should be installed. get the package from https://build.opensuse.org/package/show/home:vpereirabr/python-bandit.  Aborting." >&2; exit 1; }
+
+bandit -c /usr/etc/bandit/bandit.yaml -r osc -f $OUTPUT
+
+if [ "$OUTPUT" == "csv" ];then
+    cat bandit_results.csv
+    rm -f bandit_results.csv
+fi