From 69fbebbd1c58e803cfe86bc8d1c2d6a82df0b8b8 Mon Sep 17 00:00:00 2001 From: Marcus Young Date: Fri, 10 Jul 2020 08:37:34 -0500 Subject: [PATCH] Refactor all tests --- .github/workflows/deploy.yml | 21 ++++++++++++-------- .github/workflows/release.yml | 23 +++++++++++++++------- .github/workflows/sast.yml | 35 ++++++++++++++++++++++++++++++++- .github/workflows/tests.yml | 34 ++++---------------------------- SECURITY.md | 23 ++++++++++++++++++++++ requirements-dev.txt | 37 ++++++++++++++++++++++++++++++++--- requirements.txt | 1 + tox.ini | 1 - 8 files changed, 125 insertions(+), 50 deletions(-) create mode 100644 SECURITY.md diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index fa0416c..a1139c3 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -14,20 +14,25 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v2 - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - - name: Setup python uses: actions/setup-python@v1 with: python-version: ${{ matrix.python-version }} architecture: x64 + - name: Get short Python version + id: full-python-version + shell: bash + run: echo ::set-output name=version::$(python -c "import sys; print(f'py{sys.version_info.major}{sys.version_info.minor}')") - name: install pre-reqs - run: sudo apt-get update && sudo apt-get install libbluetooth-dev python3-venv && pip install poetry tox-gh-actions && pip install -r requirements.txt && pip install -r requirements-dev.txt - - name: set pythonpath - run: echo "::set-env name=PYTHONPATH::$(pwd)" - - name: tests - run: poetry run tox + run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry pre-commit + - name: lint + run: pre-commit run --all-files + - name: Configure poetry + run: poetry config virtualenvs.in-project true + - name: Install dependencies + run: poetry install + - name: Run tox + run: poetry run tox -e ${{ steps.full-python-version.outputs.version }} latest_deploy: runs-on: ubuntu-latest needs: [test] diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 790ac9a..624c2a2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,14 +18,23 @@ jobs: with: python-version: ${{ matrix.python-version }} architecture: x64 + - name: Get short Python version + id: full-python-version + shell: bash + run: echo ::set-output name=version::$(python -c "import sys; print(f'py{sys.version_info.major}{sys.version_info.minor}')") - name: install pre-reqs - run: sudo apt-get update && sudo apt-get install libbluetooth-dev python3-venv && pip install poetry tox-gh-actions && pip install -r requirements.txt && pip install -r requirements-dev.txt - - name: set pythonpath - run: echo "::set-env name=PYTHONPATH::$(pwd)" - - name: tests - run: poetry run tox + run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry pre-commit + - name: lint + run: pre-commit run --all-files + - name: Configure poetry + run: poetry config virtualenvs.in-project true + - name: Install dependencies + run: poetry install + - name: Run tox + run: poetry run tox -e ${{ steps.full-python-version.outputs.version }} create-release: name: Create Release + needs: [test] runs-on: ubuntu-latest steps: - name: Checkout code @@ -42,7 +51,7 @@ jobs: prerelease: false upload_to_pypi: runs-on: ubuntu-latest - needs: [test] + needs: [create-release] steps: - name: Copy Repo Files uses: actions/checkout@v2 @@ -62,7 +71,7 @@ jobs: TWINE_PASSWORD : ${{ secrets.TWINE_PASSWORD }} ubuntu_tag_deploy: runs-on: ubuntu-latest - needs: [test] + needs: [create-release] steps: - name: Copy Repo Files uses: actions/checkout@v2 diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml index fb1fba7..f7ef52c 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/sast.yml @@ -1,4 +1,4 @@ -name: "Code scanning - action" +name: "Security" on: push: @@ -21,3 +21,36 @@ jobs: uses: github/codeql-action/autobuild@v1 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1 + clair: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Prep clair + run: docker-compose -f docker-compose-clair.yml up -d + - name: Download Clair-Scanner + run: curl -Ls https://github.com/arminc/clair-scanner/releases/download/v12/clair-scanner_linux_amd64 -o clair-scanner && chmod +x clair-scanner + - name: Build + run: docker build -t myoung34/tilty:latest . + - name: Test + run: ./clair-scanner --ip $(ip -f inet addr show eth0 | grep -Po 'inet \K[\d.]+') myoung34/tilty:latest + bandit: + runs-on: ubuntu-latest + strategy: + matrix: + python-version: [ '3.6', '3.7', '3.8' ] + steps: + - name: Checkout repository + uses: actions/checkout@v2 + - name: Setup python + uses: actions/setup-python@v1 + with: + python-version: ${{ matrix.python-version }} + architecture: x64 + - name: install pre-reqs + run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry pre-commit + - name: Configure poetry + run: poetry config virtualenvs.in-project true + - name: Install dependencies + run: poetry install + - name: Run bandit + run: poetry run bandit . diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a7f6ce3..5e432bb 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -7,22 +7,6 @@ on: - 'refs/tags/*' jobs: - lint: - runs-on: ubuntu-latest - strategy: - matrix: - python-version: [ '3.6', '3.7', '3.8' ] - steps: - - uses: actions/checkout@v2 - - name: Setup python - uses: actions/setup-python@v1 - with: - python-version: ${{ matrix.python-version }} - architecture: x64 - - name: lint - run: | - pip install pre-commit - pre-commit run --all-files test: runs-on: ubuntu-latest strategy: @@ -39,9 +23,11 @@ jobs: - name: Get short Python version id: full-python-version shell: bash - run: echo ::set-output name=version::$(python -c "import sys; print('-'.join(str(v) for v in sys.version_info))"| sed 's/\([0-9]\)-\([0-9]\).*/py\1\2/g') + run: echo ::set-output name=version::$(python -c "import sys; print(f'py{sys.version_info.major}{sys.version_info.minor}')") - name: install pre-reqs - run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry + run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry pre-commit + - name: lint + run: pre-commit run --all-files - name: Configure poetry run: poetry config virtualenvs.in-project true - name: Install dependencies @@ -52,15 +38,3 @@ jobs: run: poetry run coveralls env: COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} - clair: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Prep clair - run: docker-compose -f docker-compose-clair.yml up -d - - name: Download Clair-Scanner - run: curl -Ls https://github.com/arminc/clair-scanner/releases/download/v12/clair-scanner_linux_amd64 -o clair-scanner && chmod +x clair-scanner - - name: Build - run: docker build -t myoung34/tilty:latest . - - name: Test - run: ./clair-scanner --ip $(ip -f inet addr show eth0 | grep -Po 'inet \K[\d.]+') myoung34/tilty:latest diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..39f791e --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,23 @@ +## Security + +If you believe you have found a security vulnerability, please report it to me as described below. + +## Reporting Security Issues + +**Please do not report security vulnerabilities through public GitHub issues.** Instead, please report them to me directly at [myoung34@my.apsu.edu](mailto:myoung34@my.apsu.edu). + +If you'd like to communicate securely, my keybase is [here](https://keybase.io/3vilpenguin) + +Please include the requested information listed below (as much as you can provide) to help better understand the nature and scope of the possible issue: + + * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) + * Full paths of source file(s) related to the manifestation of the issue + * The location of the affected source code (tag/branch/commit or direct URL) + * Any special configuration required to reproduce the issue + * Step-by-step instructions to reproduce the issue + * Proof-of-concept or exploit code (if possible) + * Impact of the issue, including how an attacker might exploit the issue + +## Preferred Languages + +I prefer all communications to be in English. diff --git a/requirements-dev.txt b/requirements-dev.txt index e5a4c6d..a7d8163 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,3 +1,4 @@ +Warning: The lock file is not up to date with the latest changes in pyproject.toml. You may be getting outdated dependencies. Run update to update them. appdirs==1.4.4 \ --hash=sha256:a841dacd6b99318a741b166adb07e19ee71a274450e68237b4650ca1055ab128 \ --hash=sha256:7d5d0167b2b1ba821647616af46a749d1c653740dd0d2415100fe26e27afdf41 @@ -10,6 +11,9 @@ atomicwrites==1.4.0; sys_platform == "win32" \ attrs==19.3.0 \ --hash=sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c \ --hash=sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72 +bandit==1.6.2 \ + --hash=sha256:336620e220cf2d3115877685e264477ff9d9abaeb0afe3dc7264f55fa17a3952 \ + --hash=sha256:41e75315853507aa145d62a78a2a6c5e3240fe14ee7c601459d0df9418196065 certifi==2020.6.20 \ --hash=sha256:8fc0819f1f30ba15bdb34cceffb9ef04d99f420f68eb75d901e9560b8749fc41 \ --hash=sha256:5930595817496dd21bb8dc35dad090f1c2cd0adfaf21204bf6732ca5d8ee34d3 @@ -77,6 +81,12 @@ filelock==3.0.12 \ flake8==3.8.3 \ --hash=sha256:15e351d19611c887e482fb960eae4d44845013cc142d42896e9862f775d8cf5c \ --hash=sha256:f04b9fcbac03b0a3e58c0ab3a0ecc462e023a9faf046d57794184028123aa208 +gitdb==4.0.5 \ + --hash=sha256:91f36bfb1ab7949b3b40e23736db18231bf7593edada2ba5c3a174a7b23657ac \ + --hash=sha256:c9e1f2d0db7ddb9a704c2a0217be31214e91a4fe1dea1efad19ae42ba0c285c9 +gitpython==3.1.3 \ + --hash=sha256:ef1d60b01b5ce0040ad3ec20bc64f783362d41fa0822a2742d3586e1f49bb8ac \ + --hash=sha256:e107af4d873daed64648b4f4beb89f89f0cfbe3ef558fc7821ed2331c2f8da1a idna==2.10 \ --hash=sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0 \ --hash=sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6 @@ -178,6 +188,9 @@ msgpack==0.6.1 \ packaging==20.4 \ --hash=sha256:998416ba6962ae7fbd6596850b80e17859a5753ba17c32284f67bfff33784181 \ --hash=sha256:4357f74f47b9c12db93624a82154e9b120fa8293699949152b22065d556079f8 +pbr==5.4.5 \ + --hash=sha256:579170e23f8e0c2f24b0de612f71f648eccb79fb1322c814ae6b3c07b5ba23e8 \ + --hash=sha256:07f558fece33b05caf857474a366dfcc00562bca13dd8b47b2b3e22d9f9bf55c pluggy==0.13.1 \ --hash=sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d \ --hash=sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0 @@ -215,12 +228,30 @@ python-dateutil==2.8.1 \ pytz==2020.1 \ --hash=sha256:a494d53b6d39c3c6e44c3bec237336e14305e4f29bbf800b599253057fbb79ed \ --hash=sha256:c35965d010ce31b23eeb663ed3cc8c906275d6be1a34393a1d73a41febf4a048 +pyyaml==5.3.1 \ + --hash=sha256:74809a57b329d6cc0fdccee6318f44b9b8649961fa73144a98735b0aaf029f1f \ + --hash=sha256:240097ff019d7c70a4922b6869d8a86407758333f02203e0fc6ff79c5dcede76 \ + --hash=sha256:4f4b913ca1a7319b33cfb1369e91e50354d6f07a135f3b901aca02aa95940bd2 \ + --hash=sha256:cc8955cfbfc7a115fa81d85284ee61147059a753344bc51098f3ccd69b0d7e0c \ + --hash=sha256:7739fc0fa8205b3ee8808aea45e968bc90082c10aef6ea95e855e10abf4a37b2 \ + --hash=sha256:69f00dca373f240f842b2931fb2c7e14ddbacd1397d57157a9b005a6a9942648 \ + --hash=sha256:d13155f591e6fcc1ec3b30685d50bf0711574e2c0dfffd7644babf8b5102ca1a \ + --hash=sha256:73f099454b799e05e5ab51423c7bcf361c58d3206fa7b0d555426b1f4d9a3eaf \ + --hash=sha256:06a0d7ba600ce0b2d2fe2e78453a470b5a6e000a985dd4a4e54e436cc36b0e97 \ + --hash=sha256:95f71d2af0ff4227885f7a6605c37fd53d3a106fcab511b8860ecca9fcf400ee \ + --hash=sha256:b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d requests==2.24.0 \ --hash=sha256:fe75cc94a9443b9246fc7049224f75604b113c36acb93f87b80ed42c44cbb898 \ --hash=sha256:b3559a131db72c33ee969480840fff4bb6dd111de7dd27c8ee1f820f4f00231b six==1.15.0 \ --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced \ --hash=sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259 +smmap==3.0.4 \ + --hash=sha256:54c44c197c819d5ef1991799a7e30b662d1e520f2ac75c9efbeb54a742214cf4 \ + --hash=sha256:9c98bbd1f9786d22f14b3d4126894d56befb835ec90cef151af566c7e19b5d24 +stevedore==2.0.1 \ + --hash=sha256:c4724f8d7b8f6be42130663855d01a9c2414d6046055b5a65ab58a0e38637688 \ + --hash=sha256:609912b87df5ad338ff8e44d13eaad4f4170a65b79ae9cb0aa5632598994a1b7 toml==0.10.1 \ --hash=sha256:bda89d5935c2eac546d648028b9901107a595863cb36bae0c73ac804a9b4ce88 \ --hash=sha256:926b612be1e5ce0634a2ca03470f95169cf16f939018233a670519cb4ac58b0f @@ -252,9 +283,9 @@ typed-ast==1.4.1; implementation_name == "cpython" and python_version < "3.8" \ urllib3==1.25.9 \ --hash=sha256:88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115 \ --hash=sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527 -virtualenv==20.0.25 \ - --hash=sha256:ffffcb3c78a671bb3d590ac3bc67c081ea2188befeeb058870cba13e7f82911b \ - --hash=sha256:f332ba0b2dfbac9f6b1da9f11224f0036b05cdb4df23b228527c2a2d5504aeed +virtualenv==20.0.26 \ + --hash=sha256:c11a475400e98450403c0364eb3a2d25d42f71cf1493da64390487b666de4324 \ + --hash=sha256:e10cc66f40cbda459720dfe1d334c4dc15add0d80f09108224f171006a97a172 wcwidth==0.2.5 \ --hash=sha256:beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784 \ --hash=sha256:c4d647b99872929fdb7bdcaa4fbe7f01413ed3d98077df798530e5b04f116c83 diff --git a/requirements.txt b/requirements.txt index 575f4df..9f76c6e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,4 @@ +Warning: The lock file is not up to date with the latest changes in pyproject.toml. You may be getting outdated dependencies. Run update to update them. certifi==2020.6.20 \ --hash=sha256:8fc0819f1f30ba15bdb34cceffb9ef04d99f420f68eb75d901e9560b8749fc41 \ --hash=sha256:5930595817496dd21bb8dc35dad090f1c2cd0adfaf21204bf6732ca5d8ee34d3 diff --git a/tox.ini b/tox.ini index 266fe17..3f3a3b8 100644 --- a/tox.ini +++ b/tox.ini @@ -10,7 +10,6 @@ commands = isort -c -rc tilty -sp {toxinidir} pylint --rcfile {toxinidir}/.pylintrc -r n tilty py.test --cov-config .coveragerc --cov tilty --cov-report term-missing --cov-report xml --junitxml junit.xml tests {posargs} - bandit . whitelist_externals = make bash pylint