From 0cb91126be820f3dea43129fa945318b4f90c494 Mon Sep 17 00:00:00 2001
From: linuxdaemon <linuxdaemon@snoonet.org>
Date: Mon, 11 Mar 2019 01:02:06 -0500
Subject: [PATCH] Add default analysis configs from codefator

https://github.com/codefactor-io/default-configs
---
 .bandit          |  91 ++++++++++++++++++++++++++++++++++++
 .shellcheck.yaml | 119 +++++++++++++++++++++++++++++++++++++++++++++++
 .yamllint        |  25 ++++++++++
 3 files changed, 235 insertions(+)
 create mode 100644 .bandit
 create mode 100644 .shellcheck.yaml
 create mode 100644 .yamllint

diff --git a/.bandit b/.bandit
new file mode 100644
index 000000000..138b039a6
--- /dev/null
+++ b/.bandit
@@ -0,0 +1,91 @@
+### This config may optionally select a subset of tests to run or skip by
+### filling out the 'tests' and 'skips' lists given below. If no tests are
+### specified for inclusion then it is assumed all tests are desired. The skips
+### set will remove specific tests from the include set. This can be controlled
+### using the -t/-s CLI options. Note that the same test ID should not appear
+### in both 'tests' and 'skips', this would be nonsensical and is detected by
+### Bandit at runtime.
+
+# (optional) list included test IDs here, eg '[B101, B406]':
+tests:
+
+# (optional) list skipped test IDs here, eg '[B101, B406]':
+skips: [B101, B102, B401, B402, B403, B404, B405, B406, B407, B408, B409, B410, B413, B414, B307, B311, B507, B603, B610, B611, B703]
+
+### (optional) plugin settings - some test plugins require configuration data
+### that may be given here, per-plugin. All bandit test plugins have a built in
+### set of sensible defaults and these will be used if no configuration is
+### provided. It is not necessary to provide settings for every (or any) plugin
+### if the defaults are acceptable.
+
+any_other_function_with_shell_equals_true:
+  no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
+    os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
+    os.spawnvp, os.spawnvpe, os.startfile]
+  shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
+    popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
+  subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
+    utils.execute, utils.execute_with_timeout]
+execute_with_run_as_root_equals_true:
+  function_names: [ceilometer.utils.execute, cinder.utils.execute, neutron.agent.linux.utils.execute,
+    nova.utils.execute, nova.utils.trycmd]
+hardcoded_tmp_directory:
+  tmp_dirs: [/tmp, /var/tmp, /dev/shm]
+linux_commands_wildcard_injection:
+  no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
+    os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
+    os.spawnvp, os.spawnvpe, os.startfile]
+  shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
+    popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
+  subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
+    utils.execute, utils.execute_with_timeout]
+password_config_option_not_marked_secret:
+  function_names: [oslo.config.cfg.StrOpt, oslo_config.cfg.StrOpt]
+ssl_with_bad_defaults:
+  bad_protocol_versions: [PROTOCOL_SSLv2, SSLv2_METHOD, SSLv23_METHOD, PROTOCOL_SSLv3,
+    PROTOCOL_TLSv1, SSLv3_METHOD, TLSv1_METHOD]
+ssl_with_bad_version:
+  bad_protocol_versions: [PROTOCOL_SSLv2, SSLv2_METHOD, SSLv23_METHOD, PROTOCOL_SSLv3,
+    PROTOCOL_TLSv1, SSLv3_METHOD, TLSv1_METHOD]
+start_process_with_a_shell:
+  no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
+    os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
+    os.spawnvp, os.spawnvpe, os.startfile]
+  shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
+    popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
+  subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
+    utils.execute, utils.execute_with_timeout]
+start_process_with_no_shell:
+  no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
+    os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
+    os.spawnvp, os.spawnvpe, os.startfile]
+  shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
+    popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
+  subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
+    utils.execute, utils.execute_with_timeout]
+start_process_with_partial_path:
+  no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
+    os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
+    os.spawnvp, os.spawnvpe, os.startfile]
+  shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
+    popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
+  subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
+    utils.execute, utils.execute_with_timeout]
+subprocess_popen_with_shell_equals_true:
+  no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
+    os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
+    os.spawnvp, os.spawnvpe, os.startfile]
+  shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
+    popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
+  subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
+    utils.execute, utils.execute_with_timeout]
+subprocess_without_shell_equals_true:
+  no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
+    os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
+    os.spawnvp, os.spawnvpe, os.startfile]
+  shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
+    popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
+  subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
+    utils.execute, utils.execute_with_timeout]
+try_except_continue: {check_typed_exception: false}
+try_except_pass: {check_typed_exception: false}
\ No newline at end of file
diff --git a/.shellcheck.yaml b/.shellcheck.yaml
new file mode 100644
index 000000000..523221d35
--- /dev/null
+++ b/.shellcheck.yaml
@@ -0,0 +1,119 @@
+ignored:
+  - SC2140
+  - SC2086
+  - SC2046
+  - SC2015
+  - SC1097
+  - SC1035
+  - SC1036
+  - SC1007
+  - SC2154
+  - SC2155
+  - SC2000
+  - SC2034
+  - SC2016
+  - SC1091
+  - SC1090
+  - SC2212
+  - SC2143
+  - SC2129
+  - SC2102
+  - SC2069
+  - SC1041
+  - SC1042
+  - SC1044
+  - SC1046
+  - SC1119
+  - SC1110
+  - SC1111
+  - SC1112
+  - SC1102
+  - SC1105
+  - SC1101
+  - SC1004
+  - SC1003
+  - SC1012
+  - SC2068
+  - SC2065
+  - SC2064
+  - SC2063
+  - SC2059
+  - SC2053
+  - SC2048
+  - SC2044
+  - SC2032
+  - SC2031
+  - SC2030
+  - SC2029
+  - SC2025
+  - SC2024
+  - SC2022
+  - SC2018
+  - SC2019
+  - SC2017
+  - SC2014
+  - SC2013
+  - SC2012
+  - SC2009
+  - SC2001
+  - SC2098
+  - SC2096
+  - SC2094
+  - SC2091
+  - SC2092
+  - SC2088
+  - SC2087
+  - SC2076
+  - SC2072
+  - SC2071
+  - SC2223
+  - SC2221
+  - SC2222
+  - SC2217
+  - SC2207
+  - SC2206
+  - SC2205
+  - SC2190
+  - SC2188
+  - SC2187
+  - SC2185
+  - SC2179
+  - SC2178
+  - SC2174
+  - SC2168
+  - SC2167
+  - SC2163
+  - SC2161
+  - SC2160
+  - SC2153
+  - SC2150
+  - SC2148
+  - SC2147
+  - SC2146
+  - SC2142
+  - SC2139
+  - SC2126
+  - SC2123
+  - SC2120
+  - SC2119
+  - SC2117
+  - SC2114
+  - SC1117
+  - SC2164
+  - SC1083
+  - SC2004
+  - SC2125
+  - SC2128
+  - SC2011
+  - SC1008
+  - SC1019
+  - SC2093
+  - SC1132
+  - SC1129
+  - SC2236
+  - SC2237
+  - SC2231
+  - SC2230
+  - SC2229
+  - SC2106
+  - SC2102
\ No newline at end of file
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 000000000..e15e9d971
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,25 @@
+---
+rules:
+  braces: disable
+  brackets: disable
+  colons: disable
+  commas: disable
+  comments: disable
+  comments-indentation: disable
+  document-end: disable
+  document-start: disable
+  empty-lines: disable
+  empty-values: disable
+  hyphens: disable
+  indentation: disable
+  key-duplicates:
+    level: warning
+  key-ordering: disable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines: disable
+  octal-values: disable
+  trailing-spaces:
+    level: warning
+  truthy: disable
+  quoted-strings: disable