GitLab CI: check Python code with the Bandit security linter

1f9fc1a0 · intrigeri · 852480a0 · 1f9fc1a0 · 1f9fc1a0
Commit 1f9fc1a0 authored Nov 01, 2020 by intrigeri
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -8,6 +8,12 @@ variables:
  PYTHON_SCRIPTS: bin/dns-pool bin/email-addresses bin/geoip bin/stats
  SHELL_SCRIPTS: bin/validate-config

+bandit:
+  script:
+  - apt-get -qy install python3-bandit
+  - bandit --version
+  - bandit --configfile .bandit.yml --format txt $PYTHON_SCRIPTS
+
 flake8:
  script:
  - apt-get -qy install flake8

--- a/bin/stats
+++ b/bin/stats
@@ -25,6 +25,6 @@ if __name__ == "__main__":
          .format(count=len(mirrors) - count_with_email_address(mirrors)))
    print()
    print(" - GeoIP:")
-    geoip_output = subprocess.check_output('./bin/geoip',
+    geoip_output = subprocess.check_output('./bin/geoip',  # nosec
                                           universal_newlines=True)
    print("   " + "\n   ".join(geoip_output.split("\n")))