Minor tweaks to prevent issues at runtime, and simplify security targ…

…ets to scan.
mintel · Jul 1, 2020 · 0a6d001 · 0a6d001
1 parent 428a9a7
commit 0a6d001
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 17 deletions.
diff --git a/modules/python/Makefile b/modules/python/Makefile
@@ -2,9 +2,6 @@ PYTHON := $(shell which python 2>/dev/null)
 
 PYTHON_TARGETS_FIND_FLAGS=-name "*.py" -not -path "*/.venv/*" -not -path "*/$(BUILD_HARNESS_VENV_NAME)/*" -not -path "*/.tox/*" -not -path "*/.egg*" -not -path "*/frontend/*" -not -path "*/dist/*" -not -path "*/build/*"
 
-PYTHON_LINT_TARGETS?=$(shell find . $(PYTHON_TARGETS_FIND_FLAGS))
-PYTHON_SECURITY_TARGETS?=$(shell find . $(PYTHON_TARGETS_FIND_FLAGS) -not -path "*/tests/*")
-
 
 .PHONY: python/check
 python/check: ; $(call assert-set,PYTHON) && echo "Found python: $(PYTHON)"

diff --git a/modules/python/Makefile.security b/modules/python/Makefile.security
@@ -1,25 +1,27 @@
 BANDIT=$(call which, bandit)
 BANDIT_FLAGS=-ll -ii
 
+PYTHON_SECURITY_TARGETS?=$(shell find . $(PYTHON_TARGETS_FIND_FLAGS) -not -path "*/tests/*")
 
-.PHONY: python/security/targets
-python/security/targets:
+
+.PHONY: python/scan/targets
+python/scan/targets:
 	@VAR=( $(PYTHON_SECURITY_TARGETS) ); echo "Discovered $${#VAR[@]} files:"
 	@echo "$$(echo $(PYTHON_SECURITY_TARGETS) | tr ' ' '\n')"
 
-.PHONY: python/security/announce/%
-python/security/announce/%:
-		@VAR=( $(PYTHON_SECURITY_TARGETS) ); echo "Checking $${#VAR[@]} files with $*..."
-
+.PHONY: python/scan/announce/%
+python/scan/announce/%:
+		@VAR=( $(PYTHON_SECURITY_TARGETS) ); echo "Scanning $${#VAR[@]} files with $*..."
 
-.PHONY: python/security/bandit
-python/security/bandit: bh/venv
+.PHONY: python/bandit
+## Scan python files for security vulnerabilities with bandit
+python/bandit: bh/venv
 	$(call assert-set,BANDIT)
-	@$(MAKE) python/security/announce/bandit
+	@$(MAKE) python/scan/announce/bandit
 	@$(BANDIT) $(PYTHON_SECURITY_TARGETS) $(BANDIT_FLAGS)
 
-.PHONY: python/security
-python/security: python/security/targets python/security/bandit
-
 .PHONY: python/scan
-python/scan: python/security
+## Scan python files for security vulnerabilities
+python/scan: bh/venv
+	@$(MAKE) python/scan/targets python/bandit
+	@echo "Done."
diff --git a/modules/python/Makefile.style b/modules/python/Makefile.style
@@ -13,6 +13,8 @@ FLAKE8_FLAGS:=--select=B,C,E,F,W,T4,B9 --ignore=E203,E231,E266,E501,W503 --outpu
 # W503: https://github.com/psf/black/pull/36
 # E501: Let black handle line length
 
+PYTHON_LINT_TARGETS?=$(shell find . $(PYTHON_TARGETS_FIND_FLAGS))
+
 .PHONY: python/lint/targets
 python/lint/targets:
 	@VAR=( $(PYTHON_LINT_TARGETS) ); echo "Discovered $${#VAR[@]} files:"
@@ -76,4 +78,5 @@ python/flake8: bh/venv
 
 .PHONY: python/fmt
 ## Format python files
-python/fmt: python/isort python/black python/autoflake
+python/fmt: bh/venv
+	@$(MAKE) python/isort python/black python/autoflake