UNCLASSIFIED - NO CUI

Skip to content

Address Pylama and Shellcheck findings

Pylama and Shellcheck both report findings on our pipeline code. These should be resolved so we can no longer allow these jobs to fail. This will enforce the linting rules on new code by preventing MRs of bad code to Development or Master.

Shellcheck example findings

stages/build/build-run.sh:61:3: note: Double quote to prevent globbing and word splitting. [SC2086]
stages/build/build-run.sh:63:3: note: Double quote to prevent globbing and word splitting. [SC2086]
stages/documentation/documentation.sh:5:8: warning: Can't follow non-constant source. Use a directive to specify location. [SC1090]
stages/s3/upload-to-s3-run.sh:21:8: warning: Can't follow non-constant source. Use a directive to specify location. [SC1090]
stages/s3/upload-to-s3-run.sh:49:13: warning: For loops over find output are fragile. Use find -exec or a while read loop. [SC2044]
stages/s3/upload-to-s3-run.sh:54:13: warning: For loops over find output are fragile. Use find -exec or a while read loop. [SC2044]
stages/vat/vat-run.sh:13:9: warning: vat_db_database_name is referenced but not assigned. [SC2154]
stages/vat/vat-run.sh:14:11: warning: vat_db_connection_user is referenced but not assigned. [SC2154]
stages/vat/vat-run.sh:15:11: warning: vat_db_host is referenced but not assigned. [SC2154]
stages/vat/vat-run.sh:21:15: warning: vat_db_connection_pass is referenced but not assigned. [SC2154]
# Scanning embedded scripts...
# ./.gitlab-ci.yml
-:7:47: note: Double quote to prevent globbing and word splitting. [SC2086]
-:13:13: warning: For loops over find output are fragile. Use find -exec or a while read loop. [SC2044]
# ./stages/lint/base.yaml
-:2:53: warning: The surrounding quotes actually unquote this. Remove or escape them. [SC2027]
-:2:53: note: Double quote to prevent globbing and word splitting. [SC2086]
-:2:98: warning: The surrounding quotes actually unquote this. Remove or escape them. [SC2027]
-:2:98: note: Double quote to prevent globbing and word splitting. [SC2086]
# ./stages/scanning/twistlock/twistlock.yaml
-:4:14: warning: twistlock_server_address is referenced but not assigned. [SC2154]
-:7:15: warning: twistlock_user is referenced but not assigned. [SC2154]
-:8:15: warning: twistlock_password is referenced but not assigned. [SC2154]
-:12:14: warning: twistlock_timeout is referenced but not assigned. [SC2154]

Pylama example findings

scripts/analysis/dev_pipeline_run.py:3:220: W291 trailing whitespace [pycodestyle]
scripts/analysis/dev_pipeline_run.py:12:1: W0611 'sys' imported but unused [pyflakes]
scripts/analysis/dev_pipeline_run.py:25:1: W0612 local variable 'vat_diff' is assigned to but never used [pyflakes]
scripts/analysis/dev_pipeline_run.py:32:1: W0612 local variable 'proj_name' is assigned to but never used [pyflakes]
scripts/analysis/dev_pipeline_run.py:33:1: W0612 local variable 'pipeline_job_id' is assigned to but never used [pyflakes]
scripts/analysis/vat_diff.py:8:1: W0611 'sys' imported but unused [pyflakes]
scripts/analysis/vat_diff.py:75:1: W0612 local variable 'file_name' is assigned to but never used [pyflakes]
scripts/analysis/vat_diff.py:85:29: E722 do not use bare 'except' [pycodestyle]
stages/check-cves/scanners/anchore.py:23:1: W0612 local variable 'image_tag' is assigned to but never used [pyflakes]
stages/import-artifacts/downloader.py:288:1: W0612 local variable 'e' is assigned to but never used [pyflakes]
stages/lint/registry_check.py:2:1: W0611 'sys' imported but unused [pyflakes]
stages/lint/registry_check.py:7:1: E0602 undefined name 'os' [pyflakes]
stages/lint/registry_check.py:23:1: E0602 undefined name 'path' [pyflakes]
stages/s3/create_repo_map_default.py:5:1: W0611 'shlex' imported but unused [pyflakes]
stages/s3/create_repo_map_default.py:6:1: W0611 'subprocess' imported but unused [pyflakes]
stages/s3/create_repo_map_default.py:11:1: W0404 redefinition of unused 'logging' from line 8 [pyflakes]
stages/s3/create_repo_map_default.py:28:1: W0612 local variable 'response' is assigned to but never used [pyflakes]
stages/s3/create_repo_map_default.py:62:1: W0612 local variable 'num_vals' is assigned to but never used [pyflakes]
stages/s3/create_repo_map_other.py:5:1: W0611 'shlex' imported but unused [pyflakes]
stages/s3/create_repo_map_other.py:6:1: W0611 'subprocess' imported but unused [pyflakes]
stages/s3/create_repo_map_other.py:11:1: W0404 redefinition of unused 'logging' from line 8 [pyflakes]
stages/s3/create_repo_map_other.py:28:1: W0612 local variable 'response' is assigned to but never used [pyflakes]
stages/s3/create_repo_map_other.py:62:1: W0612 local variable 'num_vals' is assigned to but never used [pyflakes]
stages/s3/s3_upload.py:5:1: W0611 'datetime' imported but unused [pyflakes]
stages/s3/s3_upload.py:7:1: W0404 redefinition of unused 'logging' from line 1 [pyflakes]
stages/s3/s3_upload.py:54:1: W0612 local variable 'response' is assigned to but never used [pyflakes]
stages/s3/s3_upload.py:55:1: W0612 local variable 'e' is assigned to but never used [pyflakes]
stages/scanning/openscap/compliance.py:91:5: E722 do not use bare 'except' [pycodestyle]
stages/vat-finding-compare/vat_findings.py:39:1: W0612 local variable 'api_cve_ids' is assigned to but never used [pyflakes]
stages/vat-finding-compare/vat_findings.py:44:1: W0612 local variable 'cve_missing' is assigned to but never used [pyflakes]
Edited by David Freeman

UNCLASSIFIED - NO CUI