On 19-05-13 13:50:11, Herve Beraud wrote:
Alreaady discussed here => http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006116.html
Sorry
Le lun. 13 mai 2019 à 13:47, Herve Beraud <hberaud@redhat.com> a écrit :
Hello,
FYI bandit 1.6.0 was released and changes the behavior of the '-x' option so that it now supports glob patterns.
Many openstack projects will facing bandit issues due to these changes.
Two possibilities exists: - pin your bandit version to < 1.6.0 - accept 1.6.0 and modify your bandit call by passing a patterns like this https://review.opendev.org/#/c/658319/1
We also need to update openstack/requirements ( https://review.opendev.org/#/c/658767/)
I think the better approach is to use 1.6.0 now and to fix the bandit command to avoid issues in the future, and avoid undesired reviews on this topic.
I'm pasting the projects I found using the option, hopefully it helps. I do agree that moving now would be better, caps are always a bad thing. | ara | tox.ini | 31 | bandit -r ara -x ara/tests --skip B303 | | armada | tox.ini | 77 | bandit -r armada -x armada/tests -n 5 | | armada | tox.ini | 82 | bandit -r armada -x armada/tests -n 5 | | barbican | tox.ini | 53 | bandit -r barbican -x tests -n5 | | barbican | tox.ini | 175 | commands = bandit -r barbican -x tests -n5 | | castellan | tox.ini | 25 | bandit -r castellan -x tests -s B105,B106,B107,B607 | | castellan | tox.ini | 38 | bandit -r castellan -x tests -s B105,B106,B107,B607 | | cinder | tox.ini | 160 | commands = bandit -r cinder -n5 -x tests -ll | | cliff | tox.ini | 31 | bandit -c bandit.yaml -r cliff -x tests -n5 | | cloudkitty | tox.ini | 33 | commands = bandit -r cloudkitty -n5 -x tests -ll | | deckhand | tox.ini | 90 | commands = bandit -r deckhand -x deckhand/tests -n 5 | | deckhand | tox.ini | 111 | bandit -r deckhand -x deckhand/tests -n 5 | | designate | tox.ini | 91 | commands = bandit -r designate -n5 -x tests -t \ | | heat | tox.ini | 47 | bandit -r heat -x tests --skip B101,B104,B107,B110,B310,B311,B404,B410,B504,B506,B603,B607 | | heat | tox.ini | 112 | commands = bandit -r heat -x tests --skip B101,B104,B107,B110,B310,B311,B404,B410,B504,B506,B603,B607 | | horizon | tox.ini | 168 | commands = bandit -r horizon openstack_auth openstack_dashboard -n5 -x tests -ll | | keystone | tox.ini | 40 | bandit -r keystone -x tests | | keystone | tox.ini | 49 | commands = bandit -r keystone -x tests | | keystoneauth | tox.ini | 26 | bandit -r keystoneauth1 -x tests -s B110,B410 | | keystoneauth | tox.ini | 32 | commands = bandit -r keystoneauth1 -x tests -s B110,B410 | | keystonemiddleware | tox.ini | 21 | bandit -r keystonemiddleware -x tests -n5 | | keystonemiddleware | tox.ini | 27 | commands = bandit -r keystonemiddleware -x tests -n5 | | magnum | tox.ini | 114 | bandit -r magnum -x tests -n5 -ll | | magnum | tox.ini | 130 | commands = bandit -r magnum -x tests -n5 -ll | | monasca-agent | tox.ini | 61 | bandit -r monasca_agent -n5 -s B101,B602,B603,B301,B303,B311,B403,B404,B405,B310,B320,B410,B411,B501,B504,B605,B607,B608 -x {toxinidir}/tests | | monasca-api | tox.ini | 53 | bandit -r monasca_api -n5 -s B101,B303 -x monasca_api/tests | | monasca-common | tox.ini | 72 | commands = bandit -r monasca_common -n5 -s B101 -x monasca_common/tests -x monasca_common/kafka_lib | | monasca-events-api | tox.ini | 67 | commands = bandit -r monasca_events_api -n5 -x monasca_events_api/tests | | monasca-log-api | tox.ini | 55 | bandit -r monasca_log_api -n5 -s B101 -x monasca_log_api/tests | | monasca-notification | tox.ini | 59 | bandit -r monasca_notification -n5 -x monasca_notification/tests | | monasca-persister | tox.ini | 89 | bandit -r monasca_persister -n5 -s B303 -x monasca_persister/tests | | monasca-statsd | tox.ini | 47 | commands = bandit -r monascastatsd -s B311 -n5 -x monascastatsd/tests | | murano | tox.ini | 36 | commands = bandit -c bandit.yaml -r murano -x tests -n 5 -ll | | networking-cisco | tox.ini | 105 | #commands = bandit -r networking_cisco -x apps/saf,tests,plugins/cisco/cpnr -n5 -f txt | | networking-midonet | tox.ini | 54 | commands = bandit -r midonet -x midonet/neutron/tests -n5 | | networking-odl | tox.ini | 124 | commands = bandit -r networking_odl -x tests -n5 -s B101 | | networking-omnipath | tox.ini | 143 | commands = bandit -r omnipath -x tests -n5 | | networking-ovn | tox.ini | 154 | commands = bandit -r networking_ovn -x networking_ovn/tests/* -n5 -s B104 | | neutron | tox.ini | 190 | commands = bandit -r neutron -x tests -n5 -s B104,B303,B311,B604 | | neutron-lib | tox.ini | 105 | commands = bandit -r neutron_lib -x tests -n5 -s B104,B303,B311 | | nova | tox.ini | 221 | commands = bandit -r nova -x tests -n 5 -ll | | novajoin | tox.ini | 45 | commands = bandit -r novajoin -n5 -x tests -ll -s B104 | | octavia | tox.ini | 72 | bandit -r octavia -ll -ii -x 'octavia/tests/*' | | octavia | tox.ini | 130 | commands = bandit -r octavia -ll -ii -x octavia/tests {posargs} | | octavia-lib | tox.ini | 28 | bandit -r octavia_lib -ll -ii -x octavia_lib/tests | | ooi | tox.ini | 37 | bandit -r ooi -x tests -s B110,B410 | | ooi | tox.ini | 42 | commands = bandit -r ooi -x tests -s B110,B410 | | oslo.cache | tox.ini | 32 | bandit -r oslo_cache -x tests -n5 | | oslo.concurrency | tox.ini | 26 | bandit -r oslo_concurrency -x tests -n5 --skip B311,B404,B603,B606 | | oslo.config | tox.ini | 38 | bandit -r oslo_config -x tests -n5 | | oslo.config | tox.ini | 64 | commands = bandit -r oslo_config -x tests -n5 | | oslo.context | tox.ini | 20 | bandit -r oslo_context -x tests -n5 | | oslo.db | tox.ini | 38 | bandit -r oslo_db -x tests -n5 --skip B105,B311 | | oslo.i18n | tox.ini | 23 | bandit -r oslo_i18n -x tests -n5 | | oslo.log | tox.ini | 25 | bandit -r oslo_log -x tests -n5 | | oslo.log | tox.ini | 53 | commands = bandit -r oslo_log -x tests -n5 | | oslo.messaging | tox.ini | 23 | bandit -r oslo_messaging -x tests -n5 | | oslo.messaging | tox.ini | 97 | commands = bandit -r oslo_messaging -x tests -n5 | | oslo.middleware | tox.ini | 22 | bandit -r oslo_middleware -x tests -n5 | | oslo.privsep | tox.ini | 25 | bandit -r oslo_privsep -x tests -n5 --skip B404,B603 | | oslo.service | tox.ini | 24 | bandit -r oslo_service -n5 -x tests | | oslo.service | tox.ini | 60 | commands = bandit -r oslo_service -n5 -x tests {posargs} | | oslo.utils | tox.ini | 21 | bandit -r oslo_utils -x tests -n5 | | oslo.utils | tox.ini | 41 | commands = bandit -r oslo_utils -x tests -n5 | | patrole | tox.ini | 29 | bandit -r patrole_tempest_plugin -x patrole_tempest_plugin/tests -n 5 | | placement | tox.ini | 141 | commands = bandit -r placement -x tests -n 5 -ll | | python-keystoneclient | tox.ini | 25 | bandit -r keystoneclient -x tests -n5 | | python-keystoneclient | tox.ini | 31 | commands = bandit -r keystoneclient -x tests -n5 | | python-magnumclient | tox.ini | 26 | commands = bandit -r magnumclient -x tests -n5 -ll | | python-magnumclient | tox.ini | 49 | bandit -r magnumclient -x tests -n5 -ll | | python-monascaclient | tox.ini | 61 | commands = bandit -r monascaclient -n5 -x {env:OS_TEST_PATH} | | python-neutronclient | tox.ini | 82 | commands = bandit -r neutronclient -x tests -n5 -s B303 | | python-novaclient | tox.ini | 29 | commands = bandit -r novaclient -n5 -x tests | | python-openstackclient | tox.ini | 30 | bandit -r openstackclient -x tests -s B105,B106,B107,B401,B404,B603,B606,B607,B110,B605,B101 | | python-openstackclient | tox.ini | 57 | bandit -r openstackclient -x tests -s B105,B106,B107,B401,B404,B603,B606,B607,B110,B605,B101 | | python-senlinclient | tox.ini | 23 | commands = bandit -r senlinclient -x tests -n5 -ll | | python-zunclient | tox.ini | 27 | commands = bandit -r zunclient -x tests -n5 -ll | | python-zunclient | tox.ini | 61 | bandit -r zunclient -x tests -n5 -ll | | renderspec | tox.ini | 26 | bandit -r -s B701 renderspec -x tests | | sahara | tox.ini | 46 | bandit -c bandit.yaml -r sahara -n5 -p sahara_default -x tests | | sahara | tox.ini | 118 | commands = bandit -c bandit.yaml -r sahara -n5 -p sahara_default -x tests | | senlin | tox.ini | 101 | commands = bandit -r senlin -x tests -s B101,B104,B110,B310,B311,B506 | | solum | tox.ini | 92 | commands = bandit -r solum -n5 -x tests -ll | | spyglass-plugin-xls | test-requirements.txt | 8 | bandit>=1.5.0 | | spyglass-plugin-xls | tox.ini | 37 | bandit -r spyglass-plugin-xls -n 5 | | spyglass-plugin-xls | tox.ini | 44 | commands = bandit -r spyglass-plugin-xls -n 5 | | stevedore | tox.ini | 32 | bandit -r stevedore -x tests -n5 | | tatu | tox.ini | 45 | commands = bandit -r tatu -n5 -x tests -ll -s B104 | | trove | tox.ini | 99 | commands = bandit -r trove -n5 -x tests | | valet | tox.ini | 59 | commands = bandit -r valet -x tests -n 5 -l | | watcher | tox.ini | 28 | bandit -r watcher -x watcher/tests/* -n5 -ll -s B320 | | watcher | tox.ini | 106 | commands = bandit -r watcher -x watcher/tests/* -n5 -ll -s B320 | | watcher-tempest-plugin | tox.ini | 20 | bandit -r watcher_tempest_plugin -x tests -n5 -ll -s B320 | | watcher-tempest-plugin | tox.ini | 56 | commands = bandit -r watcher_tempest_plugin -x tests -n5 -ll -s B320 | | zun | tox.ini | 35 | bandit -r zun -x tests -n5 -ll --skip B303,B604 | -- Matthew Thode