[requirements] bandit bump to 1.6.0
Hello, FYI bandit 1.6.0 was released and changes the behavior of the '-x' option so that it now supports glob patterns. Many openstack projects will facing bandit issues due to these changes. Two possibilities exists: - pin your bandit version to < 1.6.0 - accept 1.6.0 and modify your bandit call by passing a patterns like this https://review.opendev.org/#/c/658319/1 We also need to update openstack/requirements ( https://review.opendev.org/#/c/658767/) I think the better approach is to use 1.6.0 now and to fix the bandit command to avoid issues in the future, and avoid undesired reviews on this topic. Regards -- Hervé Beraud Senior Software Engineer Red Hat - Openstack Oslo irc: hberaud -----BEGIN PGP SIGNATURE----- wsFcBAABCAAQBQJb4AwCCRAHwXRBNkGNegAALSkQAHrotwCiL3VMwDR0vcja10Q+ Kf31yCutl5bAlS7tOKpPQ9XN4oC0ZSThyNNFVrg8ail0SczHXsC4rOrsPblgGRN+ RQLoCm2eO1AkB0ubCYLaq0XqSaO+Uk81QxAPkyPCEGT6SRxXr2lhADK0T86kBnMP F8RvGolu3EFjlqCVgeOZaR51PqwUlEhZXZuuNKrWZXg/oRiY4811GmnvzmUhgK5G 5+f8mUg74hfjDbR2VhjTeaLKp0PhskjOIKY3vqHXofLuaqFDD+WrAy/NgDGvN22g glGfj472T3xyHnUzM8ILgAGSghfzZF5Skj2qEeci9cB6K3Hm3osj+PbvfsXE/7Kw m/xtm+FjnaywZEv54uCmVIzQsRIm1qJscu20Qw6Q0UiPpDFqD7O6tWSRKdX11UTZ hwVQTMh9AKQDBEh2W9nnFi9kzSSNu4OQ1dRMcYHWfd9BEkccezxHwUM4Xyov5Fe0 qnbfzTB1tYkjU78loMWFaLa00ftSxP/DtQ//iYVyfVNfcCwfDszXLOqlkvGmY1/Y F1ON0ONekDZkGJsDoS6QdiUSn8RZ2mHArGEWMV00EV5DCIbCXRvywXV43ckx8Z+3 B8qUJhBqJ8RS2F+vTs3DTaXqcktgJ4UkhYC2c1gImcPRyGrK9VY0sCT+1iA+wp/O v6rDpkeNksZ9fFSyoY2o =ECSj -----END PGP SIGNATURE-----
Alreaady discussed here => http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006116.html Sorry Le lun. 13 mai 2019 à 13:47, Herve Beraud <hberaud@redhat.com> a écrit :
Hello,
FYI bandit 1.6.0 was released and changes the behavior of the '-x' option so that it now supports glob patterns.
Many openstack projects will facing bandit issues due to these changes.
Two possibilities exists: - pin your bandit version to < 1.6.0 - accept 1.6.0 and modify your bandit call by passing a patterns like this https://review.opendev.org/#/c/658319/1
We also need to update openstack/requirements ( https://review.opendev.org/#/c/658767/)
I think the better approach is to use 1.6.0 now and to fix the bandit command to avoid issues in the future, and avoid undesired reviews on this topic.
Regards
-- Hervé Beraud Senior Software Engineer Red Hat - Openstack Oslo irc: hberaud -----BEGIN PGP SIGNATURE-----
wsFcBAABCAAQBQJb4AwCCRAHwXRBNkGNegAALSkQAHrotwCiL3VMwDR0vcja10Q+ Kf31yCutl5bAlS7tOKpPQ9XN4oC0ZSThyNNFVrg8ail0SczHXsC4rOrsPblgGRN+ RQLoCm2eO1AkB0ubCYLaq0XqSaO+Uk81QxAPkyPCEGT6SRxXr2lhADK0T86kBnMP F8RvGolu3EFjlqCVgeOZaR51PqwUlEhZXZuuNKrWZXg/oRiY4811GmnvzmUhgK5G 5+f8mUg74hfjDbR2VhjTeaLKp0PhskjOIKY3vqHXofLuaqFDD+WrAy/NgDGvN22g glGfj472T3xyHnUzM8ILgAGSghfzZF5Skj2qEeci9cB6K3Hm3osj+PbvfsXE/7Kw m/xtm+FjnaywZEv54uCmVIzQsRIm1qJscu20Qw6Q0UiPpDFqD7O6tWSRKdX11UTZ hwVQTMh9AKQDBEh2W9nnFi9kzSSNu4OQ1dRMcYHWfd9BEkccezxHwUM4Xyov5Fe0 qnbfzTB1tYkjU78loMWFaLa00ftSxP/DtQ//iYVyfVNfcCwfDszXLOqlkvGmY1/Y F1ON0ONekDZkGJsDoS6QdiUSn8RZ2mHArGEWMV00EV5DCIbCXRvywXV43ckx8Z+3 B8qUJhBqJ8RS2F+vTs3DTaXqcktgJ4UkhYC2c1gImcPRyGrK9VY0sCT+1iA+wp/O v6rDpkeNksZ9fFSyoY2o =ECSj -----END PGP SIGNATURE-----
-- Hervé Beraud Senior Software Engineer Red Hat - Openstack Oslo irc: hberaud -----BEGIN PGP SIGNATURE----- wsFcBAABCAAQBQJb4AwCCRAHwXRBNkGNegAALSkQAHrotwCiL3VMwDR0vcja10Q+ Kf31yCutl5bAlS7tOKpPQ9XN4oC0ZSThyNNFVrg8ail0SczHXsC4rOrsPblgGRN+ RQLoCm2eO1AkB0ubCYLaq0XqSaO+Uk81QxAPkyPCEGT6SRxXr2lhADK0T86kBnMP F8RvGolu3EFjlqCVgeOZaR51PqwUlEhZXZuuNKrWZXg/oRiY4811GmnvzmUhgK5G 5+f8mUg74hfjDbR2VhjTeaLKp0PhskjOIKY3vqHXofLuaqFDD+WrAy/NgDGvN22g glGfj472T3xyHnUzM8ILgAGSghfzZF5Skj2qEeci9cB6K3Hm3osj+PbvfsXE/7Kw m/xtm+FjnaywZEv54uCmVIzQsRIm1qJscu20Qw6Q0UiPpDFqD7O6tWSRKdX11UTZ hwVQTMh9AKQDBEh2W9nnFi9kzSSNu4OQ1dRMcYHWfd9BEkccezxHwUM4Xyov5Fe0 qnbfzTB1tYkjU78loMWFaLa00ftSxP/DtQ//iYVyfVNfcCwfDszXLOqlkvGmY1/Y F1ON0ONekDZkGJsDoS6QdiUSn8RZ2mHArGEWMV00EV5DCIbCXRvywXV43ckx8Z+3 B8qUJhBqJ8RS2F+vTs3DTaXqcktgJ4UkhYC2c1gImcPRyGrK9VY0sCT+1iA+wp/O v6rDpkeNksZ9fFSyoY2o =ECSj -----END PGP SIGNATURE-----
On 19-05-13 13:50:11, Herve Beraud wrote:
Alreaady discussed here => http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006116.html
Sorry
Le lun. 13 mai 2019 à 13:47, Herve Beraud <hberaud@redhat.com> a écrit :
Hello,
FYI bandit 1.6.0 was released and changes the behavior of the '-x' option so that it now supports glob patterns.
Many openstack projects will facing bandit issues due to these changes.
Two possibilities exists: - pin your bandit version to < 1.6.0 - accept 1.6.0 and modify your bandit call by passing a patterns like this https://review.opendev.org/#/c/658319/1
We also need to update openstack/requirements ( https://review.opendev.org/#/c/658767/)
I think the better approach is to use 1.6.0 now and to fix the bandit command to avoid issues in the future, and avoid undesired reviews on this topic.
I'm pasting the projects I found using the option, hopefully it helps. I do agree that moving now would be better, caps are always a bad thing. | ara | tox.ini | 31 | bandit -r ara -x ara/tests --skip B303 | | armada | tox.ini | 77 | bandit -r armada -x armada/tests -n 5 | | armada | tox.ini | 82 | bandit -r armada -x armada/tests -n 5 | | barbican | tox.ini | 53 | bandit -r barbican -x tests -n5 | | barbican | tox.ini | 175 | commands = bandit -r barbican -x tests -n5 | | castellan | tox.ini | 25 | bandit -r castellan -x tests -s B105,B106,B107,B607 | | castellan | tox.ini | 38 | bandit -r castellan -x tests -s B105,B106,B107,B607 | | cinder | tox.ini | 160 | commands = bandit -r cinder -n5 -x tests -ll | | cliff | tox.ini | 31 | bandit -c bandit.yaml -r cliff -x tests -n5 | | cloudkitty | tox.ini | 33 | commands = bandit -r cloudkitty -n5 -x tests -ll | | deckhand | tox.ini | 90 | commands = bandit -r deckhand -x deckhand/tests -n 5 | | deckhand | tox.ini | 111 | bandit -r deckhand -x deckhand/tests -n 5 | | designate | tox.ini | 91 | commands = bandit -r designate -n5 -x tests -t \ | | heat | tox.ini | 47 | bandit -r heat -x tests --skip B101,B104,B107,B110,B310,B311,B404,B410,B504,B506,B603,B607 | | heat | tox.ini | 112 | commands = bandit -r heat -x tests --skip B101,B104,B107,B110,B310,B311,B404,B410,B504,B506,B603,B607 | | horizon | tox.ini | 168 | commands = bandit -r horizon openstack_auth openstack_dashboard -n5 -x tests -ll | | keystone | tox.ini | 40 | bandit -r keystone -x tests | | keystone | tox.ini | 49 | commands = bandit -r keystone -x tests | | keystoneauth | tox.ini | 26 | bandit -r keystoneauth1 -x tests -s B110,B410 | | keystoneauth | tox.ini | 32 | commands = bandit -r keystoneauth1 -x tests -s B110,B410 | | keystonemiddleware | tox.ini | 21 | bandit -r keystonemiddleware -x tests -n5 | | keystonemiddleware | tox.ini | 27 | commands = bandit -r keystonemiddleware -x tests -n5 | | magnum | tox.ini | 114 | bandit -r magnum -x tests -n5 -ll | | magnum | tox.ini | 130 | commands = bandit -r magnum -x tests -n5 -ll | | monasca-agent | tox.ini | 61 | bandit -r monasca_agent -n5 -s B101,B602,B603,B301,B303,B311,B403,B404,B405,B310,B320,B410,B411,B501,B504,B605,B607,B608 -x {toxinidir}/tests | | monasca-api | tox.ini | 53 | bandit -r monasca_api -n5 -s B101,B303 -x monasca_api/tests | | monasca-common | tox.ini | 72 | commands = bandit -r monasca_common -n5 -s B101 -x monasca_common/tests -x monasca_common/kafka_lib | | monasca-events-api | tox.ini | 67 | commands = bandit -r monasca_events_api -n5 -x monasca_events_api/tests | | monasca-log-api | tox.ini | 55 | bandit -r monasca_log_api -n5 -s B101 -x monasca_log_api/tests | | monasca-notification | tox.ini | 59 | bandit -r monasca_notification -n5 -x monasca_notification/tests | | monasca-persister | tox.ini | 89 | bandit -r monasca_persister -n5 -s B303 -x monasca_persister/tests | | monasca-statsd | tox.ini | 47 | commands = bandit -r monascastatsd -s B311 -n5 -x monascastatsd/tests | | murano | tox.ini | 36 | commands = bandit -c bandit.yaml -r murano -x tests -n 5 -ll | | networking-cisco | tox.ini | 105 | #commands = bandit -r networking_cisco -x apps/saf,tests,plugins/cisco/cpnr -n5 -f txt | | networking-midonet | tox.ini | 54 | commands = bandit -r midonet -x midonet/neutron/tests -n5 | | networking-odl | tox.ini | 124 | commands = bandit -r networking_odl -x tests -n5 -s B101 | | networking-omnipath | tox.ini | 143 | commands = bandit -r omnipath -x tests -n5 | | networking-ovn | tox.ini | 154 | commands = bandit -r networking_ovn -x networking_ovn/tests/* -n5 -s B104 | | neutron | tox.ini | 190 | commands = bandit -r neutron -x tests -n5 -s B104,B303,B311,B604 | | neutron-lib | tox.ini | 105 | commands = bandit -r neutron_lib -x tests -n5 -s B104,B303,B311 | | nova | tox.ini | 221 | commands = bandit -r nova -x tests -n 5 -ll | | novajoin | tox.ini | 45 | commands = bandit -r novajoin -n5 -x tests -ll -s B104 | | octavia | tox.ini | 72 | bandit -r octavia -ll -ii -x 'octavia/tests/*' | | octavia | tox.ini | 130 | commands = bandit -r octavia -ll -ii -x octavia/tests {posargs} | | octavia-lib | tox.ini | 28 | bandit -r octavia_lib -ll -ii -x octavia_lib/tests | | ooi | tox.ini | 37 | bandit -r ooi -x tests -s B110,B410 | | ooi | tox.ini | 42 | commands = bandit -r ooi -x tests -s B110,B410 | | oslo.cache | tox.ini | 32 | bandit -r oslo_cache -x tests -n5 | | oslo.concurrency | tox.ini | 26 | bandit -r oslo_concurrency -x tests -n5 --skip B311,B404,B603,B606 | | oslo.config | tox.ini | 38 | bandit -r oslo_config -x tests -n5 | | oslo.config | tox.ini | 64 | commands = bandit -r oslo_config -x tests -n5 | | oslo.context | tox.ini | 20 | bandit -r oslo_context -x tests -n5 | | oslo.db | tox.ini | 38 | bandit -r oslo_db -x tests -n5 --skip B105,B311 | | oslo.i18n | tox.ini | 23 | bandit -r oslo_i18n -x tests -n5 | | oslo.log | tox.ini | 25 | bandit -r oslo_log -x tests -n5 | | oslo.log | tox.ini | 53 | commands = bandit -r oslo_log -x tests -n5 | | oslo.messaging | tox.ini | 23 | bandit -r oslo_messaging -x tests -n5 | | oslo.messaging | tox.ini | 97 | commands = bandit -r oslo_messaging -x tests -n5 | | oslo.middleware | tox.ini | 22 | bandit -r oslo_middleware -x tests -n5 | | oslo.privsep | tox.ini | 25 | bandit -r oslo_privsep -x tests -n5 --skip B404,B603 | | oslo.service | tox.ini | 24 | bandit -r oslo_service -n5 -x tests | | oslo.service | tox.ini | 60 | commands = bandit -r oslo_service -n5 -x tests {posargs} | | oslo.utils | tox.ini | 21 | bandit -r oslo_utils -x tests -n5 | | oslo.utils | tox.ini | 41 | commands = bandit -r oslo_utils -x tests -n5 | | patrole | tox.ini | 29 | bandit -r patrole_tempest_plugin -x patrole_tempest_plugin/tests -n 5 | | placement | tox.ini | 141 | commands = bandit -r placement -x tests -n 5 -ll | | python-keystoneclient | tox.ini | 25 | bandit -r keystoneclient -x tests -n5 | | python-keystoneclient | tox.ini | 31 | commands = bandit -r keystoneclient -x tests -n5 | | python-magnumclient | tox.ini | 26 | commands = bandit -r magnumclient -x tests -n5 -ll | | python-magnumclient | tox.ini | 49 | bandit -r magnumclient -x tests -n5 -ll | | python-monascaclient | tox.ini | 61 | commands = bandit -r monascaclient -n5 -x {env:OS_TEST_PATH} | | python-neutronclient | tox.ini | 82 | commands = bandit -r neutronclient -x tests -n5 -s B303 | | python-novaclient | tox.ini | 29 | commands = bandit -r novaclient -n5 -x tests | | python-openstackclient | tox.ini | 30 | bandit -r openstackclient -x tests -s B105,B106,B107,B401,B404,B603,B606,B607,B110,B605,B101 | | python-openstackclient | tox.ini | 57 | bandit -r openstackclient -x tests -s B105,B106,B107,B401,B404,B603,B606,B607,B110,B605,B101 | | python-senlinclient | tox.ini | 23 | commands = bandit -r senlinclient -x tests -n5 -ll | | python-zunclient | tox.ini | 27 | commands = bandit -r zunclient -x tests -n5 -ll | | python-zunclient | tox.ini | 61 | bandit -r zunclient -x tests -n5 -ll | | renderspec | tox.ini | 26 | bandit -r -s B701 renderspec -x tests | | sahara | tox.ini | 46 | bandit -c bandit.yaml -r sahara -n5 -p sahara_default -x tests | | sahara | tox.ini | 118 | commands = bandit -c bandit.yaml -r sahara -n5 -p sahara_default -x tests | | senlin | tox.ini | 101 | commands = bandit -r senlin -x tests -s B101,B104,B110,B310,B311,B506 | | solum | tox.ini | 92 | commands = bandit -r solum -n5 -x tests -ll | | spyglass-plugin-xls | test-requirements.txt | 8 | bandit>=1.5.0 | | spyglass-plugin-xls | tox.ini | 37 | bandit -r spyglass-plugin-xls -n 5 | | spyglass-plugin-xls | tox.ini | 44 | commands = bandit -r spyglass-plugin-xls -n 5 | | stevedore | tox.ini | 32 | bandit -r stevedore -x tests -n5 | | tatu | tox.ini | 45 | commands = bandit -r tatu -n5 -x tests -ll -s B104 | | trove | tox.ini | 99 | commands = bandit -r trove -n5 -x tests | | valet | tox.ini | 59 | commands = bandit -r valet -x tests -n 5 -l | | watcher | tox.ini | 28 | bandit -r watcher -x watcher/tests/* -n5 -ll -s B320 | | watcher | tox.ini | 106 | commands = bandit -r watcher -x watcher/tests/* -n5 -ll -s B320 | | watcher-tempest-plugin | tox.ini | 20 | bandit -r watcher_tempest_plugin -x tests -n5 -ll -s B320 | | watcher-tempest-plugin | tox.ini | 56 | commands = bandit -r watcher_tempest_plugin -x tests -n5 -ll -s B320 | | zun | tox.ini | 35 | bandit -r zun -x tests -n5 -ll --skip B303,B604 | -- Matthew Thode
participants (2)
-
Herve Beraud
-
Matthew Thode