Migrate the legacy job to start using our bindep role from zuul-jobs.
This will allow openstack-infra to delete
slave_scripts/install-distro-packages.sh in the future.
Change-Id: I6b07be9b7912ff226991552b9be6dc9999416b56
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Bindep is a tool for checking the presence of binary packages needed
to use an application / library. It started life as a way to make it
easier to set up a development environment for OpenStack projects.
Change-Id: I1a6cfa255a6473febf0fb7b7d4f1bf8ca32d02c2
Depends-On: https://review.openstack.org/563717
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
In a recent commit [1], the names of the plugin doc files changed
to include the bandit ID as a prefix. Unfortunately, the doc_utils
wasn't updated at the time, so it still pointed to the previous
docs, thus resulting in 404 errors when browsing to the link.
This patch modifies doc_utils to properly prefix the bandit ID to
reference the doc for a particular plugin.
[1] https://review.openstack.org/#/c/540170/
Change-Id: Ia4b4c87e880ba39a677a84fc53943bc7a37849ef
Closes-Bug: #1761254
Create a tox environment for running the unit tests against the lower
bounds of the dependencies.
Create a lower-constraints.txt to be used to enforce the lower bounds
in those tests.
Add openstack-tox-lower-constraints job to the zuul configuration.
See http://lists.openstack.org/pipermail/openstack-dev/2018-March/128352.html
for more details.
Change-Id: Ifb4030c25ebc3342da15c8c903d8fd22fe743586
Depends-On: https://review.openstack.org/555034
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
This patch set fixes an issue where modules whose names begin with
string ``Crypto`` are incorrectly flagged for pyCrypto imports. The
fix will now explicitly calls out pyCrypto module one sub-level to
avoid the false positives.
Change-Id: Iafd3fae2fc7a13a0a93800ee570c4e1354be1391
Closes-Bug: #1749603
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set adds pyCrypto to bandit's blacklist, so bandit will
strongly advise against using pyCrypto. As mentioned in the bug,
this may cause false positives if people use pyCrytodome, but will be
tracked and addressed in follow up patch set.
Depends-On: I0b1a90c3a47ad6d3b18597e5315e9f017854a146
Change-Id: I81f695cd31dee393ab4530dbcdb20dd925bbece2
Closes-Bug: #1655973
Zuul no longer requires the project-name for in-repo configuration.
Omitting it makes forking or renaming projects easier.
Change-Id: I33e07a13e581fc86c8e16ed4677f7b795e4523d5
Currently, outputting bandit findings as YAML does not put the
``more_info`` URL in the output as it would if the output format
is HTML or JSON. This patch set updates the YAML formatter to
include the ``more_info`` URL to be inline with the HTML and JSON
formatters.
Change-Id: Ice134e3bbf67c59feb7a88b299e60838b6ad80d5
Closes-Bug: #1746827
Currently the plugin listing found at the link below [1] is unsorted
by bandit ID number, yet the IDs are listed, making it confusing
to look at.
This patch sorts the plugin list by renaming each plugin filename
so that sphinx sorts accordingly.
[1] https://docs.openstack.org/bandit/latest/plugins/index.html#complete-test-plugin-listing
Change-Id: Ib16b85d1025dd667f711e8571dd58a59deb74d29
Running bandit using relative paths inside a subdirectory when the current
directory contains __init__.py causes bandit to be stuck in an infinite
loop.
Co-Authored-By: Calvin Li
Closes-Bug: #1743042
Change-Id: I247108c1365847134ee561073ea0eb43c57b54cc
The links for more_info were pointing to the old location for
bandit's documents, which would redirect to an index.html page.
This change updates the docs to the new location in order to
allow the "more info" link to point to the correct page.
Change-Id: I950ea4601248065dce68a5d21b144703817cf675
Closes-Bug: #1745006
This patch set updates test-requirements.txt to use the latest versions
of hacking. There is no reason to cap the hacking version to 0.14, as
other OpenStack project such as ironic [0] has brought the minimum
hacking version to 1.0.0.
Closes-Bug: #174100
[0] 3700e7c6d5
Change-Id: I5254613678a096a5b8730cdb42af3545a63fe1a9
Signed-off-by: Tin Lam <tin@irrational.io>
Currently, outputting bandit findings as JSON does not put the ``more_info``
URL in the output as it would if the output format is HTML. This patch
set updates the JSON formatter to include the ``more_info`` URL to be inline
with the HTML display.
Change-Id: I58a8490b427fe146d517a8aff124f4443562f48b
Closes-Bug: #1695890
Signed-off-by: Tin Lam <tin@irrational.io>
Bandit only checks if imports is done using keyword ``import`` or
``__import__()`` and does not check for blacklisted module loaded
via importlib. This patch set adds additional check for blacklisted
modules loaded via importlib.
Change-Id: I97ed93af1066fa39dfc5be0868ab814c8eadd147
Closes-Bug: #1718516
Signed-off-by: Tin Lam <tin@irrational.io>
We do not need tox_install.sh, pip can handle constraints itself
and install the project correctly. Thus update tox.ini and remove
the now obsolete tools/tox_install.sh file.
This follows https://review.openstack.org/#/c/508061 to remove
tools/tox_install.sh.
Change-Id: I85d256e9e66bbf940f5b645c4a887b1f2a3707de
Migrate all functional jobs and gate to zuul v3.
Needed-By: Id391e505300c43a532241696d063c4eacbdd34a2
Needed-By: Ief7e88ae1cc8fa0a690ffb04b4174914cc870ed9
Change-Id: Ie44a0193c9f98d12f146207a9f2afd7eff534e87
Follow up patch for review/marek_cermak/formatter-custom.
Adressing comment by Gage Hugo: remove extra section from README.rst
Change-Id: I177861d404592ba4b9d7b953bbb983963d53b653
modified: README.rst
Release notes are version independent, so remove version/release
values. We've found that projects now require the service package
to be installed in order to build release notes, and this is entirely
due to the current convention of pulling in the version information.
Release notes should not need installation in order to build, so this
unnecessary version setting needs to be removed.
This is needed for new release notes publishing, see
I56909152975f731a9d2c21b2825b972195e48ee8 and the discussion starting
at
http://lists.openstack.org/pipermail/openstack-dev/2017-November/124480.html
.
Change-Id: I096e956fa44f0dfa9b8210a221bcbe5afb385634
This change migrates the testing suite from using ostestr and testr
to using stester. Also cleaned up a missing space from tox.ini.
Change-Id: I886401a1efce6cb617a4db7a90ec9454bbea1d71
Implements: custom formatter
Custom formatter can be used to output a machine-readable, easily
parsable and customizable format using set of predefined tags
to suite various needs.
Output string is formatted using python string.format() standards
and therefore provides familiar usage.
Usage: bandit --format custom [--msg-template MSG-TEMPLATE] targets
See bandit --help for additional information and list of available tags
modified: bandit/cli/main.py
modified: bandit/core/manager.py
modified: README.rst
modified: setup.cfg
new file: bandit/formatters/custom.py
Change-Id: I900c9689cddb048db58608c443305e05e7a4be14
Signed-off-by: Marek Cermak <macermak@redhat.com>
this patch makes 'targets' args optional and allows to specify them
in the ini file.
This makes it possible to keep most of bandit configuration right in
the ini file.
OpenStack projects can now populate their tox.ini with [bandit] section
and do 'bandit --ini {toxinidir}/tox.ini -r' almost uniformly
accross all projects.
Change-Id: Ia0153e0aaa602171690ca8f66635fbea69b1cfab
Closes-Bug: #1730307
OpenDev Sysadmins