From 09caab6c2cc6c79ee123ee3d2485e404bfcd9fe2 Mon Sep 17 00:00:00 2001
From: Tin Lam <tin@irrational.io>
Date: Sun, 4 Feb 2018 09:53:34 -0600
Subject: [PATCH] Adding #nosec for pycrypto use

As the pycrypto library is being replaced by the cryptography module,
the bandit library would like to warn the use of pycrypto in [0]. Currently,
barbican still use pycrypto and work is being done to update that in [1],
this patch set proposes to #nosec the outstanding pycrypto use for the
bandit patch to pass - the #nosec should be consequently removed in [1].

[0] https://review.openstack.org/#/c/530287/
[1] https://review.openstack.org/#/c/458196/

Change-Id: I0b1a90c3a47ad6d3b18597e5315e9f017854a146
---
 barbican/plugin/dogtag.py            | 4 ++--
 barbican/tests/plugin/test_dogtag.py | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/barbican/plugin/dogtag.py b/barbican/plugin/dogtag.py
index 71b6ae03d..c6eb934a5 100644
--- a/barbican/plugin/dogtag.py
+++ b/barbican/plugin/dogtag.py
@@ -19,8 +19,8 @@ import datetime
 import os
 from oslo_utils import uuidutils
 
-from Crypto.PublicKey import RSA
-from Crypto.Util import asn1
+from Crypto.PublicKey import RSA  # nosec
+from Crypto.Util import asn1  # nosec
 import pki
 
 subcas_available = True
diff --git a/barbican/tests/plugin/test_dogtag.py b/barbican/tests/plugin/test_dogtag.py
index 896bc4b58..6f82792f3 100644
--- a/barbican/tests/plugin/test_dogtag.py
+++ b/barbican/tests/plugin/test_dogtag.py
@@ -18,7 +18,7 @@ import datetime
 import os
 import tempfile
 
-from Crypto.PublicKey import RSA
+from Crypto.PublicKey import RSA  # nosec
 import mock
 from requests import exceptions as request_exceptions
 import testtools