Bump bandit and make oslo.middleware compatible with latest rules
Apply a timeout to requests calls to avoid uncontrolled resource consumption (CWE-400) [1]. However we should notice bandit didn't warned here. It didn't detected the request without the configured timeout. [1] https://cwe.mitre.org/data/definitions/400.html Change-Id: I6a4701592e0b245b798fbe916f78a5e8114e92ef
This commit is contained in:
parent
05be604d8b
commit
170e35a5b9
|
@ -41,7 +41,7 @@ class HealthcheckMainTests(test_base.BaseTestCase):
|
|||
# The operating system will return WSAEADDRNOTAVAIL which
|
||||
# in turn will throw a requests.ConnectionError
|
||||
r = requests.get("http://127.0.0.1:%s" % (
|
||||
server.server_address[1]))
|
||||
server.server_address[1]), timeout=10)
|
||||
except requests.ConnectionError:
|
||||
# Server hasn't started up yet, try again in a few.
|
||||
time.sleep(1)
|
||||
|
|
|
@ -9,7 +9,7 @@ testtools>=2.2.0 # MIT
|
|||
coverage!=4.4,>=4.0 # Apache-2.0
|
||||
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
|
||||
# Bandit security code scanner
|
||||
bandit>=1.6.0,<1.7.0 # Apache-2.0
|
||||
bandit>=1.7.0,<1.8.0 # Apache-2.0
|
||||
stestr>=2.0.0 # Apache-2.0
|
||||
|
||||
pre-commit>=2.6.0 # MIT
|
||||
|
|
Loading…
Reference in New Issue