Commit Graph

794 Commits

Author SHA1 Message Date
OpenDev Sysadmins 339ab8e4e4 OpenDev Migration Patch
This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:

http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html

Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.
2019-04-19 19:43:50 +00:00
Ondřej Nový ad67a3025e Mass changes
d/control: Use correct branch in Vcs-* fields
Bumped debhelper compat version to 10

Change-Id: Iee77f6a55a240112e8a0bd6dc82a29fb7c105688
2016-11-23 23:47:58 +01:00
Thomas Goirand a11003fca0 Add remove failing tests patch (Closes: #841631).
Change-Id: I7de51db4201ba0f4a496aa1f7eb0ec32868650ec
2016-10-31 09:41:33 +01:00
Thomas Goirand f69e55a850 Uploading to unstable.
Change-Id: Ia28ebbd91fee85dbca006702b4e18e29f21fd15f
2016-10-04 09:33:06 +02:00
Thomas Goirand 462682b19e Fixed EPOCH for oslotest.
Change-Id: Ief04f57a7337c1e237f3ac23b231acad9919de50
2016-09-28 09:35:21 +02:00
Thomas Goirand 98ce3200e7 [New Features]
- New test for HTTPoxy bug (CVE-2016-5386)
 - Man page added
 
 [Bug Fixes]
 - XSS bug fixed in HTML output (Security fix)
 - Various typos and spelling errors fixed
 
 [Behind the Scenes]
 - Catch general exceptions per-file
 - Docs improvements
 - Py3.5 bits
 -----BEGIN PGP SIGNATURE-----
 Comment: GPGTools - https://gpgtools.org
 
 iQIcBAABCgAGBQJXsaiRAAoJEHidEZrptdDW7BEQAIq6c2phmr75j7f3mu08+og2
 WWwZ5KWoh6XTBlBKGMWpZNGn4/1Xnfc9UrfFBhtAr8PfsuA00VxZmXhA5+UkD3df
 VmbqTZ694UxtNCdxuubsia/9lbGpn6VxVl9uOjwyU+nJEaRwQpfHSPHjaGwMs30Y
 LMlJpeQ3P5gLah6CLFTxv5Otw7psgtQUNsj0M/iZN+8t6+cpPuvMMLYNOU/Yjxj4
 Hn04dxMopXX6J1SIzSL1bl06u7g8BbG/vb7iVrt0hxB4zvMEjC8byiMckujQRwuo
 9erFnjUtl0a2I+7/VgBSgA+9M0gXSXmMJ3RVvZq2z1IBrvXGfaTz1G4Q8gU6Ypwk
 TJIuXndWPl2kRBf8d53hIVlZg+GZaGJRTsCODaby7lpVhKCCZoHwJNddaRMkbswc
 ckP0Z33tgluHa9yzYsbxy8e36TFhIy7FBNPi0A7jd48XpWk6iRLEO79Ek2Sfgvj1
 9hP4nj0J7XHXdRiD1+qxtW+cgyiNxiyG6ycyFrtEUcCGATADfhyxe4EqBQSTSwJH
 B3VBcpbcdhm55a5GDd/qhGQKhBLtQCBg2t1V8aRjBr6+IhDsPmrk9GLAjAzGA5K4
 km5Q/Cne/4gtZY8dPjFDn8bOEBN5hD3mFzifUOBudzxjobm4nV0zP0DLfqqi84eV
 fSFHcugmjECnyYbHujCM
 =SOpq
 -----END PGP SIGNATURE-----

Merge tag '1.1.0' into debian/newton

  * New upstream release.
  * Fixed (build-)depends for this release.
  * Standards-Version is now 3.9.8 (no change).
  * Using OpenStack's Gerrit as VCS URLs.
  * debian/source/options: ignores egg-info and .gitreview.
  * Using pkgos-dh_auto_{test,install} from openstack-pkg-tools >= 52~.
  * Adding bandit, bandit-baseline and bandit-config-generator binary in
    debian/bin to have unit tests and config generation to work.
  * Generate the bandit.yaml using bandit-config-generator.
  * Do not run functional tests that are failing.
  * Do not attempt to install bandit.yaml (file gone upstream).

Change-Id: I8bb004137c19a63589a88e348c139d462afd28c8
2016-09-27 18:19:25 +02:00
Ivan Udovichenko be4fcd4d54 Update .gitreview file
Change-Id: Ib1b10c674262674e23cf8d84c14e29367c4686a0
2016-09-01 18:07:14 +03:00
Thomas Goirand 23edebb3f4 Using https for the upstream VCS URL in debian/rules 2016-08-30 00:05:41 +02:00
Thomas Goirand c0ff5e283a Fixed debian/gbp.conf to use debian/newton as packaging branch. 2016-08-30 00:05:04 +02:00
Stanisław Pitucha df86344e75 Fix html escaping
Change-Id: I34c188f997cef24497ded6f912b357e9a6eefddc
Closes-bug: #1612988
2016-08-15 13:08:07 +10:00
zhangyanxian d4b99165c3 Fix some errors in utils.py & calls.py
Change-Id: I9da07469816eef4a1e2a48235437935e38ff3af4
2016-08-09 05:49:40 +00:00
zhangyanxian bfa759781c Fix some typos in the files
Change-Id: I0a0c9a127942164048758835450b7875d0cf4feb
2016-08-05 07:57:58 +00:00
zhangyanxian 694dfaa370 Some spelling error need to be fixed
Change-Id: I1b0d60252554d945c40df08aaad1468c08a02880
2016-08-04 05:31:32 +00:00
zhangyanxian 6c5ab95212 Remove white space between print and ()
Change-Id: Ic897cae44fe152e91abbd0bc82306ca8505c56e3
2016-08-03 02:38:58 +00:00
Grant Murphy 07f84cb5f5 Add check for httpoxy vulnerability
Change-Id: Ie366b110d33cb940ae176ccb87ef48e024868401
Closes-Bug: #1607907
2016-07-31 21:25:47 -07:00
Rahul Nair a54ab7561d Fixing jenkins failing on coverage reporting
Coverage combine deletes reports and thus jenkins failed
saying `no data to report`, this change fixes it.

Change-Id: Ia95ec755513d4382f9ad945e9688836445aee4d3
2016-07-31 21:55:39 -05:00
zhangyanxian ee6cb05538 Fix the typo in the files
funtions should be functions,
messsages should be messages,
identifed should be identified

Change-Id: I8380b656d4337d891d86240ef3981ede5a7839e4
2016-07-21 01:10:18 +00:00
OpenStack Proposal Bot f5862e96b6 Updated from global requirements
Change-Id: Ibd01f224c105dd926a6df80280553d89cf18d4a1
2016-07-17 23:51:35 +00:00
Eric Brown e2dd7e8830 Remove discover from test-requirements
The discover module is only required for Python versions less than
2.7 which are not supported.

Change-Id: If93c6ef7bb615032387a03d30bfe0ef9d12a743a
2016-07-14 15:30:43 -07:00
Tim Kelsey 34d28a0756 Adding more plugin config docs
Change-Id: Iaa1cec60ed00ec597a75d48f3eb3cef49e5e0e4d
2016-07-14 15:13:58 +01:00
Travis McPeak aa2c133668 Adding missing section to documentation about gen_config
This commit adds a missing section in the Bandit plugin
documentation for developers that describes how gen_config should
be used to declare and set default values for parameters.

Closes-Bug: #1602002
Change-Id: Iac3135394c9f723f04d9756459a0d5595de07021
2016-07-12 03:23:34 +00:00
Eric Brown 7ec796970f Add missing Python 3.5 classifier
Python 3.5 support was added to the gate jobs. Since Bandit fully
passes those tests, we can now claim Python 3.5 support in the
classifier.

Change-Id: Ia733ec36ce2350b5273031e4ab2491b344fd2bd2
2016-07-05 18:57:03 -07:00
Eric Brown bb1538f047 Add a py35 tox venv for upcoming py35 support
Soon the gate jobs will support Python 3.5. This patch adds the
tox virtualenv in preparation for the move from 3.4 to 3.5.

Change-Id: Ifda38d02f97510f7687924e83b4c7b01c28bf10b
2016-07-04 23:29:44 -07:00
Eric Brown b630d972ed Add reno for release notes management
An initial patch to add reno and create a base directory for
release notes.

Change-Id: Ia0cbfd77c7043db71cb92e9dc2a4f534c57ccf88
2016-06-30 10:20:55 -07:00
OpenStack Proposal Bot 70c9edc7d4 Updated from global requirements
Change-Id: Ia034302bf2192fac4931d3133e7af5a250aaab41
2016-06-21 17:57:45 +00:00
Eric Brown 1310d18275 Allow output to default to stdout using argparse
The argparse module already has the capability to default to stdout
at CLI parameter definition time. This patch utilizes this and avoids
the opening of the output file by each formatter.

Change-Id: Ib1e89492558fe1fc06966711b6014bd5b86b84c8
2016-06-15 11:23:53 -07:00
OpenStack Proposal Bot 9fb201f839 Updated from global requirements
Change-Id: Ib381ce114aa00ba80112c8ebc006bdef664af92b
2016-06-10 05:10:27 +00:00
Eric Brown 5e72d254d1 Add man page for bandit command line
This patch adds a man page for bandit using sphinx framework.

Change-Id: Ie76f67e6e70904318dd37cc628c27d9b3d908e80
2016-06-07 14:59:07 -07:00
OpenStack Proposal Bot c19ca43dca Updated from global requirements
Change-Id: Iba33e680de922f807a131d7d8b6867863a9ea989
2016-05-26 16:56:16 +00:00
OpenStack Proposal Bot 36e2f37b42 Updated from global requirements
Change-Id: I3e7b0ac8ab61fa03d50f4eba95b54964629c9cf3
2016-05-10 00:42:41 +00:00
ZhiQiang Fan 90c52715d3 [Trivial] Remove unnecessary executable privilege
bandit/core/node_visitor.py is a module rather than a script.
doc/source/conf.py is a configuration file rather than a script.

Change-Id: I08d855da5adab6c722ce63d120dc437c1ca81f6b
2016-04-29 21:11:06 +08:00
OpenStack Proposal Bot 9cc2609e69 Updated from global requirements
Change-Id: I1b45ad4b1d6f2f1c8680c4a594673cec378d08d0
2016-04-19 12:22:11 +00:00
Jamie Finnigan b6c8b9f01b Catch general exception on per-file basis
This modifies the Bandit manager to catch a general Exception on a
per-file basis. When an exception does occur, the name of the file is
emitted and the file is logged as a 'skipped file' for inclusion in
the end-of-run output. When run in debug mode, a traceback will also
be printed.

The change also adds a new test targeting this case, along with a new
example file (nonsense2.py is gzipped nonsense.py) to trigger the
test.

Change-Id: I86e648890dddcc5c2fff7dd9844678e990b0cd63
Closes-Bug: #1498258
2016-04-13 09:39:21 -07:00
OpenStack Proposal Bot e93032f1dc Updated from global requirements
Change-Id: Ia0ac832882844365ddcb1d6debacf6de59562ff7
2016-04-08 00:25:22 +00:00
Tim Kelsey d653e969ae Adding accurate docs for new bandit config
Change-Id: I19d810dfeb6cae422938465c370d015832eeb0e6
2016-04-04 16:14:52 +01:00
Jenkins ad38f827c8 Merge "Ensure error exit codes fail integrations" 2016-04-01 21:02:47 +00:00
Tim Kelsey d66a103d63 Fixing a bug exposed with try, except, ... tests
Some configurations dont pass an Attribute through directly. These
are safe as far as the test is concerned, but were exploading the
logic.

Closes-bug: #1564787

Change-Id: I8152983552ad61613c3c5474502a74ac4acf0d64
2016-04-01 09:42:31 +01:00
Eric Brown 8dd30b8284 Ensure error exit codes fail integrations
The exit code of sub commands were ignored.  As a result all
integration jobs would pass even when they fail.

Change-Id: I071283d2737199ed710e246740f68f8e857027f2
Closes-Bug: #1546772
2016-03-31 14:50:09 +00:00
Tim Kelsey 43a102face Calm down try,except,pass and try,except,continue
These tests default to the strict setting, this is quite noisy and
normally produces false positives. Probably not a good default, so
this calms down these tests.

Change-Id: Ia22569bdae1705a2a499ad17bbfffdf211e9d2b2
2016-03-31 13:16:59 +01:00
Jamie Finnigan 0fabff579d Normalizing & editing command-line help text
This commit contains a number of relatively minor changes to the help
text displayed by Bandit when 'bandit -h' is executed.

It is an attempt to normalize (capitalization, formatting, and usage of
certain terms) and edit for clarity.

It also updates the README to include the new help text, and the test
that checks the README is up-to-date.

Change-Id: Ic583f891a295ac13339db1f65bcf38d66bd2abcd
2016-03-25 18:43:11 +00:00
Christopher J Schaefer cac2f22dee Added try_except_continue plugin
Along with a 'try, except, pass' check, we should also check for the
similar existance of 'try, except, continue', which raises the same
type of security implications, given the similar type of functionality.
Using 'continue' in place of 'pass' (inside a loop) currently allows
code to bypass the 'try, except, pass' warning.

Change-Id: I3e7ce037518875c5f5e46e26e1d72ef878f78a2f
2016-03-24 12:09:12 -05:00
Jenkins bee1d23f3d Merge "Adding test IDs to test doc titles" 2016-03-23 19:02:05 +00:00
Jenkins c562ebb9bb Merge "Blacklists now check node types are valid" 2016-03-23 18:21:59 +00:00
Jenkins acf870b42b Merge "Fixing documentation for hardcoded password tests" 2016-03-23 18:04:36 +00:00
Jenkins b3683c5877 Merge "Delete the config, we dont need it now and its also invalid" 2016-03-23 17:57:08 +00:00
Jenkins 42fa00ba25 Merge "Improving config handling" 2016-03-23 17:45:51 +00:00
Tim Kelsey 731e0ed393 Adding test IDs to test doc titles
Change-Id: If51e0f0519a102c4fd22375275bb5a6992a0c4ff
2016-03-23 16:29:00 +00:00
Tim Kelsey 24eba90cce Fixing documentation for hardcoded password tests
The docs for these tests were very out of date. This fixes them
and also removes the old wordlist, as its not used by anything.

Change-Id: I28c047dfd0041824e08e28e1239ccbae8c7141a0
2016-03-23 16:28:56 +00:00
Tim Kelsey c71d430c0c Delete the config, we dont need it now and its also invalid
Change-Id: I595b5472128802acc0e87031276051afa47e2de3
2016-03-23 16:28:45 +00:00
Tim Kelsey 32a7679c5e Improving config handling
This patch adds a validation step to the config class that can
be used to detect bad configs. For now it just asserts that if
legacy blacklist tests are mentioned the config contains the
required data block for them.

Additionally, this also removes various places in our test set
where a config file is specified. This was only done to satisfy
the old behaviour when a config was not optional.

Finally, this detects when a config has legacy data in it and
prints a deprecation warning.

Test coverage of the config class is now raised to 100%

Change-Id: I492a20f9b9f421d32e3e72eaa15f88c34c3d11e8
2016-03-23 16:18:11 +00:00