Bump bandit version

Bandit 1.6.0 changes the behavior of the '-x' option so that it now
supports glob patterns. Update our tox file to use to correctly exclude
test code from bandit scans. This requires bumping our minimum bandit
version.
For additional details, refer to ML Thread[1]

[1] http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006116.html

Change-Id: I0b61934067bfb69ed3375f14bb1e05c9eeb694ad
This commit is contained in:
whoami-rajat 2019-05-13 22:51:38 +05:30 committed by Rajat Dhasmana
parent 7af13ef613
commit 0554ee1d47
3 changed files with 6 additions and 4 deletions

View File

@ -4,7 +4,7 @@ amqp==2.2.2
appdirs==1.4.3 appdirs==1.4.3
asn1crypto==0.24.0 asn1crypto==0.24.0
automaton==1.14.0 automaton==1.14.0
bandit==1.1.0 bandit==1.6.0
bcrypt==3.1.4 bcrypt==3.1.4
cachetools==2.0.1 cachetools==2.0.1
castellan==0.16.0 castellan==0.16.0

View File

@ -18,5 +18,7 @@ testresources>=2.0.0 # Apache-2.0/BSD
testscenarios>=0.4 # Apache-2.0/BSD testscenarios>=0.4 # Apache-2.0/BSD
oslo.versionedobjects[fixtures]>=1.31.2 # Apache-2.0 oslo.versionedobjects[fixtures]>=1.31.2 # Apache-2.0
tempest>=17.1.0 # Apache-2.0 tempest>=17.1.0 # Apache-2.0
bandit>=1.1.0 # Apache-2.0 # bandit is not included in upper-constraints,
# so we need to pin it here to a known working version
bandit==1.6.0 # Apache-2.0
reno>=2.5.0 # Apache-2.0 reno>=2.5.0 # Apache-2.0

View File

@ -157,12 +157,12 @@ commands = python {toxinidir}/tools/generate_driver_list.py
[testenv:bandit] [testenv:bandit]
basepython = python3 basepython = python3
deps = -r{toxinidir}/test-requirements.txt deps = -r{toxinidir}/test-requirements.txt
commands = bandit -r cinder -n5 -x tests -ll commands = bandit -r cinder -n5 -x cinder/tests/* -ll
[testenv:bandit-baseline] [testenv:bandit-baseline]
basepython = python3 basepython = python3
envdir = {toxworkdir}/bandit envdir = {toxworkdir}/bandit
commands = bandit-baseline -r cinder -n5 -x tests -ii -ll commands = bandit-baseline -r cinder -n5 -x cinder/tests/* -ii -ll
[testenv:bindep] [testenv:bindep]
# Do not install any requirements. We want this to be fast and work even if # Do not install any requirements. We want this to be fast and work even if