From 170e35a5b9c4e4bbaafaf7e805d54cac10c7dff8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herv=C3=A9=20Beraud?= <hberaud@redhat.com>
Date: Fri, 10 Mar 2023 10:58:36 +0100
Subject: [PATCH] Bump bandit and make oslo.middleware compatible with latest
 rules

Apply a timeout to requests calls to avoid uncontrolled
resource consumption (CWE-400) [1].

However we should notice bandit didn't warned here.
It didn't detected the request without the configured timeout.

[1] https://cwe.mitre.org/data/definitions/400.html

Change-Id: I6a4701592e0b245b798fbe916f78a5e8114e92ef
---
 oslo_middleware/tests/test_healthcheck.py | 2 +-
 test-requirements.txt                     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/oslo_middleware/tests/test_healthcheck.py b/oslo_middleware/tests/test_healthcheck.py
index d82316f..ee76533 100644
--- a/oslo_middleware/tests/test_healthcheck.py
+++ b/oslo_middleware/tests/test_healthcheck.py
@@ -41,7 +41,7 @@ class HealthcheckMainTests(test_base.BaseTestCase):
                 # The operating system will return WSAEADDRNOTAVAIL which
                 # in turn will throw a requests.ConnectionError
                 r = requests.get("http://127.0.0.1:%s" % (
-                    server.server_address[1]))
+                    server.server_address[1]), timeout=10)
             except requests.ConnectionError:
                 # Server hasn't started up yet, try again in a few.
                 time.sleep(1)
diff --git a/test-requirements.txt b/test-requirements.txt
index de498fc..ffee9a5 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -9,7 +9,7 @@ testtools>=2.2.0 # MIT
 coverage!=4.4,>=4.0 # Apache-2.0
 oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
 # Bandit security code scanner
-bandit>=1.6.0,<1.7.0 # Apache-2.0
+bandit>=1.7.0,<1.8.0 # Apache-2.0
 stestr>=2.0.0 # Apache-2.0
 
 pre-commit>=2.6.0 # MIT