Merge "Fix security vulnerabilities using Bandit"

refstack/db/migrations/alembic/versions/434be17a6ec3_fix_openids_with_space.py

@@ -32,13 +32,12 @@ def upgrade():
 
         # Remove instances of the new openid so the old one can take
         # its place.
-        query = "delete from user where openid='%s'" % (new_openid)
+        query = "delete from user where openid=%%:user"
-        conn.execute(query.replace('%', '%%'))
+        conn.execute(query, user=new_openid)
 
         # Update the openid.
-        query = ("update user set openid='%s' where openid='%s'" %
+        query = ("update user set openid=%%:new where openid=%%:old")
-                 (new_openid, old_openid))
+        conn.execute(query, new=new_openid, old=old_openid)
-        conn.execute(query.replace('%', '%%'))
 
     # Update all usage of %20 in all openid references using MySQL Replace.
     conn.execute("update meta set value = "

refstack/tests/api/test_profile.py

@@ -53,7 +53,7 @@ class TestProfileEndpoint(api.FunctionalTest):
         url = self.URL + 'pubkeys'
         key = rsa.generate_private_key(
             public_exponent=65537,
-            key_size=1024,
+            key_size=2048,
             backend=default_backend()
         )
         sign = key.sign('signature'.encode('utf-8'),

refstack/tests/api/test_results.py

@@ -422,7 +422,7 @@ class TestResultsEndpointNoAnonymous(api.FunctionalTest):
     def _generate_keypair_(self):
         return rsa.generate_private_key(
             public_exponent=65537,
-            key_size=1024,
+            key_size=2048,
             backend=default_backend()
         )
 

refstack/tests/unit/test_validators.py

@@ -109,7 +109,7 @@ class TestResultValidatorTestCase(base.BaseTestCase):
 
         key = rsa.generate_private_key(
             public_exponent=65537,
-            key_size=1024,
+            key_size=2048,
             backend=default_backend()
         )
         sign = key.sign(request.body, padding.PKCS1v15(), hashes.SHA256())