Clean up bandit profiles
The profile that we run for the gate run is renamed to "gate" from "keystone_conservative". This will be the standard configuration for OpenStack projects. Removed the keystone_verbose profile since this isn't used. Change-Id: I828afc5402ab15c615bfd7955a578d055ce4aa8a
This commit is contained in:
Brant Knudson
parent
12ed2536d0
commit
0545ccf667
17
bandit.yaml
17
bandit.yaml
@ -29,7 +29,7 @@ exclude_dirs:
|
||||
- '/tests/'
|
||||
|
||||
profiles:
|
||||
keystone_conservative:
|
||||
gate:
|
||||
include:
|
||||
- blacklist_calls
|
||||
- blacklist_imports
|
||||
@ -40,21 +40,6 @@ profiles:
|
||||
- linux_commands_wildcard_injection
|
||||
- ssl_with_bad_version
|
||||
|
||||
|
||||
keystone_verbose:
|
||||
include:
|
||||
- blacklist_calls
|
||||
- blacklist_imports
|
||||
- request_with_no_cert_validation
|
||||
- exec_used
|
||||
- set_bad_file_permissions
|
||||
- hardcoded_tmp_directory
|
||||
- subprocess_popen_with_shell_equals_true
|
||||
- any_other_function_with_shell_equals_true
|
||||
- linux_commands_wildcard_injection
|
||||
- ssl_with_bad_version
|
||||
- ssl_with_bad_defaults
|
||||
|
||||
blacklist_calls:
|
||||
bad_name_sets:
|
||||
- pickle:
|
||||
|
||||
2
tox.ini
2
tox.ini
@ -102,7 +102,7 @@ commands = oslo-config-generator --config-file=config-generator/keystone.conf
|
||||
|
||||
[testenv:bandit]
|
||||
deps = .[bandit]
|
||||
commands = bandit -c bandit.yaml -r keystone -n5 -p keystone_conservative
|
||||
commands = bandit -c bandit.yaml -r keystone -n5 -p gate
|
||||
|
||||
[hacking]
|
||||
import_exceptions =
|
||||
|
||||
Loading…
Reference in New Issue
Block a user