diff --git a/neutron/common/rpc.py b/neutron/common/rpc.py index 105e94031ce..3386fec570f 100644 --- a/neutron/common/rpc.py +++ b/neutron/common/rpc.py @@ -309,7 +309,7 @@ class Service(service.Service): # errors, go ahead and ignore them.. as we're shutting down anyway try: self.conn.close() - except Exception: + except Exception: # nosec pass super(Service, self).stop() diff --git a/neutron/db/migration/__init__.py b/neutron/db/migration/__init__.py index 8ca2d1e8ec9..b32aada1ec6 100644 --- a/neutron/db/migration/__init__.py +++ b/neutron/db/migration/__init__.py @@ -165,7 +165,7 @@ def alter_enum(table, column, enum_type, nullable, do_drop=True, op.execute("ALTER TABLE %(table)s RENAME COLUMN %(column)s TO " "old_%(column)s" % values) op.add_column(table, sa.Column(column, enum_type, nullable=nullable)) - op.execute("UPDATE %(table)s SET %(column)s = " + op.execute("UPDATE %(table)s SET %(column)s = " # nosec "old_%(column)s::text::%(name)s" % values) op.execute("ALTER TABLE %(table)s DROP COLUMN old_%(column)s" % values) if do_drop: diff --git a/tox.ini b/tox.ini index 3d5589d040f..5ef92582977 100644 --- a/tox.ini +++ b/tox.ini @@ -108,6 +108,7 @@ commands= python ./tools/list_moved_globals.py {[testenv:genconfig]commands} {[testenv:bashate]commands} + {[testenv:bandit]commands} whitelist_externals = sh bash @@ -150,8 +151,13 @@ import_exceptions = neutron._i18n local-check-factory = neutron.hacking.checks.factory [testenv:bandit] +# B101: Use of assert detected +# B104: Possible binding to all interfaces +# B108: Probable insecure usage of temp file/directory +# B111: Execute with run_as_root=True identified, possible security issue +# B311: Standard pseudo-random generators are not suitable for security/cryptographic purpose deps = -r{toxinidir}/test-requirements.txt -commands = bandit -r neutron -x tests -n5 +commands = bandit -r neutron -x tests -n5 -s B101,B104,B108,B111,B311 [testenv:bashate] commands = bash -c "find {toxinidir} \