Browse Source

Update list of skipped bandit plugins

Plugin B111 "Test for the use of rootwrap running as root"
was removed from bandit in [1].
Blacklist call of hashlib.sha1 was blacklisted in bandit
with [2] and it is now added to list of skipped tests in
Neutron.
This commit adds also plugin B604 to list of skipped plugins.

[1] d93eed5492
[2] 35e35446b0

Change-Id: I33d6089b497fccfca4b212e2a62fb881cae9cb94
changes/84/592884/2
Slawek Kaplonski 3 years ago
parent
commit
82224347de
1 changed files with 3 additions and 2 deletions
  1. +3
    -2
      tox.ini

+ 3
- 2
tox.ini View File

@ -181,10 +181,11 @@ local-check-factory = neutron.hacking.checks.factory
[testenv:bandit]
basepython = python3
# B104: Possible binding to all interfaces
# B111: Execute with run_as_root=True identified, possible security issue
# B303: blacklist calls: md5, sha1
# B311: Standard pseudo-random generators are not suitable for security/cryptographic purpose
# B604: any_other_function_with_shell_equals_true
deps = -r{toxinidir}/test-requirements.txt
commands = bandit -r neutron -x tests -n5 -s B104,B111,B311
commands = bandit -r neutron -x tests -n5 -s B104,B303,B311,B604
[testenv:bashate]
basepython = python3


Loading…
Cancel
Save