Update list of skipped bandit plugins

Plugin B111 "Test for the use of rootwrap running as root"
was removed from bandit in [1].
Blacklist call of hashlib.sha1 was blacklisted in bandit
with [2] and it is now added to list of skipped tests in
Neutron.
This commit adds also plugin B604 to list of skipped plugins.

[1] d93eed5492
[2] 35e35446b0

Change-Id: I33d6089b497fccfca4b212e2a62fb881cae9cb94
This commit is contained in:
Slawek Kaplonski 2018-08-17 09:06:15 +02:00
parent 2ef5a6563a
commit 82224347de

View File

@ -181,10 +181,11 @@ local-check-factory = neutron.hacking.checks.factory
[testenv:bandit]
basepython = python3
# B104: Possible binding to all interfaces
# B111: Execute with run_as_root=True identified, possible security issue
# B303: blacklist calls: md5, sha1
# B311: Standard pseudo-random generators are not suitable for security/cryptographic purpose
# B604: any_other_function_with_shell_equals_true
deps = -r{toxinidir}/test-requirements.txt
commands = bandit -r neutron -x tests -n5 -s B104,B111,B311
commands = bandit -r neutron -x tests -n5 -s B104,B303,B311,B604
[testenv:bashate]
basepython = python3