Bump bandit to release 1.7.0

Use bandit 1.7.0. Disables B101 globally and allows one instance of B604. Change-Id: I82a39400520784adb8d26a355cd0e077ad58a530
2023-01-25 10:17:21 -05:00 · 2023-01-25 10:17:21 -05:00 · e43cdf6e1e
parent 6ac170cbc1
commit e43cdf6e1e
3 changed files with 4 additions and 3 deletions
--- a/os_brick/initiator/linuxfc.py
+++ b/os_brick/initiator/linuxfc.py
@ -73,7 +73,7 @@ class LinuxFibreChannel(linuxscsi.LinuxSCSI):
                                                                 'path': path}
            try:
                # We need to run command in shell to expand the * glob
-                out, _err = self._execute(cmd, shell=True)
+                out, _err = self._execute(cmd, shell=True)  # nosec: B604
                ctls += [line.split('/')[4].split(':')[1:] + [lun]
                         for line in out.split('\n') if line.startswith(path)]
            except Exception as exc:
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -16,6 +16,6 @@ castellan>=3.10.0 # Apache-2.0
 pycodestyle==2.6.0 # MIT
 doc8>=0.8.1 # Apache-2.0
 fixtures>=3.0.0 # Apache-2.0/BSD
-bandit>=1.6.0,<1.7.0 # Apache-2.0
+bandit>=1.7.0,<1.8.0 # Apache-2.0
 mypy>=0.982 # MIT
 eventlet>=0.30.1,!=0.32.0 # MIT
--- a/tox.ini
+++ b/tox.ini
@ -60,7 +60,8 @@ commands =

 [testenv:bandit]
 deps = -r{toxinidir}/test-requirements.txt
-commands: bandit -r os_brick -x os_brick/tests -n5
+# B101: skip assert used checks, they are validly used for mypy
+commands: bandit -r os_brick -x os_brick/tests -n5 -sB101

 [testenv:pylint]
 deps =