Bump bandit and make oslo.metrics compatible with latest rules

Changes file permission to fix b103, restraint file's rights to owner only [1]. [1] https://bandit.readthedocs.io/en/1.7.5/plugins/b103_set_bad_file_permissions.html Change-Id: Ie5ef0a86955c5d6876b2347ba4505e58d8c7c6dc
2023-05-19 15:05:01 +02:00
parent 40c1def334
commit 5b47840327
2 changed files with 3 additions and 3 deletions
@@ -30,7 +30,7 @@ from oslo_metrics import message_router

 oslo_metrics_configs = [
    cfg.StrOpt('metrics_socket_file',
-               default='/var/tmp/metrics_collector.sock',
+               default='/var/tmp/metrics_collector.sock',  # nosec
               help='Unix domain socket file to be used'
                    ' to send rpc related metrics'),
    cfg.IntOpt('prometheus_port', default=3000,
@@ -98,7 +98,7 @@ def main():
    socket_path = cfg.CONF.oslo_metrics.metrics_socket_file
    m = MetricsListener(socket_path)
    try:
-        os.chmod(socket_path, 0o660)
+        os.chmod(socket_path, 0o600)
    except OSError:
        LOG.error("Changing the mode of the file failed.... continuing")
    mt = threading.Thread(target=m.serve)
@@ -4,6 +4,6 @@
 hacking>=3.0.1,<3.1.0 # Apache-2.0
 oslotest>=3.2.0 # Apache-2.0
 # Bandit security code scanner
-bandit>=1.6.0,<1.7.0 # Apache-2.0
+bandit>=1.7.0,<1.8.0 # Apache-2.0
 stestr>=2.0.0 # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0