From 5b478403278e69ca9fd822cb117c3e2aa49a6cda Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herv=C3=A9=20Beraud?= <hberaud@redhat.com>
Date: Fri, 19 May 2023 15:05:01 +0200
Subject: [PATCH] Bump bandit and make oslo.metrics compatible with latest
 rules

Changes file permission to fix b103, restraint file's rights to owner
only [1].

[1] https://bandit.readthedocs.io/en/1.7.5/plugins/b103_set_bad_file_permissions.html

Change-Id: Ie5ef0a86955c5d6876b2347ba4505e58d8c7c6dc
---
 oslo_metrics/__main__.py | 4 ++--
 test-requirements.txt    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/oslo_metrics/__main__.py b/oslo_metrics/__main__.py
index c89347f..e445818 100644
--- a/oslo_metrics/__main__.py
+++ b/oslo_metrics/__main__.py
@@ -30,7 +30,7 @@ from oslo_metrics import message_router
 
 oslo_metrics_configs = [
     cfg.StrOpt('metrics_socket_file',
-               default='/var/tmp/metrics_collector.sock',
+               default='/var/tmp/metrics_collector.sock',  # nosec
                help='Unix domain socket file to be used'
                     ' to send rpc related metrics'),
     cfg.IntOpt('prometheus_port', default=3000,
@@ -98,7 +98,7 @@ def main():
     socket_path = cfg.CONF.oslo_metrics.metrics_socket_file
     m = MetricsListener(socket_path)
     try:
-        os.chmod(socket_path, 0o660)
+        os.chmod(socket_path, 0o600)
     except OSError:
         LOG.error("Changing the mode of the file failed.... continuing")
     mt = threading.Thread(target=m.serve)
diff --git a/test-requirements.txt b/test-requirements.txt
index b15df2e..3580880 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -4,6 +4,6 @@
 hacking>=3.0.1,<3.1.0 # Apache-2.0
 oslotest>=3.2.0 # Apache-2.0
 # Bandit security code scanner
-bandit>=1.6.0,<1.7.0 # Apache-2.0
+bandit>=1.7.0,<1.8.0 # Apache-2.0
 stestr>=2.0.0 # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0