Bandit profile updates
We'd like to use the same "gate" profile for all OpenStack gate jobs, so the "keystone_conservative" profile which we were running as part of the gate is change to "gate. The other profiles that aren't used as part of the gate are removed. Change-Id: I931dc957b4659806027d45dfec5e61e9c7973564
This commit is contained in:
Brant Knudson
17
bandit.yaml
17
bandit.yaml
@@ -29,7 +29,7 @@ exclude_dirs:
|
|||||||
- '/tests/'
|
- '/tests/'
|
||||||
|
|
||||||
profiles:
|
profiles:
|
||||||
keystone_conservative:
|
gate:
|
||||||
include:
|
include:
|
||||||
- blacklist_calls
|
- blacklist_calls
|
||||||
- blacklist_imports
|
- blacklist_imports
|
||||||
@@ -40,21 +40,6 @@ profiles:
|
|||||||
- linux_commands_wildcard_injection
|
- linux_commands_wildcard_injection
|
||||||
- ssl_with_bad_version
|
- ssl_with_bad_version
|
||||||
|
|
||||||
|
|
||||||
keystone_verbose:
|
|
||||||
include:
|
|
||||||
- blacklist_calls
|
|
||||||
- blacklist_imports
|
|
||||||
- request_with_no_cert_validation
|
|
||||||
- exec_used
|
|
||||||
- set_bad_file_permissions
|
|
||||||
- hardcoded_tmp_directory
|
|
||||||
- subprocess_popen_with_shell_equals_true
|
|
||||||
- any_other_function_with_shell_equals_true
|
|
||||||
- linux_commands_wildcard_injection
|
|
||||||
- ssl_with_bad_version
|
|
||||||
- ssl_with_bad_defaults
|
|
||||||
|
|
||||||
blacklist_calls:
|
blacklist_calls:
|
||||||
bad_name_sets:
|
bad_name_sets:
|
||||||
- pickle:
|
- pickle:
|
||||||
|
|||||||
2
tox.ini
2
tox.ini
@@ -19,7 +19,7 @@ whitelist_externals = find
|
|||||||
[testenv:linters]
|
[testenv:linters]
|
||||||
commands =
|
commands =
|
||||||
flake8
|
flake8
|
||||||
bandit -c bandit.yaml -r keystoneclient -n5 -p keystone_conservative
|
bandit -c bandit.yaml -r keystoneclient -n5 -p gate
|
||||||
|
|
||||||
[testenv:pep8]
|
[testenv:pep8]
|
||||||
whitelist_externals =
|
whitelist_externals =
|
||||||
|
|||||||
Reference in New Issue
Block a user