openstack/python-keystoneclient
Code Issues Proposed changes

Merge "Removing bandit.yaml in favor of defaults"

Browse Source
This commit is contained in:
Jenkins
2016-04-21 18:32:07 +00:00
committed by Gerrit Code Review
parent 841389810f dbf4f31646
commit c089370930
14 changed files with 112 additions and 195 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
bandit.yaml
View File

@@ -1,119 +0,0 @@
# optional: after how many files to update progress
#show_progress_every: 100
# optional: plugins directory name
#plugins_dir: 'plugins'
# optional: plugins discovery name pattern
plugin_name_pattern: '*.py'
# optional: terminal escape sequences to display colors
#output_colors:
# DEFAULT: '\033[0m'
# HEADER: '\033[95m'
# INFO: '\033[94m'
# WARN: '\033[93m'
# ERROR: '\033[91m'
# optional: log format string
#log_format: "[%(module)s]\t%(levelname)s\t%(message)s"
# globs of files which should be analyzed
include:
- '*.py'
- '*.pyw'
# a list of strings, which if found in the path will cause files to be excluded
# for example /tests/ - to remove all all files in tests directory
exclude_dirs:
- '/tests/'
profiles:
gate:
include:
- blacklist_calls
- blacklist_imports
- request_with_no_cert_validation
- exec_used
- set_bad_file_permissions
- subprocess_popen_with_shell_equals_true
- linux_commands_wildcard_injection
- ssl_with_bad_version
blacklist_calls:
bad_name_sets:
- pickle:
qualnames: [pickle.loads, pickle.load, pickle.Unpickler,
cPickle.loads, cPickle.load, cPickle.Unpickler]
message: "Pickle library appears to be in use, possible security issue."
- marshal:
qualnames: [marshal.load, marshal.loads]
message: "Deserialization with the marshal module is possibly dangerous."
- md5:
qualnames: [hashlib.md5]
message: "Use of insecure MD5 hash function."
- mktemp_q:
qualnames: [tempfile.mktemp]
message: "Use of insecure and deprecated function (mktemp)."
- eval:
qualnames: [eval]
message: "Use of possibly insecure function - consider using safer ast.literal_eval."
- mark_safe:
names: [mark_safe]
message: "Use of mark_safe() may expose cross-site scripting vulnerabilities and should be reviewed."
- httpsconnection:
qualnames: [httplib.HTTPSConnection]
message: "Use of HTTPSConnection does not provide security, see https://wiki.openstack.org/wiki/OSSN/OSSN-0033"
- yaml_load:
qualnames: [yaml.load]
message: "Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load()."
- urllib_urlopen:
qualnames: [urllib.urlopen, urllib.urlretrieve, urllib.URLopener, urllib.FancyURLopener, urllib2.urlopen, urllib2.Request]
message: "Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected."
shell_injection:
# Start a process using the subprocess module, or one of its wrappers.
subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call,
subprocess.check_output, utils.execute, utils.execute_with_timeout]
# Start a process with a function vulnerable to shell injection.
shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4,
popen2.popen2, popen2.popen3, popen2.popen4, popen2.Popen3,
popen2.Popen4, commands.getoutput, commands.getstatusoutput]
# Start a process with a function that is not vulnerable to shell injection.
no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv,os.execve,
os.execvp, os.execvpe, os.spawnl, os.spawnle, os.spawnlp,
os.spawnlpe, os.spawnv, os.spawnve, os.spawnvp, os.spawnvpe,
os.startfile]
blacklist_imports:
bad_import_sets:
- telnet:
imports: [telnetlib]
level: ERROR
message: "Telnet is considered insecure. Use SSH or some other encrypted protocol."
hardcoded_password:
word_list: "wordlist/default-passwords"
ssl_with_bad_version:
bad_protocol_versions:
- 'PROTOCOL_SSLv2'
- 'SSLv2_METHOD'
- 'SSLv23_METHOD'
- 'PROTOCOL_SSLv3' # strict option
- 'PROTOCOL_TLSv1' # strict option
- 'SSLv3_METHOD' # strict option
- 'TLSv1_METHOD' # strict option
password_config_option_not_marked_secret:
function_names:
- oslo.config.cfg.StrOpt
- oslo_config.cfg.StrOpt
execute_with_run_as_root_equals_true:
function_names:
- ceilometer.utils.execute
- cinder.utils.execute
- neutron.agent.linux.utils.execute
- nova.utils.execute
- nova.utils.trycmd

22
keystoneclient/_discover.py
View File

@@ -42,28 +42,30 @@ def get_version_data(session, url, authenticated=None):
try: try:
body_resp = resp.json() body_resp = resp.json()
except ValueError: except ValueError: # nosec(cjschaef): raise a DiscoveryFailure below
pass pass
else: else:
# In the event of querying a root URL we will get back a list of # In the event of querying a root URL we will get back a list of
# available versions. # available versions.
try: try:
return body_resp['versions']['values'] return body_resp['versions']['values']
except (KeyError, TypeError): except (KeyError, TypeError): # nosec(cjschaef): attempt to return
# versions dict or query the endpoint or raise a DiscoveryFailure
pass pass
# Most servers don't have a 'values' element so accept a simple # Most servers don't have a 'values' element so accept a simple
# versions dict if available. # versions dict if available.
try: try:
return body_resp['versions'] return body_resp['versions']
except KeyError: except KeyError: # nosec(cjschaef): query the endpoint or raise a
# DiscoveryFailure
pass pass
# Otherwise if we query an endpoint like /v2.0 then we will get back # Otherwise if we query an endpoint like /v2.0 then we will get back
# just the one available version. # just the one available version.
try: try:
return [body_resp['version']] return [body_resp['version']]
except KeyError: except KeyError: # nosec(cjschaef): raise a DiscoveryFailure
pass pass
err_text = resp.text[:50] + '...' if len(resp.text) > 50 else resp.text err_text = resp.text[:50] + '...' if len(resp.text) > 50 else resp.text
@@ -77,14 +79,16 @@ def normalize_version_number(version):
# trim the v from a 'v2.0' or similar # trim the v from a 'v2.0' or similar
try: try:
version = version.lstrip('v') version = version.lstrip('v')
except AttributeError: except AttributeError: # nosec(cjschaef): 'version' is not a str, try a
# different type or raise a TypeError
pass pass
# if it's an integer or a numeric as a string then normalize it # if it's an integer or a numeric as a string then normalize it
# to a string, this ensures 1 decimal point # to a string, this ensures 1 decimal point
try: try:
num = float(version) num = float(version)
except Exception: except Exception: # nosec(cjschaef): 'version' is not a float, try a
# different type or raise a TypeError
pass pass
else: else:
version = str(num) version = str(num)
@@ -92,13 +96,15 @@ def normalize_version_number(version):
# if it's a string (or an integer) from above break it on . # if it's a string (or an integer) from above break it on .
try: try:
return tuple(map(int, version.split('.'))) return tuple(map(int, version.split('.')))
except Exception: except Exception: # nosec(cjschaef): 'version' is not str (or an int),
# try a different type or raise a TypeError
pass pass
# last attempt, maybe it's a list or iterable. # last attempt, maybe it's a list or iterable.
try: try:
return tuple(map(int, version)) return tuple(map(int, version))
except Exception: except Exception: # nosec(cjschaef): 'version' is not an expected type,
# raise a TypeError
pass pass
raise TypeError(_('Invalid version specified: %s') % version) raise TypeError(_('Invalid version specified: %s') % version)

20
keystoneclient/access.py
View File

@@ -148,7 +148,7 @@ class AccessInfo(dict):
def auth_token(self): def auth_token(self):
try: try:
del self['auth_token'] del self['auth_token']
except KeyError: except KeyError: # nosec(cjschaef): 'auth_token' is not in the dict
pass pass
@property @property
@@ -526,7 +526,8 @@ class AccessInfoV2(AccessInfo):
def project_name(self): def project_name(self):
try: try:
tenant_dict = self['token']['tenant'] tenant_dict = self['token']['tenant']
except KeyError: except KeyError: # nosec(cjschaef): no 'token' key or 'tenant' key in
# token, return the name of the tenant or None
pass pass
else: else:
return tenant_dict.get('name') return tenant_dict.get('name')
@@ -534,13 +535,15 @@ class AccessInfoV2(AccessInfo):
# pre grizzly # pre grizzly
try: try:
return self['user']['tenantName'] return self['user']['tenantName']
except KeyError: except KeyError: # nosec(cjschaef): no 'user' key or 'tenantName' in
# 'user', attempt 'tenantId' or return None
pass pass
# pre diablo, keystone only provided a tenantId # pre diablo, keystone only provided a tenantId
try: try:
return self['token']['tenantId'] return self['token']['tenantId']
except KeyError: except KeyError: # nosec(cjschaef): no 'token' key or 'tenantName' or
# 'tenantId' could be found, return None
pass pass
@property @property
@@ -589,7 +592,8 @@ class AccessInfoV2(AccessInfo):
def project_id(self): def project_id(self):
try: try:
tenant_dict = self['token']['tenant'] tenant_dict = self['token']['tenant']
except KeyError: except KeyError: # nosec(cjschaef): no 'token' key or 'tenant' dict,
# attempt to return 'tenantId' or return None
pass pass
else: else:
return tenant_dict.get('id') return tenant_dict.get('id')
@@ -597,13 +601,15 @@ class AccessInfoV2(AccessInfo):
# pre grizzly # pre grizzly
try: try:
return self['user']['tenantId'] return self['user']['tenantId']
except KeyError: except KeyError: # nosec(cjschaef): no 'user' key or 'tenantId' in
# 'user', attempt to retrive from 'token' or return None
pass pass
# pre diablo # pre diablo
try: try:
return self['token']['tenantId'] return self['token']['tenantId']
except KeyError: except KeyError: # nosec(cjschaef): no 'token' key or 'tenantId'
# could be found, return None
pass pass
@property @property

6
keystoneclient/adapter.py
View File

@@ -206,7 +206,8 @@ class LegacyJsonAdapter(Adapter):
try: try:
kwargs['json'] = kwargs.pop('body') kwargs['json'] = kwargs.pop('body')
except KeyError: except KeyError: # nosec(cjschaef): kwargs doesn't contain a 'body'
# key, while 'json' is an optional argument for Session.request
pass pass
resp = super(LegacyJsonAdapter, self).request(*args, **kwargs) resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
@@ -215,7 +216,8 @@ class LegacyJsonAdapter(Adapter):
if resp.text: if resp.text:
try: try:
body = jsonutils.loads(resp.text) body = jsonutils.loads(resp.text)
except ValueError: except ValueError: # nosec(cjschaef): return None for body as
# expected
pass pass
return resp, body return resp, body

11
keystoneclient/base.py
View File

@@ -42,7 +42,8 @@ def getid(obj):
try: try:
if obj.uuid: if obj.uuid:
return obj.uuid return obj.uuid
except AttributeError: except AttributeError: # nosec(cjschaef): 'obj' doesn't contain attribute
# 'uuid', return attribute 'id' or the 'obj'
pass pass
try: try:
return obj.id return obj.id
@@ -131,7 +132,9 @@ class Manager(object):
# unlike other services which just return the list... # unlike other services which just return the list...
try: try:
data = data['values'] data = data['values']
except (KeyError, TypeError): except (KeyError, TypeError): # nosec(cjschaef): keystone data values
# not as expected (see comment above), assumption is that values
# are already returned in a list (so simply utilize that list)
pass pass
return [obj_class(self, res, loaded=True) for res in data if res] return [obj_class(self, res, loaded=True) for res in data if res]
@@ -477,8 +480,8 @@ class Resource(object):
try: try:
setattr(self, k, v) setattr(self, k, v)
self._info[k] = v self._info[k] = v
except AttributeError: except AttributeError: # nosec(cjschaef): we already defined the
# In this case we already defined the attribute on the class # attribute on the class
pass pass
def __getattr__(self, k): def __getattr__(self, k):

10
keystoneclient/common/cms.py
View File

@@ -60,9 +60,15 @@ def _ensure_subprocess():
if patcher.already_patched: if patcher.already_patched:
from eventlet.green import subprocess from eventlet.green import subprocess
else: else:
import subprocess import subprocess # nosec(cjschaef): we must be careful when
# using subprocess.Popen with possibly untrusted data,
# assumption is that the certificate/key files provided are
# trustworthy
except ImportError: except ImportError:
import subprocess # noqa import subprocess # noqa # nosec(cjschaef): we must be careful
# when using subprocess.Popen with possibly untrusted data,
# assumption is that the certificate/key files provided are
# trustworthy
def set_subprocess(_subprocess=None): def set_subprocess(_subprocess=None):

5
keystoneclient/contrib/auth/v3/saml2.py
View File

@@ -13,7 +13,7 @@
import datetime import datetime
import uuid import uuid
from lxml import etree from lxml import etree # nosec(cjschaef): used to create xml, not parse it
from oslo_config import cfg from oslo_config import cfg
from six.moves import urllib from six.moves import urllib
@@ -559,7 +559,8 @@ class ADFSUnscopedToken(_BaseSAMLPlugin):
""" """
try: try:
return bool(session.cookies) return bool(session.cookies)
except AttributeError: except AttributeError: # nosec(cjschaef): fetch cookies from
# underylying requests.Session object, or fail trying
pass pass
return bool(session.session.cookies) return bool(session.session.cookies)

3
keystoneclient/contrib/ec2/utils.py
View File

@@ -71,7 +71,8 @@ class Ec2Signer(object):
if (credentials['params']['X-Amz-Algorithm'] == if (credentials['params']['X-Amz-Algorithm'] ==
'AWS4-HMAC-SHA256'): 'AWS4-HMAC-SHA256'):
return True return True
except KeyError: except KeyError: # nosec(cjschaef): in cases of not finding
# entries, simply return False
pass pass
return False return False

5
keystoneclient/contrib/revoke/model.py
View File

@@ -219,8 +219,9 @@ class RevokeTree(object):
try: try:
if leaf['issued_before'] > token_data['issued_at']: if leaf['issued_before'] > token_data['issued_at']:
return True return True
except KeyError: except KeyError: # nosec(cjschaef): 'issued_before' or
pass # 'issued_at' key doesn't exist, try next leaf
continue
# If we made it out of the loop then no element in revocation tree # If we made it out of the loop then no element in revocation tree
# corresponds to our token and it is good. # corresponds to our token and it is good.
return False return False

28
keystoneclient/httpclient.py
View File

@@ -31,7 +31,7 @@ from positional import positional
import requests import requests
try: try:
import pickle import pickle # nosec(cjschaef): see bug 1534288 for details
# NOTE(sdague): The conditional keyring import needs to only # NOTE(sdague): The conditional keyring import needs to only
# trigger if it's a version of keyring that's supported in global # trigger if it's a version of keyring that's supported in global
@@ -129,7 +129,8 @@ class _KeystoneAdapter(adapter.LegacyJsonAdapter):
# the identity plugin case # the identity plugin case
try: try:
return self.session.auth.get_access(self.session).user_id return self.session.auth.get_access(self.session).user_id
except AttributeError: except AttributeError: # nosec(cjschaef): attempt legacy retrival, or
# return None
pass pass
# there is a case that we explicity allow (tested by our unit tests) # there is a case that we explicity allow (tested by our unit tests)
@@ -138,7 +139,8 @@ class _KeystoneAdapter(adapter.LegacyJsonAdapter):
# a legacy then self.session.auth is a client and we retrieve user_id. # a legacy then self.session.auth is a client and we retrieve user_id.
try: try:
return self.session.auth.user_id return self.session.auth.user_id
except AttributeError: except AttributeError: # nosec(cjschaef): retrivals failed, return
# None
pass pass
return None return None
@@ -629,7 +631,8 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
auth_ref = keyring.get_password("keystoneclient_auth", auth_ref = keyring.get_password("keystoneclient_auth",
keyring_key) keyring_key)
if auth_ref: if auth_ref:
auth_ref = pickle.loads(auth_ref) # nosec auth_ref = pickle.loads(auth_ref) # nosec(cjschaef): see
# bug 1534288
if auth_ref.will_expire_soon(self.stale_duration): if auth_ref.will_expire_soon(self.stale_duration):
# token has expired, don't use it # token has expired, don't use it
auth_ref = None auth_ref = None
@@ -647,7 +650,8 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
try: try:
keyring.set_password("keystoneclient_auth", keyring.set_password("keystoneclient_auth",
keyring_key, keyring_key,
pickle.dumps(self.auth_ref)) pickle.dumps(self.auth_ref)) # nosec
# (cjschaef): see bug 1534288
except Exception as e: except Exception as e:
_logger.warning( _logger.warning(
_LW("Failed to store token into keyring %s"), e) _LW("Failed to store token into keyring %s"), e)
@@ -658,8 +662,8 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
service_type='identity', service_type='identity',
endpoint_type='admin', endpoint_type='admin',
region_name=region_name) region_name=region_name)
except exceptions.EndpointNotFound: except exceptions.EndpointNotFound as e:
pass _logger.debug("Failed to find endpoint for management url %s", e)
def process_token(self, region_name=None): def process_token(self, region_name=None):
"""Extract and process information from the new auth_ref. """Extract and process information from the new auth_ref.
@@ -872,7 +876,8 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
def __getattr__(self, name): def __getattr__(self, name):
try: try:
var_name = self.deprecated_session_variables[name] var_name = self.deprecated_session_variables[name]
except KeyError: except KeyError: # nosec(cjschaef): try adapter variable or raise
# an AttributeError
pass pass
else: else:
warnings.warn( warnings.warn(
@@ -883,7 +888,7 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
try: try:
var_name = self.deprecated_adapter_variables[name] var_name = self.deprecated_adapter_variables[name]
except KeyError: except KeyError: # nosec(cjschaef): raise an AttributeError
pass pass
else: else:
warnings.warn( warnings.warn(
@@ -897,7 +902,8 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
def __setattr__(self, name, val): def __setattr__(self, name, val):
try: try:
var_name = self.deprecated_session_variables[name] var_name = self.deprecated_session_variables[name]
except KeyError: except KeyError: # nosec(cjschaef): try adapter variable or call
# parent class's __setattr__
pass pass
else: else:
warnings.warn( warnings.warn(
@@ -908,7 +914,7 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
try: try:
var_name = self.deprecated_adapter_variables[name] var_name = self.deprecated_adapter_variables[name]
except KeyError: except KeyError: # nosec(cjschaef): call parent class's __setattr__
pass pass
else: else:
warnings.warn( warnings.warn(

32
keystoneclient/service_catalog.py
View File

@@ -157,7 +157,7 @@ class ServiceCatalog(object):
if service_name: if service_name:
try: try:
sn = service['name'] sn = service['name']
except KeyError: except KeyError: # nosec(cjschaef)
# assume that we're in v3.0-v3.2 and don't have the name in # assume that we're in v3.0-v3.2 and don't have the name in
# the catalog. Skip the check. # the catalog. Skip the check.
pass pass
@@ -268,29 +268,29 @@ class ServiceCatalog(object):
try: try:
return urls[0] return urls[0]
except Exception: except Exception:
pass
if service_name and region_name: if service_name and region_name:
msg = (_('%(endpoint_type)s endpoint for %(service_type)s service ' msg = (_('%(endpoint_type)s endpoint for %(service_type)s '
'named %(service_name)s in %(region_name)s region not ' 'service named %(service_name)s in %(region_name)s '
'found') % 'region not found') %
{'endpoint_type': endpoint_type, {'endpoint_type': endpoint_type,
'service_type': service_type, 'service_name': service_name, 'service_type': service_type,
'service_name': service_name,
'region_name': region_name}) 'region_name': region_name})
elif service_name: elif service_name:
msg = (_('%(endpoint_type)s endpoint for %(service_type)s service ' msg = (_('%(endpoint_type)s endpoint for %(service_type)s '
'named %(service_name)s not found') % 'service named %(service_name)s not found') %
{'endpoint_type': endpoint_type, {'endpoint_type': endpoint_type,
'service_type': service_type, 'service_type': service_type,
'service_name': service_name}) 'service_name': service_name})
elif region_name: elif region_name:
msg = (_('%(endpoint_type)s endpoint for %(service_type)s service ' msg = (_('%(endpoint_type)s endpoint for %(service_type)s '
'in %(region_name)s region not found') % 'service in %(region_name)s region not found') %
{'endpoint_type': endpoint_type, {'endpoint_type': endpoint_type,
'service_type': service_type, 'region_name': region_name}) 'service_type': service_type,
'region_name': region_name})
else: else:
msg = (_('%(endpoint_type)s endpoint for %(service_type)s service ' msg = (_('%(endpoint_type)s endpoint for %(service_type)s '
'not found') % 'service not found') %
{'endpoint_type': endpoint_type, {'endpoint_type': endpoint_type,
'service_type': service_type}) 'service_type': service_type})
@@ -343,7 +343,7 @@ class ServiceCatalogV2(ServiceCatalog):
try: try:
token['user_id'] = self.catalog['user']['id'] token['user_id'] = self.catalog['user']['id']
token['tenant_id'] = self.catalog['token']['tenant']['id'] token['tenant_id'] = self.catalog['token']['tenant']['id']
except Exception: except KeyError: # nosec(cjschaef)
# just leave the tenant and user out if it doesn't exist # just leave the tenant and user out if it doesn't exist
pass pass
return token return token
@@ -410,7 +410,7 @@ class ServiceCatalogV3(ServiceCatalog):
project = self.catalog.get('project') project = self.catalog.get('project')
if project: if project:
token['tenant_id'] = project['id'] token['tenant_id'] = project['id']
except Exception: except KeyError: # nosec(cjschaef)
# just leave the domain, project and user out if it doesn't exist # just leave the domain, project and user out if it doesn't exist
pass pass
return token return token

10
keystoneclient/session.py
View File

@@ -72,7 +72,7 @@ def _remove_service_catalog(body):
data['access']['serviceCatalog'] = '<removed>' data['access']['serviceCatalog'] = '<removed>'
return jsonutils.dumps(data) return jsonutils.dumps(data)
except Exception: except Exception: # nosec(cjschaef): multiple exceptions can be raised
# Don't fail trying to clean up the request body. # Don't fail trying to clean up the request body.
pass pass
return body return body
@@ -392,7 +392,7 @@ class Session(object):
try: try:
connection_params = self.get_auth_connection_params(auth=auth) connection_params = self.get_auth_connection_params(auth=auth)
except exceptions.MissingAuthPlugin: except exceptions.MissingAuthPlugin: # nosec(cjschaef)
# NOTE(jamielennox): If we've gotten this far without an auth # NOTE(jamielennox): If we've gotten this far without an auth
# plugin then we should be happy with allowing no additional # plugin then we should be happy with allowing no additional
# connection params. This will be the typical case for plugins # connection params. This will be the typical case for plugins
@@ -579,7 +579,8 @@ class Session(object):
'timeout', 'session', 'original_ip', 'user_agent'): 'timeout', 'session', 'original_ip', 'user_agent'):
try: try:
params[attr] = kwargs.pop(attr) params[attr] = kwargs.pop(attr)
except KeyError: except KeyError: # nosec(cjschaef): we are brute force
# identifying possible attributes for kwargs
pass pass
return cls._make(**params) return cls._make(**params)
@@ -725,7 +726,8 @@ class Session(object):
for arg in ('cert', 'verify'): for arg in ('cert', 'verify'):
try: try:
kwargs[arg] = params_copy.pop(arg) kwargs[arg] = params_copy.pop(arg)
except KeyError: except KeyError: # nosec(cjschaef): we are brute force
# identifying and removing values in params_copy
pass pass
if params_copy: if params_copy:

6
keystoneclient/utils.py
View File

@@ -33,7 +33,8 @@ def find_resource(manager, name_or_id):
# first try the entity as a string # first try the entity as a string
try: try:
return manager.get(name_or_id) return manager.get(name_or_id)
except (exceptions.NotFound): except (exceptions.NotFound): # nosec(cjschaef): try to find 'name_or_id'
# as a six.binary_type instead
pass pass
# finally try to find entity by name # finally try to find entity by name
@@ -94,7 +95,8 @@ def prompt_user_password():
# Check for Ctl-D # Check for Ctl-D
try: try:
password = getpass.getpass('Password: ') password = getpass.getpass('Password: ')
except EOFError: except EOFError: # nosec(cjschaef): return password, which is None if
# password was not found
pass pass
return password return password

4
tox.ini
View File

@@ -19,12 +19,12 @@ whitelist_externals = find
[testenv:pep8] [testenv:pep8]
commands = commands =
flake8 flake8
bandit -c bandit.yaml -r keystoneclient -n5 -p gate bandit -r keystoneclient -x tests -n5
[testenv:bandit] [testenv:bandit]
# NOTE(browne): This is required for the integration test job of the bandit # NOTE(browne): This is required for the integration test job of the bandit
# project. Please do not remove. # project. Please do not remove.
commands = bandit -c bandit.yaml -r keystoneclient -n5 -p gate commands = bandit -r keystoneclient -x tests -n5
[testenv:venv] [testenv:venv]
commands = {posargs} commands = {posargs}