Bandit profile updates

We'd like to use the same "gate" profile for all OpenStack gate jobs, so the "keystone_conservative" job which we were running as part of the gate is change to "gate. The other profiles that aren't used as part of the gate are removed. Change-Id: I3dac68804bfa4930ac0dc6b4edeedd888577f3e5
2016-01-13 11:47:37 -06:00 · 2016-01-13 11:47:37 -06:00 · 1200d7a24d
commit 1200d7a24d
parent 650531310c
2 changed files with 2 additions and 17 deletions
--- a/bandit.yaml
+++ b/bandit.yaml
@ -29,7 +29,7 @@ exclude_dirs:
    - '/tests/'

 profiles:
-    keystone_conservative:
+    gate:
        include:
            - blacklist_functions
            - blacklist_imports
@ -40,21 +40,6 @@ profiles:
            - linux_commands_wildcard_injection
            - ssl_with_bad_version

-
-    keystone_verbose:
-        include:
-            - blacklist_functions
-            - blacklist_imports
-            - request_with_no_cert_validation
-            - exec_used
-            - set_bad_file_permissions
-            - hardcoded_tmp_directory
-            - subprocess_popen_with_shell_equals_true
-            - any_other_function_with_shell_equals_true
-            - linux_commands_wildcard_injection
-            - ssl_with_bad_version
-            - ssl_with_bad_defaults
-
 blacklist_functions:
    bad_name_sets:
        - pickle:
--- a/tox.ini
+++ b/tox.ini
@ -30,7 +30,7 @@ commands = oslo_debug_helper {posargs}

 [testenv:bandit]
 deps = -r{toxinidir}/test-requirements.txt
-commands = bandit -c bandit.yaml -r keystonemiddleware -n5 -p keystone_conservative
+commands = bandit -c bandit.yaml -r keystonemiddleware -n5 -p gate

 [flake8]
 # NOTE(lbragstad): Even though we aren't ignoring any hacking checks, we have