From ae9e67388706e57561531652145ba187f8870b94 Mon Sep 17 00:00:00 2001
From: Kenneth Giusti <kgiusti@gmail.com>
Date: Wed, 13 Jun 2018 16:19:28 -0400
Subject: [PATCH] Fix the bandit security linter test

Add the bandit security linter test to the pep8 target

Change-Id: I9324b9d9df77fd05c2e10bb48d7ccf8b4c634525
---
 .../_drivers/amqp1_driver/controller.py        |  2 +-
 oslo_messaging/_drivers/common.py              |  8 +++++---
 tox.ini                                        | 18 ++++++++++--------
 3 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/oslo_messaging/_drivers/amqp1_driver/controller.py b/oslo_messaging/_drivers/amqp1_driver/controller.py
index 0583d0e13..e17c76b01 100644
--- a/oslo_messaging/_drivers/amqp1_driver/controller.py
+++ b/oslo_messaging/_drivers/amqp1_driver/controller.py
@@ -783,7 +783,7 @@ class Hosts(object):
             entry.password = entry.password or default_password
             if default_realm and entry.username and '@' not in entry.username:
                 entry.username = entry.username + '@' + default_realm
-        self._current = random.randint(0, len(self._entries) - 1)
+        self._current = random.randint(0, len(self._entries) - 1)  # nosec
 
     @property
     def current(self):
diff --git a/oslo_messaging/_drivers/common.py b/oslo_messaging/_drivers/common.py
index d4b20c447..02e8f7513 100644
--- a/oslo_messaging/_drivers/common.py
+++ b/oslo_messaging/_drivers/common.py
@@ -426,8 +426,9 @@ class ConnectionContext(Connection):
                     LOG.exception(_LE("Fail to reset the connection, drop it"))
                     try:
                         self.connection.close()
-                    except Exception:
-                        pass
+                    except Exception as exc:
+                        LOG.debug("pooled conn close failure (ignored): %s",
+                                  str(exc))
                     self.connection = self.connection_pool.create()
                 finally:
                     self.connection_pool.put(self.connection)
@@ -435,7 +436,8 @@ class ConnectionContext(Connection):
                 try:
                     self.connection.close()
                 except Exception:
-                    pass
+                    LOG.debug("pooled conn close failure (ignored): %s",
+                              str(exc))
             self.connection = None
 
     def __exit__(self, exc_type, exc_value, tb):
diff --git a/tox.ini b/tox.ini
index c6ce87aa0..546535869 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,6 +1,6 @@
 [tox]
 minversion = 2.0
-envlist = py35,py27,pep8,bandit
+envlist = py35,py27,pep8
 
 [testenv]
 setenv =
@@ -17,8 +17,10 @@ commands = python setup.py testr --slowest --testr-args='{posargs}'
 
 [testenv:pep8]
 basepython = python3
-commands = flake8
-deps = hacking<0.11,>=0.10.0
+commands =
+  flake8
+  # run security linter
+  bandit -r oslo_messaging -x tests,_drivers/zmq_driver,_drivers/impl_zmq.py -n5
 
 [testenv:cover]
 basepython = python3
@@ -104,13 +106,13 @@ commands = {toxinidir}/setup-test-env-zmq-proxy.sh python setup.py testr --slowe
 basepython = python2.7
 commands = {toxinidir}/setup-test-env-zmq-pub-sub.sh python setup.py testr --slowest --testr-args='{posargs:oslo_messaging.tests.functional}'
 
+
 [testenv:bandit]
+# NOTE(kgiusti): This is required for the integration test job of the bandit
+# project. Please do not remove.
 basepython = python3
-deps =
-  -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt}
-  -r{toxinidir}/test-requirements.txt
-  -r{toxinidir}/requirements.txt
-commands = bandit -r oslo_messaging -x tests -n5
+# skip ZeroMQ - it is deprecated
+commands = bandit -r oslo_messaging -x tests,_drivers/zmq_driver,_drivers/impl_zmq.py -n5
 
 [flake8]
 show-source = True