Bump bandit version

This patch bumps bandit allowed version to >=1.6.0,<1.7.0 in order to avoid the errors detailed here https://github.com/PyCQA/bandit/pull/393 Change-Id: I0570c916cffc08bcbaebb385a9cc4a4c7038b215 Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
2020-07-24 17:35:09 +02:00 · 2020-07-24 17:35:09 +02:00 · c9f7cd460c
commit c9f7cd460c
parent 6296fce9f8
2 changed files with 8 additions and 4 deletions
--- a/oslo_policy/policy.py
+++ b/oslo_policy/policy.py
@ -956,16 +956,20 @@ class Enforcer(object):
                # If the rule doesn't exist, fail closed
                result = False
            else:
+                # NOTE(moguimar): suppressing [B105:hardcoded_password_string]
+                #                 as token_scope is not actually a hardcoded
+                #                 token.
+
                # Check the scope of the operation against the possible scope
                # attributes provided in `creds`.
                if creds.get('system'):
-                    token_scope = 'system'
+                    token_scope = 'system'  # nosec
                elif creds.get('domain_id'):
-                    token_scope = 'domain'
+                    token_scope = 'domain'  # nosec
                else:
                    # If the token isn't system-scoped or domain-scoped then
                    # we're dealing with a project-scoped token.
-                    token_scope = 'project'
+                    token_scope = 'project'  # nosec

                registered_rule = self.registered_rules.get(rule)
                if registered_rule and registered_rule.scope_types:
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -11,4 +11,4 @@ oslo.context>=2.22.0 # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0

 # Bandit security code scanner
-bandit>=1.1.0,<1.6.0 # Apache-2.0
+bandit>=1.6.0,<1.7.0 # Apache-2.0