kolla

Bandit #nosec tags should be applied in a few instances

Bug #1577498 reported by Travis McPeak
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla
Fix Released
Critical
Travis McPeak
kolla newton-2 "n2"
Liberty
Won't Fix
Critical
Travis McPeak
kolla 1.1.3 "liberty"
Mitaka
Won't Fix
Critical
Travis McPeak
kolla 2.0.4 "mitaka"

Bug Description

There are a couple of places (Jinja usage in kolla/cmd/build.py and Except/Pass in setup.py) that should have Bandit #nosec tags applied. I have examined that these aren't issues and we should use #nosec tags to make sure Bandit doesn't find these issues anymore.

Revision history for this message
Steven Dake (sdake) wrote :

link for backporting: https://review.openstack.org/310869

Changed in kolla:
status: New → Confirmed
importance: Undecided → Critical
assignee: nobody → Travis McPeak (travis-mcpeak)
milestone: none → newton-1
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla (master)

Reviewed: https://review.openstack.org/310869
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=cc33c103d412d5032ba638d0894f45528f2db2b7
Submitter: Jenkins
Branch: master

commit cc33c103d412d5032ba638d0894f45528f2db2b7
Author: Travis McPeak <email address hidden>
Date: Thu Apr 28 12:27:51 2016 -0500

    Adding a few #nosec tags to prepare for Bandit usage

    This commit adds a few #nosec tags for non-issues. I've examined
    the code and determined that these don't represent security issues
    so we should add a #nosec tag that tells Bandit not to find these
    issues in the future.

    Closes-Bug: #1577498
    Change-Id: Ic37216c08442c700c64118c78cfb46e6cedd237c

Changed in kolla:
status: In Progress → Fix Released
Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/kolla 3.0.0.0b1

This issue was fixed in the openstack/kolla 3.0.0.0b1 development milestone.

Steven Dake (sdake)
Changed in kolla:
milestone: newton-1 → newton-2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.