networking-midonet

bandit complaint about hardcoded password

Bug #1829117 reported by YAMAMOTO Takashi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
networking-midonet
Fix Released
Critical
YAMAMOTO Takashi
networking-midonet 9.0.0

Bug Description

eg. http://logs.openstack.org/87/199387/134/check/openstack-tox-pep8/25787f7/job-output.txt.gz

2019-05-10 14:00:17.371359 | ubuntu-bionic | Test results:
2019-05-10 14:00:17.371549 | ubuntu-bionic | >> Issue: [B105:hardcoded_password_string] Possible hardcoded password: 'testtest'
2019-05-10 14:00:17.371671 | ubuntu-bionic | Severity: Low Confidence: Medium
2019-05-10 14:00:17.371835 | ubuntu-bionic | Location: midonet/neutron/tests/unit/test_extension_bgp.py:42
2019-05-10 14:00:17.372059 | ubuntu-bionic | More Info: https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html
2019-05-10 14:00:17.372154 | ubuntu-bionic | 40 AUTH_TYPE_MD5 = "md5"
2019-05-10 14:00:17.372252 | ubuntu-bionic | 41 AUTH_TYPE_NONE = "none"
2019-05-10 14:00:17.372364 | ubuntu-bionic | 42 FAKE_AUTH_PASSWORD = "testtest"
2019-05-10 14:00:17.372484 | ubuntu-bionic | 43 ADD_BGP_PEER_ACTION = "add_bgp_peer"
2019-05-10 14:00:17.372612 | ubuntu-bionic | 44 REMOVE_BGP_PEER_ACTION = "remove_bgp_peer"
2019-05-10 14:00:17.372659 | ubuntu-bionic |
2019-05-10 14:00:17.372783 | ubuntu-bionic | --------------------------------------------------
2019-05-10 14:00:17.372826 | ubuntu-bionic |
2019-05-10 14:00:17.372891 | ubuntu-bionic | Code scanned:
2019-05-10 14:00:17.372984 | ubuntu-bionic | Total lines of code: 7964
2019-05-10 14:00:17.373086 | ubuntu-bionic | Total lines skipped (#nosec): 2
2019-05-10 14:00:17.373130 | ubuntu-bionic |
2019-05-10 14:00:17.373193 | ubuntu-bionic | Run metrics:
2019-05-10 14:00:17.373283 | ubuntu-bionic | Total issues (by severity):
2019-05-10 14:00:17.373353 | ubuntu-bionic | Undefined: 0.0
2019-05-10 14:00:17.373413 | ubuntu-bionic | Low: 1.0
2019-05-10 14:00:17.373478 | ubuntu-bionic | Medium: 0.0
2019-05-10 14:00:17.373546 | ubuntu-bionic | High: 0.0
2019-05-10 14:00:17.373651 | ubuntu-bionic | Total issues (by confidence):
2019-05-10 14:00:17.373727 | ubuntu-bionic | Undefined: 0.0
2019-05-10 14:00:17.373789 | ubuntu-bionic | Low: 0.0
2019-05-10 14:00:17.373856 | ubuntu-bionic | Medium: 1.0
2019-05-10 14:00:17.373920 | ubuntu-bionic | High: 0.0
2019-05-10 14:00:17.373997 | ubuntu-bionic | Files skipped (0):
2019-05-10 14:00:17.441925 | ubuntu-bionic | ERROR: InvocationError for command /home/zuul/src/opendev.org/openstack/networking-midonet/.tox/pep8/bin/bandit -r midonet -x midonet/neutron/tests -n5 (exited with code 1)
2019-05-10 14:00:17.442150 | ubuntu-bionic | pep8 finish: run-test after 96.14 seconds
2019-05-10 14:00:17.443315 | ubuntu-bionic | pep8 start: run-test-post
2019-05-10 14:00:17.443483 | ubuntu-bionic | pep8 finish: run-test-post after 0.00 seconds

Tags: gate-failure
YAMAMOTO Takashi (yamamoto)
tags: added: gate-failure
Changed in networking-midonet:
importance: Undecided → Critical
Revision history for this message
YAMAMOTO Takashi (yamamoto) wrote :

https://review.opendev.org/#/c/659216/

Changed in networking-midonet:
assignee: nobody → YAMAMOTO Takashi (yamamoto)
status: New → In Progress
milestone: none → 9.0.0
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-midonet (master)

Reviewed: https://review.opendev.org/659216
Committed: https://git.openstack.org/cgit/openstack/networking-midonet/commit/?id=6293ad5829827513d1f9df4207e3a2bac823c619
Submitter: Zuul
Branch: master

commit 6293ad5829827513d1f9df4207e3a2bac823c619
Author: YAMAMOTO Takashi <email address hidden>
Date: Wed May 15 13:49:41 2019 +0900

    Blacklist bandit 1.6.0 due to directory exclusion bug

    Taken from: https://review.opendev.org/#/c/658233/
    See also:
        https://review.opendev.org/#/c/658476/
        PyCQA/bandit#488
        PyCQA/bandit#489

    This commit includes the following unrelated changes
    to pass the gate.
    ----------------------------------------
    Update sphinx requirements

    After the recent change in the global requirements. [1]

    [1] If558f184c959e4b63b56dec3ca1571d1034cfe5c

    Closes-Bug: #1829118
    Change-Id: I41ffeebb52d094d85089fd74b89505a0e73535b1
    ----------------------------------------
    Depends-On: https://review.opendev.org/#/c/659294/
    ----------------------------------------

    Closes-Bug: #1829117
    Change-Id: I24e5a2ed3dfbe6ae4b6825d29844f77c3572f044

Changed in networking-midonet:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/networking-midonet 9.0.0.0b1

This issue was fixed in the openstack/networking-midonet 9.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.