neutron

OpenStack Bandit scanner violations

Bug #1759250 reported by Pavlukhin Max on 2018-03-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Medium	Pavlukhin Max

Bug Description

There are two issues to fix: B101 assert_used and the B108: hardcoded_tmp_directory found by OpenStack Bandit scanner.

Files with B108 (hardcore_tmp_directory):
neutron/agent/linux/keepalived.py

Files with B101 (assert_used):
    neutron/common/_deprecate.py
    neutron/common/rpc.py
    neutron/db/api.py
    neutron/pecan_wsgi/controllers/root.py

See original description

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-03-27: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/556838

Changed in neutron:
assignee:	nobody → Pavlukhin Max (mpavlukhin)
status:	New → In Progress

Pavlukhin Max (mpavlukhin) on 2018-03-27

description:

updated

Pavlukhin Max (mpavlukhin) on 2018-03-27

summary:	- Bandit scanner violations + OpenStack Bandit scanner violations
description:	updated

Swaminathan Vasudevan (swaminathan-vasudevan) on 2018-03-27

Changed in neutron:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-03-28: Change abandoned on neutron (master)

Change abandoned by Max Pavlukhin (<email address hidden>) on branch: master
Review: https://review.openstack.org/556838

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-03-28: Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/557366

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-03-28:

Related fix proposed to branch: master
Review: https://review.openstack.org/557367

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-11: Related fix merged to neutron (master)

Reviewed: https://review.openstack.org/557366
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=6e6166bda47bd1fc8687340e479a913e7fc0ed58
Submitter: Zuul
Branch: master

commit 6e6166bda47bd1fc8687340e479a913e7fc0ed58
Author: Max <email address hidden>
Date: Thu Mar 15 19:05:55 2018 +0400

Replace assert to raise AssertionError

    This patch is a fix for the issue B101 assert_used found by bandit
    scanner:
    https://docs.openstack.org/bandit/latest/plugins/b101_assert_used.html
    As assert functionality could be turned off by the -O option for python
    interpreter, assert statements were replaced to raise AssertionError.

The main reasoning for that is rest code after assert could be not
ready for values that assert filters.

Change-Id: I92a871b1b496c96c0c76cb37e4dda51bfc007e38
Related-Bug: #1759250

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-13: Change abandoned on neutron (master)

Change abandoned by Max Pavlukhin (<email address hidden>) on branch: master
Review: https://review.openstack.org/557367

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-18: Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/562271

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-24: Change abandoned on neutron (master)

Change abandoned by Pavlukhin Max (<email address hidden>) on branch: master
Review: https://review.openstack.org/562271

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-24: Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/563956

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-24: Change abandoned on neutron (master)

#10

Change abandoned by Pavlukhin Max (<email address hidden>) on branch: master
Review: https://review.openstack.org/563956

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-24: Related fix proposed to neutron (master)

#11

Related fix proposed to branch: master
Review: https://review.openstack.org/563958

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-24: Change abandoned on neutron (master)

#12

Change abandoned by Max Pavlukhin (<email address hidden>) on branch: master
Review: https://review.openstack.org/563958

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-24: Related fix proposed to neutron (master)

#13

Related fix proposed to branch: master
Review: https://review.openstack.org/563960

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-24: Change abandoned on neutron (master)

#14

Change abandoned by Max Pavlukhin (<email address hidden>) on branch: master
Review: https://review.openstack.org/563960

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-24: Related fix proposed to neutron (master)

#15

Related fix proposed to branch: master
Review: https://review.openstack.org/563970

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-24: Change abandoned on neutron (master)

#16

Change abandoned by Max Pavlukhin (<email address hidden>) on branch: master
Review: https://review.openstack.org/563970
Reason: wrong author

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-24: Related fix proposed to neutron (master)

#17

Related fix proposed to branch: master
Review: https://review.openstack.org/563971

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-25: Related fix merged to neutron (master)

#18

Reviewed: https://review.openstack.org/563971
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=f6b0f7635c222029fc1b554dffceb579b3e4a846
Submitter: Zuul
Branch: master

commit f6b0f7635c222029fc1b554dffceb579b3e4a846
Author: Max Pavlukhin <email address hidden>
Date: Tue Apr 24 17:04:15 2018 +0400

Eliminate possible insecure usage of temp file/directory

This patch is a fix for the issue B108: hardcoded_tmp_directory
found by bandit scanner.

The main reasoning for that is the need for safely creating
a temporary file or directory.

Change-Id: I4277e9196b9b707b83bb298faeccb59f07d6f10b
Related-Bug: #1759250

Brian Haley (brian-haley) on 2022-11-08

Changed in neutron:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.