Bandit 1.8.2 fixed this issue, will close
** Changed in: neutron
Status: In Progress => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2093849
Title:
bandit showing false-positives in neutron gate
Status in neutron:
Invalid
Bug description:
There was a release of bandit just a bit ago, version 1.8.1, and it's
showing false-positives on three parts of the Neutron config option
code [0].
Here's a copy/paste of one of the three warnings:
>> Issue: [B106:hardcoded_password_funcarg] Possible hardcoded password:
'True'
Severity: Low Confidence: Medium
CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
More Info:
https://bandit.readthedocs.io/en/1.8.1/plugins/b106_hardcoded_password_funcarg.html
Location: neutron/conf/agent/l3/ha.py:31:4
29 choices=keepalived.VALID_AUTH_TYPES,
30 help=_('VRRP authentication type')),
31 cfg.StrOpt('ha_vrrp_auth_password',
32 help=_('VRRP authentication password'),
33 secret=True),
34 cfg.IntOpt('ha_vrrp_advert_int',
35 default=2,
I have filed a bug against bandit [1], but until it is fixed we will
need to just skip B106 warnings.
[0]
https://841dd7e2b2b859ed9ff3-366866aa9d538c0b3646b6906ab7db5b.ssl.cf5.rackcdn.com/938853/2/gate/openstack-tox-pep8/7b7a7c8/job-output.txt
[1] https://github.com/PyCQA/bandit/issues/1216
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2093849/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
