Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add test for regression and fix directory exclusion without wildcards #489

Merged
merged 8 commits into from May 26, 2019

Conversation

Projects
None yet
4 participants
@mattjegan
Copy link
Contributor

commented May 9, 2019

Fixes #488

I've added a test to make sure that both wildcard directory exclusion and the 1.5.1 version of directory exclusion work.

@ericwb ericwb added this to the Release 1.6.1 milestone May 9, 2019

openstack-gerrit pushed a commit to openstack/python-openstackclient that referenced this pull request May 10, 2019

Blacklist Bandit 1.6.0 due to directory exclusion bug
Bandit 1.6.0 introduces a regression[0] with the -x option, a fix
is expected to be included in 1.6.1 soon.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Change-Id: I110829ef960e3ee146f47871ef076491244bf4fa
Signed-off-by: Dean Troyer <dtroyer@gmail.com>

openstack-gerrit added a commit to openstack/openstack that referenced this pull request May 10, 2019

Update git submodules
* Update python-openstackclient from branch 'master'
  - Blacklist Bandit 1.6.0 due to directory exclusion bug
    
    Bandit 1.6.0 introduces a regression[0] with the -x option, a fix
    is expected to be included in 1.6.1 soon.
    
    [0] PyCQA/bandit#488
    [1] PyCQA/bandit#489
    
    Change-Id: I110829ef960e3ee146f47871ef076491244bf4fa
    Signed-off-by: Dean Troyer <dtroyer@gmail.com>
@ericwb

This comment has been minimized.

Copy link
Member

commented May 10, 2019

I tested locally, and unfortunately this isn't restoring the exclude behavior that was available on 1.5.1.

1.5.1:

browne-a02:workspace browne$ bandit/.tox/py36/bin/bandit -r column/ -x tests

[main]	INFO	profile include tests: None
[main]	INFO	profile exclude tests: None
[main]	INFO	cli include tests: None
[main]	INFO	cli exclude tests: None
[main]	INFO	running on Python 3.6.7
Run started:2019-05-10 05:13:12.790455

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 1100
...

1.6.0+PR489

browne-a02:workspace browne$ bandit/.tox/py36/bin/bandit -r column/ -x tests
[main]	INFO	profile include tests: None
[main]	INFO	profile exclude tests: None
[main]	INFO	cli include tests: None
[main]	INFO	cli exclude tests: None
[main]	INFO	running on Python 3.6.7
Run started:2019-05-10 05:19:46.158749

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 1395
...
@ericwb

This comment has been minimized.

Copy link
Member

commented May 10, 2019

However, it I prepend column, then the exclude does work. But that wasn't required before in 1.5.1

browne-a02:workspace browne$ bandit/.tox/py36/bin/bandit -r column/ -x column/tests
[main]	INFO	profile include tests: None
[main]	INFO	profile exclude tests: None
[main]	INFO	cli include tests: None
[main]	INFO	cli exclude tests: None
[main]	INFO	running on Python 3.6.7
Run started:2019-05-10 05:19:51.807202

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 1100
@mattjegan

This comment has been minimized.

Copy link
Contributor Author

commented May 10, 2019

Thanks for the review, when I get the chance I'll add more tests and fix for this.

openstack-gerrit pushed a commit to openstack/neutron that referenced this pull request May 10, 2019

Brian Haley
Blacklist bandit 1.6.0 due to directory exclusion bug
Bandit 1.6.0 introduces a regression[0] with the -x option,
a fix is expected to be included in 1.6.1 soon.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Change-Id: Id944054deedd545c34fc28ccf043dd72e5f31220

openstack-gerrit added a commit to openstack/openstack that referenced this pull request May 10, 2019

Update git submodules
* Update neutron from branch 'master'
  - Blacklist bandit 1.6.0 due to directory exclusion bug
    
    Bandit 1.6.0 introduces a regression[0] with the -x option,
    a fix is expected to be included in 1.6.1 soon.
    
    [0] PyCQA/bandit#488
    [1] PyCQA/bandit#489
    
    Change-Id: Id944054deedd545c34fc28ccf043dd72e5f31220

openstack-gerrit pushed a commit to openstack/neutron-lib that referenced this pull request May 10, 2019

Brian Haley
Blacklist bandit 1.6.0 due to directory exclusion bug
Bandit 1.6.0 introduces a regression[0] with the -x option,
a fix is expected to be included in 1.6.1 soon.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Change-Id: Id29f06b68a95f53ad62bdc597bbb0f12bc4d6a60

openstack-gerrit added a commit to openstack/openstack that referenced this pull request May 10, 2019

Update git submodules
* Update neutron-lib from branch 'master'
  - Blacklist bandit 1.6.0 due to directory exclusion bug
    
    Bandit 1.6.0 introduces a regression[0] with the -x option,
    a fix is expected to be included in 1.6.1 soon.
    
    [0] PyCQA/bandit#488
    [1] PyCQA/bandit#489
    
    Change-Id: Id29f06b68a95f53ad62bdc597bbb0f12bc4d6a60

openstack-gerrit pushed a commit to openstack/keystone that referenced this pull request May 11, 2019

Blacklist bandit 1.6.0
There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Change-Id: Ie4dbfb3f54e4aac00e0537d5760b7a8fc81b35a2

openstack-gerrit added a commit to openstack/openstack that referenced this pull request May 11, 2019

Update git submodules
* Update keystone from branch 'master'
  - Blacklist bandit 1.6.0
    
    There's a regression[0] in bandit 1.6.0 which causes bandit to stop
    respecting excluded directories, and our tests throw a bunch of
    violations. Blacklist this version, but allow newer versions as there is
    already a pull request[1] to fix it, and I expect it will be included in
    the next release.
    
    [0] PyCQA/bandit#488
    [1] PyCQA/bandit#489
    
    Change-Id: Ie4dbfb3f54e4aac00e0537d5760b7a8fc81b35a2

openstack-gerrit pushed a commit to openstack/keystone that referenced this pull request May 13, 2019

Blacklist bandit 1.6.0
There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Change-Id: Ie4dbfb3f54e4aac00e0537d5760b7a8fc81b35a2
(cherry picked from commit ebac833)

openstack-gerrit pushed a commit to openstack/oslo.policy that referenced this pull request May 14, 2019

Cap Bandit below 1.6.0 and update Sphinx requirement
Bandit 1.6.0 accidentally changed how the exclusion list option is
handled and breaks our use of it. Cap to the previous version until
Bandit has fixed the problem.

Sphinx 2.0 no longer works on python 2.7, so we need to start capping
it there as well.

Change-Id: Idead9b4198c6b05d72bae60dee06e5aebc223822
Reference: PyCQA/bandit#489

openstack-gerrit added a commit to openstack/openstack that referenced this pull request May 14, 2019

Update git submodules
* Update oslo.policy from branch 'master'
  - Cap Bandit below 1.6.0 and update Sphinx requirement
    
    Bandit 1.6.0 accidentally changed how the exclusion list option is
    handled and breaks our use of it. Cap to the previous version until
    Bandit has fixed the problem.
    
    Sphinx 2.0 no longer works on python 2.7, so we need to start capping
    it there as well.
    
    Change-Id: Idead9b4198c6b05d72bae60dee06e5aebc223822
    Reference: PyCQA/bandit#489

openstack-gerrit pushed a commit to openstack/keystone that referenced this pull request May 14, 2019

Blacklist bandit 1.6.0
There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Change-Id: Ie4dbfb3f54e4aac00e0537d5760b7a8fc81b35a2
(cherry picked from commit ebac833)

openstack-gerrit pushed a commit to openstack/keystone that referenced this pull request May 14, 2019

Blacklist bandit 1.6.0
There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Change-Id: Ie4dbfb3f54e4aac00e0537d5760b7a8fc81b35a2
(cherry picked from commit ebac833)

openstack-gerrit pushed a commit to openstack/keystone that referenced this pull request May 14, 2019

Blacklist bandit 1.6.0
There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Change-Id: Ie4dbfb3f54e4aac00e0537d5760b7a8fc81b35a2
(cherry picked from commit ebac833)

openstack-gerrit pushed a commit to openstack/oslo.cache that referenced this pull request May 14, 2019

Cap Bandit below 1.6.0 and update Sphinx requirement
Bandit 1.6.0 accidentally changed how the exclusion list option is
handled and breaks our use of it. Cap to the previous version until
Bandit has fixed the problem.

Sphinx 2.0 no longer works on python 2.7, so we need to start capping
it there as well.

Change-Id: I4ee88377e7123c165434765a73f27cabec8c8177
Reference: PyCQA/bandit#489

openstack-gerrit added a commit to openstack/openstack that referenced this pull request May 14, 2019

Update git submodules
* Update oslo.cache from branch 'master'
  - Cap Bandit below 1.6.0 and update Sphinx requirement
    
    Bandit 1.6.0 accidentally changed how the exclusion list option is
    handled and breaks our use of it. Cap to the previous version until
    Bandit has fixed the problem.
    
    Sphinx 2.0 no longer works on python 2.7, so we need to start capping
    it there as well.
    
    Change-Id: I4ee88377e7123c165434765a73f27cabec8c8177
    Reference: PyCQA/bandit#489

openstack-gerrit pushed a commit to openstack/keystone that referenced this pull request May 14, 2019

Blacklist bandit 1.6.0
There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Change-Id: Ie4dbfb3f54e4aac00e0537d5760b7a8fc81b35a2
(cherry picked from commit ebac833)
@mattjegan

This comment has been minimized.

Copy link
Contributor Author

commented May 14, 2019

@ericwb This PR is ready for a re-review

@ericwb
Copy link
Member

left a comment

Sorry, this change still isn't excluding files that Bandit would have exclude in 1.5.1. I ran your patch again and got this result:

browne-a02:workspace browne$ bandit/.tox/py36/bin/bandit -r column/ -x tests
[main]	INFO	profile include tests: None
[main]	INFO	profile exclude tests: None
[main]	INFO	cli include tests: None
[main]	INFO	cli exclude tests: None
[main]	INFO	running on Python 3.6.7
Run started:2019-05-14 17:59:55.499331

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 1395
	Total lines skipped (#nosec): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0.0
		Low: 0.0
		Medium: 0.0
		High: 0.0
	Total issues (by confidence):
		Undefined: 0.0
		Low: 0.0
		Medium: 0.0
		High: 0.0
Files skipped (0):

In 1.5.1, the total scanned lines comes out to 1100 instead of 1395.

@@ -363,7 +366,8 @@ def _is_file_included(path, included_globs, excluded_path_strings,
# if this is matches a glob of files we look at, and it isn't in an
# excluded path
if _matches_glob_list(path, included_globs) or not enforce_glob:
if not _matches_glob_list(path, excluded_path_strings):
if not _matches_glob_list(path, excluded_path_strings) and \

This comment has been minimized.

Copy link
@ericwb

ericwb May 14, 2019

Member

Nit: It's preferable to use ( ) instead of \

openstack-gerrit pushed a commit to openstack/oslo.db that referenced this pull request May 14, 2019

Cap Bandit below 1.6.0 and update Sphinx requirement
Bandit 1.6.0 accidentally changed how the exclusion list option is
handled and breaks our use of it. Cap to the previous version until
Bandit has fixed the problem.

Sphinx 2.0 no longer works on python 2.7, so we need to start capping
it there as well.

Change-Id: If86c82e0f4a519baca664af79352846c4af9a01c
Reference: PyCQA/bandit#489

openstack-gerrit pushed a commit to openstack/heat that referenced this pull request May 16, 2019

Blacklist bandit 1.6.0 and cap Sphinx on Python2
There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.

Also fix the requirements job which was broken by
https://review.opendev.org/657890 adding a cap on Sphinx on Python 2.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Change-Id: Ieabcd4e8c5e5354125a63e89b9b60931c760858a
(cherry picked from commit 011fa22)

openstack-gerrit pushed a commit to openstack/python-openstackclient that referenced this pull request May 16, 2019

Stable branch combination fix
We have two dueling problems in the stable branches that have to be
fixed at the same time:

* bandit 1.6.0
* sphinx 2.0

This is a squash of the two cherry-picks from master:

----------
Blacklist Bandit 1.6.0 due to directory exclusion bug

Bandit 1.6.0 introduces a regression[0] with the -x option, a fix
is expected to be included in 1.6.1 soon.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Signed-off-by: Dean Troyer <dtroyer@gmail.com>
(cherry picked from commit 6385d64)

----------

Update sphinx requirement.

Sphinx 2.0 no longer works on python 2.7, start cappingit there as well.

(cherry picked from commit f179117)

Change-Id: I0076645d9e1a2429efce39f51ceea679fa6c13cb

openstack-gerrit pushed a commit to openstack/python-openstackclient that referenced this pull request May 17, 2019

Stable branch combination fix
We have two dueling problems in the stable branches that have to be
fixed at the same time:

* bandit 1.6.0
* sphinx 2.0

This is a squash of the two cherry-picks from master:

----------
Blacklist Bandit 1.6.0 due to directory exclusion bug

Bandit 1.6.0 introduces a regression[0] with the -x option, a fix
is expected to be included in 1.6.1 soon.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Signed-off-by: Dean Troyer <dtroyer@gmail.com>
(cherry picked from commit 6385d64)

----------

Update sphinx requirement.

Sphinx 2.0 no longer works on python 2.7, start cappingit there as well.

(cherry picked from commit f179117)

Change-Id: I0076645d9e1a2429efce39f51ceea679fa6c13cb

openstack-gerrit pushed a commit to openstack/python-openstackclient that referenced this pull request May 17, 2019

Stable branch combination fix
We have two dueling problems in the stable branches that have to be
fixed at the same time:

* bandit 1.6.0
* sphinx 2.0

This is a squash of the two cherry-picks from master:

----------
Blacklist Bandit 1.6.0 due to directory exclusion bug

Bandit 1.6.0 introduces a regression[0] with the -x option, a fix
is expected to be included in 1.6.1 soon.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Signed-off-by: Dean Troyer <dtroyer@gmail.com>
(cherry picked from commit 6385d64)

----------

Update sphinx requirement.

Sphinx 2.0 no longer works on python 2.7, start cappingit there as well.

(cherry picked from commit f179117)

Change-Id: I0076645d9e1a2429efce39f51ceea679fa6c13cb

openstack-gerrit pushed a commit to openstack/heat that referenced this pull request May 17, 2019

gao.hanxiang
Blacklist bandit 1.6.0 and cap Sphinx on Python2
There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.

Also fix the requirements job which was broken by
https://review.opendev.org/657890 adding a cap on Sphinx on Python 2.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Change-Id: Ieabcd4e8c5e5354125a63e89b9b60931c760858a
(cherry picked from commit 011fa22)

openstack-gerrit pushed a commit to openstack/networking-midonet that referenced this pull request May 20, 2019

Blacklist bandit 1.6.0 due to directory exclusion bug
Taken from: https://review.opendev.org/#/c/658233/
See also:
    https://review.opendev.org/#/c/658476/
    PyCQA/bandit#488
    PyCQA/bandit#489

This commit includes the following unrelated changes
to pass the gate.
----------------------------------------
Update sphinx requirements

After the recent change in the global requirements. [1]

[1] If558f184c959e4b63b56dec3ca1571d1034cfe5c

Closes-Bug: #1829118
Change-Id: I41ffeebb52d094d85089fd74b89505a0e73535b1
----------------------------------------
Depends-On: https://review.opendev.org/#/c/659294/
----------------------------------------

Closes-Bug: #1829117
Change-Id: I24e5a2ed3dfbe6ae4b6825d29844f77c3572f044

openstack-gerrit added a commit to openstack/openstack that referenced this pull request May 20, 2019

Update git submodules
* Update networking-midonet from branch 'master'
  - Blacklist bandit 1.6.0 due to directory exclusion bug
    
    Taken from: https://review.opendev.org/#/c/658233/
    See also:
        https://review.opendev.org/#/c/658476/
        PyCQA/bandit#488
        PyCQA/bandit#489
    
    This commit includes the following unrelated changes
    to pass the gate.
    ----------------------------------------
    Update sphinx requirements
    
    After the recent change in the global requirements. [1]
    
    [1] If558f184c959e4b63b56dec3ca1571d1034cfe5c
    
    Closes-Bug: #1829118
    Change-Id: I41ffeebb52d094d85089fd74b89505a0e73535b1
    ----------------------------------------
    Depends-On: https://review.opendev.org/#/c/659294/
    ----------------------------------------
    
    Closes-Bug: #1829117
    Change-Id: I24e5a2ed3dfbe6ae4b6825d29844f77c3572f044

openstack-gerrit added a commit to openstack/openstack that referenced this pull request May 20, 2019

Update git submodules
* Update networking-ovn from branch 'master'
  - Merge "Blacklist bandit 1.6.0 due to directory exclusion bug"
  - Blacklist bandit 1.6.0 due to directory exclusion bug
    
    Bandit 1.6.0 introduces a regression[0] with the -x option,
    a fix is expected to be included in 1.6.1 soon.
    
    [0] PyCQA/bandit#488
    [1] PyCQA/bandit#489
    
    This also reverts 7a1de107d58ad72119945c4477c3551cc060324b
    which changed tox.ini to use the incorrect argument.
    
    Change-Id: Ifc2cc9c15ccc93ce947f8bfefce83d58fd06f5a1

openstack-gerrit pushed a commit to openstack/networking-ovn that referenced this pull request May 20, 2019

Blacklist bandit 1.6.0 due to directory exclusion bug
Bandit 1.6.0 introduces a regression[0] with the -x option,
a fix is expected to be included in 1.6.1 soon.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

This also reverts 7a1de10
which changed tox.ini to use the incorrect argument.

Change-Id: Ifc2cc9c15ccc93ce947f8bfefce83d58fd06f5a1

openstack-gerrit pushed a commit to openstack/magnum that referenced this pull request May 21, 2019

Blacklist bandit 1.6.0 and cap Sphinx on Python2
There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.

Also fix the requirements job which was broken by
https://review.opendev.org/657890 adding a cap on Sphinx on Python 2.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Co-Authored-By: Jake Yip <jake.yip@unimelb.edu.au>

Task: 33401
Story: 2005740

Change-Id: I34dc36c5236debc42424073af2c2d2104e18179a

openstack-gerrit added a commit to openstack/openstack that referenced this pull request May 21, 2019

Update git submodules
* Update magnum from branch 'master'
  - Blacklist bandit 1.6.0 and cap Sphinx on Python2
    
    There's a regression[0] in bandit 1.6.0 which causes bandit to stop
    respecting excluded directories, and our tests throw a bunch of
    violations. Blacklist this version, but allow newer versions as there is
    already a pull request[1] to fix it, and I expect it will be included in
    the next release.
    
    Also fix the requirements job which was broken by
    https://review.opendev.org/657890 adding a cap on Sphinx on Python 2.
    
    [0] PyCQA/bandit#488
    [1] PyCQA/bandit#489
    
    Co-Authored-By: Jake Yip <jake.yip@unimelb.edu.au>
    
    Task: 33401
    Story: 2005740
    
    Change-Id: I34dc36c5236debc42424073af2c2d2104e18179a

openstack-gerrit pushed a commit to openstack/oslo.cache that referenced this pull request May 21, 2019

Cap Bandit below 1.6.0 and update Sphinx requirement
Bandit 1.6.0 accidentally changed how the exclusion list option is
handled and breaks our use of it. Cap to the previous version until
Bandit has fixed the problem.

Sphinx 2.0 no longer works on python 2.7, so we need to start capping
it there as well.

Change-Id: I4ee88377e7123c165434765a73f27cabec8c8177
Reference: PyCQA/bandit#489
(cherry picked from commit 3e06753)
@ericwb

This comment has been minimized.

Copy link
Member

commented May 22, 2019

@mattjegan Sorry for my late reply. It does look like you're testing the same way as me. Let me retry again.

@@ -363,7 +366,8 @@ def _is_file_included(path, included_globs, excluded_path_strings,
# if this is matches a glob of files we look at, and it isn't in an
# excluded path
if _matches_glob_list(path, included_globs) or not enforce_glob:
if not _matches_glob_list(path, excluded_path_strings):
if (not _matches_glob_list(path, excluded_path_strings)
and not any(x in path for x in excluded_path_strings)):

This comment has been minimized.

Copy link
@ericwb

ericwb May 22, 2019

Member

Can you please move the and up on the previous line? This gets flagged as pep8 W503 in my IDE (yeah, we should probably be checking in pep8 in tox.ini)

This comment has been minimized.

Copy link
@mattjegan

mattjegan May 22, 2019

Author Contributor

No worries, fixed in be614aa

@ericwb

This comment has been minimized.

Copy link
Member

commented May 26, 2019

I tried this again, in Linux env instead of Mac and it checks out.

@ericwb ericwb merged commit 047e6bf into PyCQA:master May 26, 2019

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

openstack-gerrit pushed a commit to openstack/python-neutronclient that referenced this pull request May 28, 2019

Blacklist bandit 1.6.0 due to directory exclusion bug
Bandit 1.6.0 introduces a regression[0] with the -x option,
a fix is expected to be included in 1.6.1 soon.

This commit also aligns Sphinx requirement with the requirements
project [2]. This is required to pass requirements-check.
The lower bound for sphinx was missing and requirements-check
now requires it, so the lower bound sphinx >=1.6.2 was added.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489
[2] https://review.opendev.org/#/c/657890/

Change-Id: I937cfa722f5234ca4d5506047001d9cb07728cd8

openstack-gerrit added a commit to openstack/openstack that referenced this pull request May 28, 2019

Update git submodules
* Update python-neutronclient from branch 'master'
  - Blacklist bandit 1.6.0 due to directory exclusion bug
    
    Bandit 1.6.0 introduces a regression[0] with the -x option,
    a fix is expected to be included in 1.6.1 soon.
    
    This commit also aligns Sphinx requirement with the requirements
    project [2]. This is required to pass requirements-check.
    The lower bound for sphinx was missing and requirements-check
    now requires it, so the lower bound sphinx >=1.6.2 was added.
    
    [0] PyCQA/bandit#488
    [1] PyCQA/bandit#489
    [2] https://review.opendev.org/#/c/657890/
    
    Change-Id: I937cfa722f5234ca4d5506047001d9cb07728cd8

nectar-gerrit pushed a commit to NeCTAR-RC/magnum that referenced this pull request May 29, 2019

Blacklist bandit 1.6.0 and cap Sphinx on Python2
There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.

Also fix the requirements job which was broken by
https://review.opendev.org/657890 adding a cap on Sphinx on Python 2.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Change-Id: I34dc36c5236debc42424073af2c2d2104e18179a

openstack-gerrit pushed a commit to openstack/oslo.cache that referenced this pull request May 29, 2019

Cap Bandit below 1.6.0 and update Sphinx requirement
Bandit 1.6.0 accidentally changed how the exclusion list option is
handled and breaks our use of it. Cap to the previous version until
Bandit has fixed the problem.

Sphinx 2.0 no longer works on python 2.7, so we need to start capping
it there as well.

Change-Id: I4ee88377e7123c165434765a73f27cabec8c8177
Reference: PyCQA/bandit#489
(cherry picked from commit 03f1840)

openstack-gerrit pushed a commit to openstack/heat that referenced this pull request May 30, 2019

Blacklist bandit 1.6.0 and cap Sphinx on Python2
There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.

Also fix the requirements job which was broken by
https://review.opendev.org/657890 adding a cap on Sphinx on Python 2.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Change-Id: Ieabcd4e8c5e5354125a63e89b9b60931c760858a
(cherry picked from commit 011fa22)

openstack-gerrit pushed a commit to openstack/magnum that referenced this pull request Jun 4, 2019

gao.hanxiang
Blacklist bandit 1.6.0 and cap Sphinx on Python2
There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.

Also fix the requirements job which was broken by
https://review.opendev.org/657890 adding a cap on Sphinx on Python 2.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Co-Authored-By: Jake Yip <jake.yip@unimelb.edu.au>

Task: 33401
Story: 2005740

Change-Id: I34dc36c5236debc42424073af2c2d2104e18179a
(cherry picked from commit 913636b)

openstack-gerrit pushed a commit to openstack/heat that referenced this pull request Jun 5, 2019

Blacklist bandit 1.6.0 and cap Sphinx on Python2
There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.

Ignore the bandit check B413, which was added in bandit 1.5.0 and
prevents importing PyCrypto. PyCrypto wasn't removed from Heat until
Queens.

Also fix the requirements job which was broken by
https://review.opendev.org/657890 adding a cap on Sphinx on Python 2.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Change-Id: Ieabcd4e8c5e5354125a63e89b9b60931c760858a
Co-Authored-By: Zane Bitter <zbitter@redhat.com>
Depends-On: https://review.opendev.org/662335
(cherry picked from commit 011fa22)

openstack-gerrit pushed a commit to openstack/kolla that referenced this pull request Jun 6, 2019

Blacklist bandit 1.6.0
There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Change-Id: I4429614a57fb512fe2bfdf0686c3eff0adc2a2f4

openstack-gerrit added a commit to openstack/openstack that referenced this pull request Jun 6, 2019

Update git submodules
* Update kolla from branch 'master'
  - Merge "Blacklist bandit 1.6.0"
  - Blacklist bandit 1.6.0
    
    There's a regression[0] in bandit 1.6.0 which causes bandit to stop
    respecting excluded directories, and our tests throw a bunch of
    violations. Blacklist this version, but allow newer versions as there is
    already a pull request[1] to fix it, and I expect it will be included in
    the next release.
    
    [0] PyCQA/bandit#488
    [1] PyCQA/bandit#489
    
    Change-Id: I4429614a57fb512fe2bfdf0686c3eff0adc2a2f4
@fungi

This comment has been minimized.

Copy link

commented Jun 9, 2019

An ever-increasing number of projects are needing to add and backport 1.6.0 exclusions until this fix appears in a new release. Any chance of tagging something along the lines of a 1.6.1 hotfix release in the near future?

openstack-gerrit pushed a commit to openstack/magnum that referenced this pull request Jun 12, 2019

gao.hanxiang
Blacklist bandit 1.6.0 and cap Sphinx on Python2
There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.

Also fix the requirements job which was broken by
https://review.opendev.org/657890 adding a cap on Sphinx on Python 2.

[0] PyCQA/bandit#488
[1] PyCQA/bandit#489

Co-Authored-By: Jake Yip <jake.yip@unimelb.edu.au>

Task: 33401
Story: 2005740

Change-Id: I34dc36c5236debc42424073af2c2d2104e18179a
(cherry picked from commit 913636b)
(cherry picked from commit eec7184)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.