From 0554ee1d477cbff4a338524147e9243e823fd43e Mon Sep 17 00:00:00 2001
From: whoami-rajat <rajatdhasmana@gmail.com>
Date: Mon, 13 May 2019 22:51:38 +0530
Subject: [PATCH] Bump bandit version

Bandit 1.6.0 changes the behavior of the '-x' option so that it now
supports glob patterns. Update our tox file to use to correctly exclude
test code from bandit scans. This requires bumping our minimum bandit
version.
For additional details, refer to ML Thread[1]

[1] http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006116.html

Change-Id: I0b61934067bfb69ed3375f14bb1e05c9eeb694ad
---
 lower-constraints.txt | 2 +-
 test-requirements.txt | 4 +++-
 tox.ini               | 4 ++--
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/lower-constraints.txt b/lower-constraints.txt
index 91207aaabcd..99430ffa820 100644
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@@ -4,7 +4,7 @@ amqp==2.2.2
 appdirs==1.4.3
 asn1crypto==0.24.0
 automaton==1.14.0
-bandit==1.1.0
+bandit==1.6.0
 bcrypt==3.1.4
 cachetools==2.0.1
 castellan==0.16.0
diff --git a/test-requirements.txt b/test-requirements.txt
index 76c0a4db58e..5854bf2aaeb 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -18,5 +18,7 @@ testresources>=2.0.0 # Apache-2.0/BSD
 testscenarios>=0.4 # Apache-2.0/BSD
 oslo.versionedobjects[fixtures]>=1.31.2 # Apache-2.0
 tempest>=17.1.0 # Apache-2.0
-bandit>=1.1.0 # Apache-2.0
+# bandit is not included in upper-constraints,
+# so we need to pin it here to a known working version
+bandit==1.6.0 # Apache-2.0
 reno>=2.5.0 # Apache-2.0
diff --git a/tox.ini b/tox.ini
index e3ef23d4bf4..f39df5e5afc 100644
--- a/tox.ini
+++ b/tox.ini
@@ -157,12 +157,12 @@ commands = python {toxinidir}/tools/generate_driver_list.py
 [testenv:bandit]
 basepython = python3
 deps = -r{toxinidir}/test-requirements.txt
-commands = bandit -r cinder -n5 -x tests -ll
+commands = bandit -r cinder -n5 -x cinder/tests/* -ll
 
 [testenv:bandit-baseline]
 basepython = python3
 envdir = {toxworkdir}/bandit
-commands = bandit-baseline -r cinder -n5 -x tests -ii -ll
+commands = bandit-baseline -r cinder -n5 -x cinder/tests/* -ii -ll
 
 [testenv:bindep]
 # Do not install any requirements. We want this to be fast and work even if