Bump bandit version
Bandit 1.6.0 changes the behavior of the '-x' option so that it now supports glob patterns. Update our tox file to use to correctly exclude test code from bandit scans. This requires bumping our minimum bandit version. For additional details, refer to ML Thread[1] [1] http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006116.html Change-Id: I0b61934067bfb69ed3375f14bb1e05c9eeb694ad
This commit is contained in:
parent
7af13ef613
commit
0554ee1d47
@ -4,7 +4,7 @@ amqp==2.2.2
|
||||
appdirs==1.4.3
|
||||
asn1crypto==0.24.0
|
||||
automaton==1.14.0
|
||||
bandit==1.1.0
|
||||
bandit==1.6.0
|
||||
bcrypt==3.1.4
|
||||
cachetools==2.0.1
|
||||
castellan==0.16.0
|
||||
|
@ -18,5 +18,7 @@ testresources>=2.0.0 # Apache-2.0/BSD
|
||||
testscenarios>=0.4 # Apache-2.0/BSD
|
||||
oslo.versionedobjects[fixtures]>=1.31.2 # Apache-2.0
|
||||
tempest>=17.1.0 # Apache-2.0
|
||||
bandit>=1.1.0 # Apache-2.0
|
||||
# bandit is not included in upper-constraints,
|
||||
# so we need to pin it here to a known working version
|
||||
bandit==1.6.0 # Apache-2.0
|
||||
reno>=2.5.0 # Apache-2.0
|
||||
|
4
tox.ini
4
tox.ini
@ -157,12 +157,12 @@ commands = python {toxinidir}/tools/generate_driver_list.py
|
||||
[testenv:bandit]
|
||||
basepython = python3
|
||||
deps = -r{toxinidir}/test-requirements.txt
|
||||
commands = bandit -r cinder -n5 -x tests -ll
|
||||
commands = bandit -r cinder -n5 -x cinder/tests/* -ll
|
||||
|
||||
[testenv:bandit-baseline]
|
||||
basepython = python3
|
||||
envdir = {toxworkdir}/bandit
|
||||
commands = bandit-baseline -r cinder -n5 -x tests -ii -ll
|
||||
commands = bandit-baseline -r cinder -n5 -x cinder/tests/* -ii -ll
|
||||
|
||||
[testenv:bindep]
|
||||
# Do not install any requirements. We want this to be fast and work even if
|
||||
|
Loading…
Reference in New Issue
Block a user