Fix bandit runs with 1.6.0

The -x option for bandit changed in 1.6.0 and now
supports glob patterns so use that to correctly
exclude test code from bandit scans.

Since this change requires bandit>=1.6.0, we have
to also fix the networkx requirement to pass the
requirements-check job so that the networkx requirement
matches what is in global-requirements from change
I0a9700926c9a0db93e782c853c33f1aaee3d4876.

Change-Id: I4fc1166daee5d8739296419216d11d684be27c0a
Closes-Bug: #1828419
This commit is contained in:
Matt Riedemann 2019-05-09 10:02:44 -04:00
parent e2285777e2
commit 838768c76e
3 changed files with 6 additions and 4 deletions

View File

@ -45,6 +45,8 @@ stevedore>=1.28.0 # Apache-2.0
taskflow>=3.1.0 # Apache-2.0 taskflow>=3.1.0 # Apache-2.0
WebOb>=1.8.5 # MIT WebOb>=1.8.5 # MIT
WSME>=0.9.2 # MIT WSME>=0.9.2 # MIT
networkx>=1.11 # BSD # NOTE(fdegir): NetworkX 2.3 dropped support for Python 2
networkx>=1.11,<2.3;python_version<'3.0' # BSD
networkx>=1.11;python_version>='3.4' # BSD
microversion_parse>=0.2.1 # Apache-2.0 microversion_parse>=0.2.1 # Apache-2.0
futurist>=1.8.0 # Apache-2.0 futurist>=1.8.0 # Apache-2.0

View File

@ -13,4 +13,4 @@ testscenarios>=0.5.0 # Apache-2.0/BSD
testtools>=2.3.0 # MIT testtools>=2.3.0 # MIT
stestr>=2.0.0 # Apache-2.0 stestr>=2.0.0 # Apache-2.0
os-api-ref>=1.4.0 # Apache-2.0 os-api-ref>=1.4.0 # Apache-2.0
bandit>=1.1.0 # Apache-2.0 bandit>=1.6.0 # Apache-2.0

View File

@ -25,7 +25,7 @@ basepython = python3
commands = commands =
doc8 doc/source/ CONTRIBUTING.rst HACKING.rst README.rst doc8 doc/source/ CONTRIBUTING.rst HACKING.rst README.rst
flake8 flake8
bandit -r watcher -x tests -n5 -ll -s B320 bandit -r watcher -x watcher/tests/* -n5 -ll -s B320
[testenv:venv] [testenv:venv]
basepython = python3 basepython = python3
@ -103,7 +103,7 @@ commands = sphinx-build -a -W -E -d releasenotes/build/doctrees -b html releasen
[testenv:bandit] [testenv:bandit]
basepython = python3 basepython = python3
deps = -r{toxinidir}/test-requirements.txt deps = -r{toxinidir}/test-requirements.txt
commands = bandit -r watcher -x tests -n5 -ll -s B320 commands = bandit -r watcher -x watcher/tests/* -n5 -ll -s B320
[testenv:lower-constraints] [testenv:lower-constraints]
basepython = python3 basepython = python3