yahoo-eng-team team mailing list archive

[Brian Haley <2093849@xxxxxxxxxxxxxxxxxx>]

Bandit 1.8.2 fixed this issue, will close

** Changed in: neutron
       Status: In Progress => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2093849

Title:
  bandit showing false-positives in neutron gate

Status in neutron:
  Invalid

Bug description:
  There was a release of bandit just a bit ago, version 1.8.1, and it's
  showing false-positives on three parts of the Neutron config option
  code [0].

  Here's a copy/paste of one of the three warnings:

  >> Issue: [B106:hardcoded_password_funcarg] Possible hardcoded password: 'True'
     Severity: Low   Confidence: Medium
     CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
     More Info: https://bandit.readthedocs.io/en/1.8.1/plugins/b106_hardcoded_password_funcarg.html
     Location: neutron/conf/agent/l3/ha.py:31:4
  29	               choices=keepalived.VALID_AUTH_TYPES,
  30	               help=_('VRRP authentication type')),
  31	    cfg.StrOpt('ha_vrrp_auth_password',
  32	               help=_('VRRP authentication password'),
  33	               secret=True),
  34	    cfg.IntOpt('ha_vrrp_advert_int',
  35	               default=2,

  I have filed a bug against bandit [1], but until it is fixed we will
  need to just skip B106 warnings.

  [0] https://841dd7e2b2b859ed9ff3-366866aa9d538c0b3646b6906ab7db5b.ssl.cf5.rackcdn.com/938853/2/gate/openstack-tox-pep8/7b7a7c8/job-output.txt
  [1] https://github.com/PyCQA/bandit/issues/1216

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2093849/+subscriptions