Cyril, If we can add this command directly in our tox.ini and entirely avoid having the bandit.yaml would that be even better?
-- Dims On Mon, Nov 2, 2015 at 1:22 PM, Cyril Roelandt <cy...@redhat.com> wrote: > Hello, > > The libraries from the Oslo project are used everywhere in OpenStack, > which means that a security issue in Olso code might have an impact on a > lot of other projects. This is why I am currently trying to add support > for the bandit[1] static checker in all of the Oslo libraries. > > While reviewing one of my patches[2], Victor Stinner noticed that the > bandit configuration file (bandit.yaml) I proposed, which is basically a > copy of the example config file[3] provided by the bandit project with > some minor changes, might be a bit hard to maintain across all Oslo > projects. Indeed, all configuration files could potentially have to be > changed whenever a new checker is added to bandit, for instance. > > In order to make it easier to keep an up-to-date configuration file, I > quickly wrote a proof of concept[4] that allows developers to generate a > configuration file that fits their needs. One can now generate a working > bandit.yaml configuration file by typing something like: > > $ bandit-conf-generator --disable try_except_pass --out bandit.yaml > oslo.messaging ~/openstack/bandit/bandit/config/bandit.yaml > > Whenever a new version of bandit comes out, one can grab the latest > config file example from the bandit release, and re-run the above > command. The generated config file will include all the new checkers. > > What do you think? Could this be a useful tool to handle bandit > configurations? > > > Cyril Roelandt. > --- > > [1] https://wiki.openstack.org/wiki/Security/Projects/Bandit > [2] https://review.openstack.org/#/c/239666/ > [3] > https://github.com/openstack/bandit/blob/master/bandit/config/bandit.yaml > [4] https://github.com/CyrilRoelandteNovance/bandit_conf_generator > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Davanum Srinivas :: https://twitter.com/dims
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev