Hello community, here is the log from the commit of package python-bandit for openSUSE:Factory checked in at 2019-07-24 20:36:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-bandit (Old) and /work/SRC/openSUSE:Factory/.python-bandit.new.4126 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-bandit" Wed Jul 24 20:36:40 2019 rev:4 rq:718178 version:1.6.2 Changes: -------- --- /work/SRC/openSUSE:Factory/python-bandit/python-bandit.changes 2019-05-16 22:11:12.150222973 +0200 +++ /work/SRC/openSUSE:Factory/.python-bandit.new.4126/python-bandit.changes 2019-07-24 20:36:42.210566395 +0200 @@ -1,0 +2,8 @@ +Wed Jul 24 10:13:14 UTC 2019 - [email protected] + +- version update to 1.6.2 + * add test for regression and fix directory exclusion without wildcards (#489) + * add namespaces for parent attributes (#492) + * Performance fix (#502) + +------------------------------------------------------------------- Old: ---- bandit-1.6.0.tar.gz New: ---- bandit-1.6.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-bandit.spec ++++++ --- /var/tmp/diff_new_pack.EJbQZi/_old 2019-07-24 20:36:43.906566209 +0200 +++ /var/tmp/diff_new_pack.EJbQZi/_new 2019-07-24 20:36:43.950566204 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -20,7 +20,7 @@ # Tests require python-hacking, which isn't compatible with pycodestyle %bcond_without builddocs Name: python-bandit -Version: 1.6.0 +Version: 1.6.2 Release: 0 Summary: Security oriented static analyser for Python code License: Apache-2.0 @@ -29,33 +29,33 @@ Source: https://files.pythonhosted.org/packages/source/b/bandit/bandit-%{version}.tar.gz Patch0: remove-non-test-deps.patch BuildRequires: %{python_module GitPython >= 1.0.1} -BuildRequires: %{python_module PyYAML >= 3.10.0} -BuildRequires: %{python_module beautifulsoup4} +BuildRequires: %{python_module PyYAML >= 3.13} +BuildRequires: %{python_module beautifulsoup4 >= 4.6.0} BuildRequires: %{python_module fixtures >= 3.0.0} -BuildRequires: %{python_module mock >= 2.0} +BuildRequires: %{python_module mock >= 2.0.0} BuildRequires: %{python_module pbr >= 1.8} BuildRequires: %{python_module python-subunit >= 0.0.18} BuildRequires: %{python_module setuptools} -BuildRequires: %{python_module six >= 1.9.0} +BuildRequires: %{python_module six >= 1.10.0} BuildRequires: %{python_module stestr >= 1.0.0} -BuildRequires: %{python_module stevedore >= 1.17.1} +BuildRequires: %{python_module stevedore >= 1.20.0} BuildRequires: %{python_module testrepository >= 0.0.18} BuildRequires: %{python_module testscenarios >= 0.4} -BuildRequires: %{python_module testtools >= 1.4.0} +BuildRequires: %{python_module testtools >= 2.2.0} BuildRequires: fdupes BuildRequires: python-rpm-macros # doc requirements %if %{with builddocs} BuildRequires: %{python_module Sphinx >= 1.2.1} BuildRequires: %{python_module oslosphinx >= 4.7.0} -BuildRequires: %{python_module oslotest >= 1.10.0} +BuildRequires: %{python_module oslotest >= 3.2.0} BuildRequires: %{python_module reno >= 1.8.0} %endif Requires: python-GitPython >= 1.0.1 -Requires: python-PyYAML >= 3.10.0 -Requires: python-six >= 1.9.0 +Requires: python-PyYAML >= 3.13 +Requires: python-six >= 1.10.0 Requires: python-stestr >= 1.0.0 -Requires: python-stevedore >= 1.17.1 +Requires: python-stevedore >= 1.20.0 BuildArch: noarch Requires(post): update-alternatives Requires(postun): update-alternatives ++++++ bandit-1.6.0.tar.gz -> bandit-1.6.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.6.0/AUTHORS new/bandit-1.6.2/AUTHORS --- old/bandit-1.6.0/AUTHORS 2019-05-09 09:15:13.000000000 +0200 +++ new/bandit-1.6.2/AUTHORS 2019-07-01 18:41:15.000000000 +0200 @@ -43,6 +43,7 @@ M V P Nitesh <[email protected]> Marek Cermak <[email protected]> Matthew Edmonds <[email protected]> +Matthew Egan <[email protected]> Michael McCune <[email protected]> Michael Spallino <[email protected]> Mickaƫl Schoentgen <[email protected]> @@ -76,9 +77,10 @@ Travis McPeak <[email protected]> Travis McPeak <[email protected]> Travis McPeak <[email protected]> +Tyler Wince <[email protected]> +Tyler Wince <[email protected]> Victor Torre <[email protected]> ZhiQiang Fan <[email protected]> -Zuul <[email protected]> bitcoinhodler <[email protected]> calve <[email protected]> chair6 <[email protected]> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.6.0/ChangeLog new/bandit-1.6.2/ChangeLog --- old/bandit-1.6.0/ChangeLog 2019-05-09 09:15:13.000000000 +0200 +++ new/bandit-1.6.2/ChangeLog 2019-07-01 18:41:14.000000000 +0200 @@ -1,6 +1,17 @@ CHANGES ======= +1.6.2 +----- + +* Performance fix (#502) + +1.6.1 +----- + +* add test for regression and fix directory exclusion without wildcards (#489) +* add namespaces for parent attributes (#492) + 1.6.0 ----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.6.0/PKG-INFO new/bandit-1.6.2/PKG-INFO --- old/bandit-1.6.0/PKG-INFO 2019-05-09 09:15:15.000000000 +0200 +++ new/bandit-1.6.2/PKG-INFO 2019-07-01 18:41:15.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: bandit -Version: 1.6.0 +Version: 1.6.2 Summary: Security oriented static analyser for python code. Home-page: https://bandit.readthedocs.io/en/latest/ Author: PyCQA diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.6.0/bandit/core/manager.py new/bandit-1.6.2/bandit/core/manager.py --- old/bandit-1.6.0/bandit/core/manager.py 2019-05-09 09:06:45.000000000 +0200 +++ new/bandit-1.6.2/bandit/core/manager.py 2019-06-15 08:47:40.000000000 +0200 @@ -190,6 +190,9 @@ # if there are command line provided exclusions add them to the list if excluded_paths: for path in excluded_paths.split(','): + if os.path.isdir(path): + path = os.path.join(path, '*') + excluded_path_globs.append(path) # build list of files we will analyze @@ -363,7 +366,8 @@ # if this is matches a glob of files we look at, and it isn't in an # excluded path if _matches_glob_list(path, included_globs) or not enforce_glob: - if not _matches_glob_list(path, excluded_path_strings): + if (not _matches_glob_list(path, excluded_path_strings) and + not any(x in path for x in excluded_path_strings)): return_value = True return return_value diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.6.0/bandit/core/node_visitor.py new/bandit-1.6.2/bandit/core/node_visitor.py --- old/bandit-1.6.0/bandit/core/node_visitor.py 2018-05-02 22:31:37.000000000 +0200 +++ new/bandit-1.6.2/bandit/core/node_visitor.py 2019-06-15 08:47:40.000000000 +0200 @@ -161,8 +161,10 @@ :return: - ''' self.context['str'] = node.s - if not isinstance(node.parent, ast.Expr): # docstring - self.context['linerange'] = b_utils.linerange_fix(node.parent) + if not isinstance(node._bandit_parent, ast.Expr): # docstring + self.context['linerange'] = b_utils.linerange_fix( + node._bandit_parent + ) self.update_scores(self.tester.run_tests(self.context, 'Str')) def visit_Bytes(self, node): @@ -174,8 +176,10 @@ :return: - ''' self.context['bytes'] = node.s - if not isinstance(node.parent, ast.Expr): # docstring - self.context['linerange'] = b_utils.linerange_fix(node.parent) + if not isinstance(node._bandit_parent, ast.Expr): # docstring + self.context['linerange'] = b_utils.linerange_fix( + node._bandit_parent + ) self.update_scores(self.tester.run_tests(self.context, 'Bytes')) def pre_visit(self, node): @@ -234,10 +238,10 @@ for idx, item in enumerate(value): if isinstance(item, ast.AST): if idx < max_idx: - setattr(item, 'sibling', value[idx + 1]) + setattr(item, '_bandit_sibling', value[idx + 1]) else: - setattr(item, 'sibling', None) - setattr(item, 'parent', node) + setattr(item, '_bandit_sibling', None) + setattr(item, '_bandit_parent', node) if self.pre_visit(item): self.visit(item) @@ -245,8 +249,8 @@ self.post_visit(item) elif isinstance(value, ast.AST): - setattr(value, 'sibling', None) - setattr(value, 'parent', node) + setattr(value, '_bandit_sibling', None) + setattr(value, '_bandit_parent', node) if self.pre_visit(value): self.visit(value) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.6.0/bandit/core/utils.py new/bandit-1.6.2/bandit/core/utils.py --- old/bandit-1.6.0/bandit/core/utils.py 2018-05-02 22:31:37.000000000 +0200 +++ new/bandit-1.6.2/bandit/core/utils.py 2019-06-15 08:47:40.000000000 +0200 @@ -233,11 +233,13 @@ """Try and work around a known Python bug with multi-line strings.""" # deal with multiline strings lineno behavior (Python issue #16806) lines = linerange(node) - if hasattr(node, 'sibling') and hasattr(node.sibling, 'lineno'): + if hasattr(node, '_bandit_sibling') and hasattr( + node._bandit_sibling, 'lineno' + ): start = min(lines) - delta = node.sibling.lineno - start + delta = node._bandit_sibling.lineno - start if delta > 1: - return list(range(start, node.sibling.lineno)) + return list(range(start, node._bandit_sibling.lineno)) return lines @@ -264,8 +266,8 @@ else node.right) bits = [node] - while isinstance(node.parent, ast.BinOp): - node = node.parent + while isinstance(node._bandit_parent, ast.BinOp): + node = node._bandit_parent if isinstance(node, ast.BinOp): _get(node, bits, stop) return (node, " ".join([x.s for x in bits if isinstance(x, ast.Str)])) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.6.0/bandit/formatters/screen.py new/bandit-1.6.2/bandit/formatters/screen.py --- old/bandit-1.6.0/bandit/formatters/screen.py 2019-05-09 09:06:45.000000000 +0200 +++ new/bandit-1.6.2/bandit/formatters/screen.py 2019-07-01 18:39:28.000000000 +0200 @@ -172,8 +172,7 @@ """ bits = [] - issues = manager.get_issue_list(sev_level, conf_level) - if len(issues) or not manager.quiet: + if not manager.quiet or manager.results_count(sev_level, conf_level): bits.append(header("Run started:%s", datetime.datetime.utcnow())) if manager.verbose: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.6.0/bandit/formatters/text.py new/bandit-1.6.2/bandit/formatters/text.py --- old/bandit-1.6.0/bandit/formatters/text.py 2019-05-09 09:06:45.000000000 +0200 +++ new/bandit-1.6.2/bandit/formatters/text.py 2019-07-01 18:39:28.000000000 +0200 @@ -141,9 +141,8 @@ """ bits = [] - issues = manager.get_issue_list(sev_level, conf_level) - if len(issues) or not manager.quiet: + if not manager.quiet or manager.results_count(sev_level, conf_level): bits.append("Run started:%s" % datetime.datetime.utcnow()) if manager.verbose: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.6.0/bandit/plugins/django_xss.py new/bandit-1.6.2/bandit/plugins/django_xss.py --- old/bandit-1.6.0/bandit/plugins/django_xss.py 2018-08-16 19:06:27.000000000 +0200 +++ new/bandit-1.6.2/bandit/plugins/django_xss.py 2019-06-15 08:47:40.000000000 +0200 @@ -227,9 +227,9 @@ if isinstance(xss_var, ast.Name): # Check if the var are secure - parent = node.parent + parent = node._bandit_parent while not isinstance(parent, (ast.Module, ast.FunctionDef)): - parent = parent.parent + parent = parent._bandit_parent is_param = False if isinstance(parent, ast.FunctionDef): @@ -242,17 +242,17 @@ if not is_param: secure = evaluate_var(xss_var, parent, node.lineno) elif isinstance(xss_var, ast.Call): - parent = node.parent + parent = node._bandit_parent while not isinstance(parent, (ast.Module, ast.FunctionDef)): - parent = parent.parent + parent = parent._bandit_parent secure = evaluate_call(xss_var, parent) elif isinstance(xss_var, ast.BinOp): is_mod = isinstance(xss_var.op, ast.Mod) is_left_str = isinstance(xss_var.left, ast.Str) if is_mod and is_left_str: - parent = node.parent + parent = node._bandit_parent while not isinstance(parent, (ast.Module, ast.FunctionDef)): - parent = parent.parent + parent = parent._bandit_parent new_call = transform2call(xss_var) secure = evaluate_call(new_call, parent) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.6.0/bandit/plugins/general_hardcoded_password.py new/bandit-1.6.2/bandit/plugins/general_hardcoded_password.py --- old/bandit-1.6.0/bandit/plugins/general_hardcoded_password.py 2019-05-09 09:06:45.000000000 +0200 +++ new/bandit-1.6.2/bandit/plugins/general_hardcoded_password.py 2019-06-15 08:47:40.000000000 +0200 @@ -85,23 +85,24 @@ """ node = context.node - if isinstance(node.parent, ast.Assign): + if isinstance(node._bandit_parent, ast.Assign): # looks for "candidate='some_string'" - for targ in node.parent.targets: + for targ in node._bandit_parent.targets: if isinstance(targ, ast.Name) and RE_CANDIDATES.search(targ.id): return _report(node.s) - elif isinstance(node.parent, ast.Index) and RE_CANDIDATES.search(node.s): + elif (isinstance(node._bandit_parent, ast.Index) + and RE_CANDIDATES.search(node.s)): # looks for "dict[candidate]='some_string'" # assign -> subscript -> index -> string - assign = node.parent.parent.parent + assign = node._bandit_parent._bandit_parent._bandit_parent if isinstance(assign, ast.Assign) and isinstance(assign.value, ast.Str): return _report(assign.value.s) - elif isinstance(node.parent, ast.Compare): + elif isinstance(node._bandit_parent, ast.Compare): # looks for "candidate == 'some_string'" - comp = node.parent + comp = node._bandit_parent if isinstance(comp.left, ast.Name): if RE_CANDIDATES.search(comp.left.id): if isinstance(comp.comparators[0], ast.Str): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.6.0/bandit/plugins/injection_sql.py new/bandit-1.6.2/bandit/plugins/injection_sql.py --- old/bandit-1.6.0/bandit/plugins/injection_sql.py 2019-05-09 09:06:45.000000000 +0200 +++ new/bandit-1.6.2/bandit/plugins/injection_sql.py 2019-06-15 08:47:40.000000000 +0200 @@ -85,18 +85,19 @@ wrapper = None statement = '' - if isinstance(node.parent, ast.BinOp): - out = utils.concat_string(node, node.parent) - wrapper = out[0].parent + if isinstance(node._bandit_parent, ast.BinOp): + out = utils.concat_string(node, node._bandit_parent) + wrapper = out[0]._bandit_parent statement = out[1] - elif (isinstance(node.parent, ast.Attribute) - and node.parent.attr == 'format'): + elif (isinstance(node._bandit_parent, ast.Attribute) + and node._bandit_parent.attr == 'format'): statement = node.s # Hierarchy for "".format() is Wrapper -> Call -> Attribute -> Str - wrapper = node.parent.parent.parent - elif hasattr(ast, 'JoinedStr') and isinstance(node.parent, ast.JoinedStr): + wrapper = node._bandit_parent._bandit_parent._bandit_parent + elif (hasattr(ast, 'JoinedStr') + and isinstance(node._bandit_parent, ast.JoinedStr)): statement = node.s - wrapper = node.parent.parent + wrapper = node._bandit_parent._bandit_parent if isinstance(wrapper, ast.Call): # wrapped in "execute" call? names = ['execute', 'executemany'] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.6.0/bandit.egg-info/PKG-INFO new/bandit-1.6.2/bandit.egg-info/PKG-INFO --- old/bandit-1.6.0/bandit.egg-info/PKG-INFO 2019-05-09 09:15:13.000000000 +0200 +++ new/bandit-1.6.2/bandit.egg-info/PKG-INFO 2019-07-01 18:41:15.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: bandit -Version: 1.6.0 +Version: 1.6.2 Summary: Security oriented static analyser for python code. Home-page: https://bandit.readthedocs.io/en/latest/ Author: PyCQA diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.6.0/bandit.egg-info/pbr.json new/bandit-1.6.2/bandit.egg-info/pbr.json --- old/bandit-1.6.0/bandit.egg-info/pbr.json 2019-05-09 09:15:13.000000000 +0200 +++ new/bandit-1.6.2/bandit.egg-info/pbr.json 2019-07-01 18:41:15.000000000 +0200 @@ -1 +1 @@ -{"git_version": "823138f", "is_release": false} \ No newline at end of file +{"git_version": "d25f3fc", "is_release": false} \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bandit-1.6.0/tests/unit/core/test_manager.py new/bandit-1.6.2/tests/unit/core/test_manager.py --- old/bandit-1.6.0/tests/unit/core/test_manager.py 2019-05-09 09:06:45.000000000 +0200 +++ new/bandit-1.6.2/tests/unit/core/test_manager.py 2019-06-15 08:47:40.000000000 +0200 @@ -211,6 +211,33 @@ self.assertEqual(['thing'], self.manager.excluded_files) @mock.patch('os.path.isdir') + def test_discover_files_exclude_dir(self, isdir): + isdir.return_value = False + + # Test exclude dir using wildcard + self.manager.discover_files(['./x/y.py'], True, './x/*') + self.assertEqual([], self.manager.files_list) + self.assertEqual(['./x/y.py'], self.manager.excluded_files) + + # Test exclude dir without wildcard + isdir.side_effect = [True, False] + self.manager.discover_files(['./x/y.py'], True, './x/') + self.assertEqual([], self.manager.files_list) + self.assertEqual(['./x/y.py'], self.manager.excluded_files) + + # Test exclude dir without wildcard or trailing slash + isdir.side_effect = [True, False] + self.manager.discover_files(['./x/y.py'], True, './x') + self.assertEqual([], self.manager.files_list) + self.assertEqual(['./x/y.py'], self.manager.excluded_files) + + # Test exclude dir without prefix or suffix + isdir.side_effect = [False, False] + self.manager.discover_files(['./x/y/z.py'], True, 'y') + self.assertEqual([], self.manager.files_list) + self.assertEqual(['./x/y/z.py'], self.manager.excluded_files) + + @mock.patch('os.path.isdir') def test_discover_files_exclude_cmdline(self, isdir): isdir.return_value = False with mock.patch.object(manager, '_is_file_included') as m:
