Le Fri, Jun 26, 2026 at 09:20:22PM +0200, Caspar Schutijser a écrit :
> Hey,
> 
> On Fri, Jun 26, 2026 at 03:45:13PM +0200, [email protected] wrote:
> > here's a quick ('n'dirty?) port for
> > https://bandit.readthedocs.io/en/latest/ and its dependency
> > https://opendev.org/openstack/stevedore, i've used it on some python
> > codebases and it nicely flags potential security issues in the code.
> > 
> > oks/tests/improvements ?
> 
> I tweaked devel/py-stevedore/pkg/DESCR a little bit (remove a stray '_',
> add an empty line between the two paragraphs and run it through fmt).
> The new file is attached, feel free to use it if you want.
> 
> The indenting of RUN_DEPENDS and TEST_DEPENDS in the bandit Makefile
> looks a bit funny, can you fix that?
> 
> make test works fine for the stevedore port, even though there's the
> "# missing stestr ?" comment in the Makefile.
> https://pypi.org/project/stestr/ suggests that stestr is a tool that can
> be used to execute the tests, but apparently the tests also run without?
> In that case I guess the comment can be removed.
> 
> In the case of bandit, 3 tests fail because of some missing Python
> modules (git, bs4 and sarif_om). Installing py3-beautifulsoup4 solves
> the middle one, I'm not sure how to fix the other two.
> 
> Besides that it looks good to me and it works well.

thanks for the feedback, i've added the two missing TDEPs we have in
ports, now there's only 1 failing test left. I think i've also fixed the
other nits, does this look good to import ?

thoughts on importing it as security/bandit or security/py-bandit ?

Landry

Attachment: bandit-1.9.4_2.tgz
Description: application/tar-gz

Reply via email to