Re: [openstack-dev] [oslo][bandit] Handling bandit configuration files in Oslo.

Le 02/11/2015 19:40, Brant Knudson a écrit : (...) by typing something like: $ bandit-conf-generator --disable try_except_pass --out bandit.yaml oslo.messaging ~/openstack/bandit/bandit/config/bandit.yaml (...) we should have a config file for bandit-conf-generator... but then why not

Re: [openstack-dev] [oslo][bandit] Handling bandit configuration files in Oslo.

On 11/03/2015 10:50 AM, Victor Stinner wrote: Hi, I don't like very long command lines, it's hard to document them or comment them. I prefer configuration files. But bandit.yaml, the "template", is already a configuration file!? Yes, the config file provided by bandit is some kind of "enable

Re: [openstack-dev] [oslo][bandit] Handling bandit configuration files in Oslo.

On 11/02/2015 07:32 PM, Davanum Srinivas wrote: If we can add this command directly in our tox.ini and entirely avoid having the bandit.yaml would that be even better? Why not, but it'd have some drawbacks as well: - should the conf generator be broken for some reason, the gate may end up

Re: [openstack-dev] [oslo][bandit] Handling bandit configuration files in Oslo

Hi Cyril, This is a really cool idea. It should be fairly easy to implement and can only help make Bandit more usable. To be honest enhancing the way we're using the 'bandit.yaml' file has been on our list for a while. A tool like this seems like it would be a nice intermediate solution until

Re: [openstack-dev] [oslo][bandit] Handling bandit configuration files in Oslo.

On 11/02/2015 07:40 PM, Brant Knudson wrote: We could use something like this in keystone since we've got a few repositories. There should be a way to document why the test was skipped since otherwise we'll have to figure it out every time we update the file. Putting a comment on the command

Re: [openstack-dev] [oslo][bandit] Handling bandit configuration files in Oslo.

Excerpts from Cyril Roelandt's message of 2015-11-03 16:46:25 +0100: > On 11/02/2015 07:32 PM, Davanum Srinivas wrote: > > > > If we can add this command directly in our tox.ini and entirely avoid > > having the bandit.yaml would that be even better? > > Why not, but it'd have some drawbacks as

Re: [openstack-dev] [oslo][bandit] Handling bandit configuration files in Oslo.

On Tue, Nov 3, 2015 at 9:41 AM, Cyril Roelandt wrote: > On 11/02/2015 07:40 PM, Brant Knudson wrote: > >> >> We could use something like this in keystone since we've got a few >> repositories. There should be a way to document why the test was skipped >> since otherwise we'll

Re: [openstack-dev] [oslo][bandit] Handling bandit configuration files in Oslo.

Cyril, If we can add this command directly in our tox.ini and entirely avoid having the bandit.yaml would that be even better? -- Dims On Mon, Nov 2, 2015 at 1:22 PM, Cyril Roelandt wrote: > Hello, > > The libraries from the Oslo project are used everywhere in OpenStack, >

Re: [openstack-dev] [oslo][bandit] Handling bandit configuration files in Oslo.

On Mon, Nov 2, 2015 at 12:22 PM, Cyril Roelandt wrote: > Hello, > > The libraries from the Oslo project are used everywhere in OpenStack, > which means that a security issue in Olso code might have an impact on a > lot of other projects. This is why I am currently trying to add