Easily generate a valid configuration file for bandit
Most of the OpenStack projects that use bandit seem to share a similar bandit.yaml configuration file. Basically, they copy/paste the example config file provided by bandit (see bandit/
Updating the configuration when a new release of bandit comes out might be tricky: every project has to manually check what checkers have been added, what part of the configuration has changed, etc. While this makes sense for projects that need fine-tuned configuration, most OpenStack configuration could probably use a generic 'default' configuration.
Apparently, the format of the config file might change in a near future[1]. At least until then, I think it might help to provide developers with a tool that could generate a bandit.yaml configuration suitable for their projects.
I wrote a proof-of-concept [2] that does exactly that. It generates a bandit.yaml file, containing a single profile, with all checks enabled, except those explicitely disabled using an option of the command line.
I'd like this to live in the bandit git repo. It could also use its own configuration file.
[1] http://
[2] https:/
---
Simpler configuration format.
A simpler configuration format could look like this:
$ cat oslo_messaging.yaml
profile_name: gate
exclude_checkers: [assert_used, try_except_pass]
This is clean and simple, and most projects will likely only need this.
We could then add something like this:
blacklist_imports:
_bcg_
bad_
- foobar:
level: HIGH
FOO BAR
to tweak the configuration of the 'blacklist_imports' checker by removing the 'telnet' section and adding the 'foobar' one.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Cyril Roelandt
- Direction:
- Needs approval
- Assignee:
- Travis McPeak
- Definition:
- Approved
- Series goal:
- Accepted for 1.0
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Tim Kelsey
- Completed by
- Travis McPeak
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Add a configuration generator for bandit
tmcpeak (2/4) - We need this to generate profile files and all valid settings in case somebody wants to override something.
tmcpeak (2/25) - We now need to make sure that a profile loading option can parse these files.