Magnum

Implement gating via Bandit

Registered by Steven Dake

Implement gate via bandit. Bandit is a security linting tool produced by the OpenStack security team.

The first step is to add tox support for Bandit. The second is to add it as a nonvoting gate to the Magnum project.

Blueprint information

Status:
Complete
Approver:
Steven Dake
Priority:
Medium
Drafter:
Steven Dake
Direction:
Approved
Assignee:
Steven Dake
Definition:
Approved
Series goal:
Accepted for kilo
Implementation:
Implemented
Milestone target:
milestone icon k3
Started by
Steven Dake
Completed by
Steven Dake

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/gate-bandit,n,z

Addressed by: https://review.openstack.org/171755
    Add Bandit security lint checking via tox

Addressed by: https://review.openstack.org/171756
    Use yaml.safe_loader unstead of yaml.loader

Addressed by: https://review.openstack.org/172750
    Remove unsafe usage of eval

Addressed by: https://review.openstack.org/172758
    Validate scheme used in urlopen

Gerrit topic: https://review.openstack.org/#q,topic:bug/1459717,n,z

Addressed by: https://review.openstack.org/188059
    Eliminate eval from swagger in k8sclient

What work is remaining before we can mark this BP as "implemented"? --adrian_otto

It is marked as implemented but I think there is some rework underway relating to the secure deserialize functionality. It is unclear if Madhuri is satisfied with Zane's solution for eval, or if further work is needed. Madhuri could you commnet? --sdake

Gerrit topic: https://review.openstack.org/#q,topic:bug/1460236,n,z

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.