Implement gating via Bandit
Implement gate via bandit. Bandit is a security linting tool produced by the OpenStack security team.
The first step is to add tox support for Bandit. The second is to add it as a nonvoting gate to the Magnum project.
Blueprint information
- Status:
- Complete
- Approver:
- Steven Dake
- Priority:
- Medium
- Drafter:
- Steven Dake
- Direction:
- Approved
- Assignee:
- Steven Dake
- Definition:
- Approved
- Series goal:
- Accepted for kilo
- Implementation:
- Implemented
- Milestone target:
- k3
- Started by
- Steven Dake
- Completed by
- Steven Dake
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Add Bandit security lint checking via tox
Addressed by: https:/
Use yaml.safe_loader unstead of yaml.loader
Addressed by: https:/
Remove unsafe usage of eval
Addressed by: https:/
Validate scheme used in urlopen
Gerrit topic: https:/
Addressed by: https:/
Eliminate eval from swagger in k8sclient
What work is remaining before we can mark this BP as "implemented"? --adrian_otto
It is marked as implemented but I think there is some rework underway relating to the secure deserialize functionality. It is unclear if Madhuri is satisfied with Zane's solution for eval, or if further work is needed. Madhuri could you commnet? --sdake
Gerrit topic: https:/