Bandit

Unknown Test found in profile: blacklist_functions

Bug #1554632 reported by Eric Brown
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Bandit
Invalid
High
Unassigned
Bandit 1.0

Bug Description

In the integration test, a few of the projects fail with "2016-03-08 17:31:32.447 | [main] ERROR Unknown Test found in profile: blacklist_functions". Probably a result of the recent code refactor of the blacklisting.

2016-03-08 17:31:31.191 | + tox -e bandit
2016-03-08 17:31:31.793 | bandit develop-inst-noop: /home/jenkins/workspace/gate-bandit-integration-keystonemiddleware/openstack/keystonemiddleware
2016-03-08 17:31:32.257 | bandit installed: You are using pip version 7.1.0, however version 8.1.0 is available.,You should consider upgrading via the 'pip install --upgrade pip' command.,amqp==1.4.9,anyjson==0.3.3,appdirs==1.4.0,Babel==2.2.0,bandit==0.17.1.dev163,cachetools==1.1.5,contextlib2==0.5.1,coverage==4.0.3,debtcollector==1.3.0,docutils==0.12,enum34==1.1.2,eventlet==0.18.4,extras==0.0.3,fasteners==0.14.1,fixtures==1.4.0,flake8==2.2.4,funcsigs==0.4,futures==3.0.5,futurist==0.13.0,gitdb==0.6.4,GitPython==1.0.2,greenlet==0.4.9,hacking==0.10.2,iso8601==0.1.11,Jinja2==2.8,keystoneauth1==2.3.0,-e git://git.openstack.org/openstack/keystonemiddleware@455d40c89a72499f6250dbe4f9b9513ace5b9be4#egg=keystonemiddleware-master,kombu==3.0.34,linecache2==1.0.0,MarkupSafe==0.23,mccabe==0.2.1,mock==1.3.0,monotonic==1.0,mox3==0.14.0,msgpack-python==0.4.7,netaddr==0.7.18,netifaces==0.10.4,os-client-config==1.16.0,oslo.concurrency==3.6.0,oslo.config==3.9.0,oslo.context==2.2.0,oslo.i18n==3.4.0,oslo.log==3.2.0,oslo.messaging==4.5.0,oslo.middleware==3.7.0,oslo.serialization==2.4.0,oslo.service==1.7.0,oslo.utils==3.7.0,oslosphinx==4.3.0,oslotest==2.3.0,Paste==2.0.2,PasteDeploy==1.5.2,pbr==1.8.1,pep8==1.5.7,pika==0.10.0,pika-pool==0.1.3,positional==1.0.1,prettytable==0.7.2,pycadf==2.1.0,pycrypto==2.6.1,pyflakes==0.8.1,Pygments==2.1.3,pyinotify==0.9.6,pyrsistent==0.11.12,python-dateutil==2.5.0,python-keystoneclient==2.3.1,python-memcached==1.57,python-mimeparse==1.5.1,python-subunit==1.2.0,pytz==2015.7,PyYAML==3.11,reno==1.5.0,repoze.lru==0.6,requests==2.9.1,requests-mock==0.7.0,requestsexceptions==1.1.3,retrying==1.3.3,Routes==2.2,six==1.10.0,smmap==0.9.0,Sphinx==1.2.3,stevedore==1.12.0,testrepository==0.0.20,testresources==1.0.0,testscenarios==0.5.0,testtools==2.0.0,traceback2==1.4.0,unittest2==1.1.0,WebOb==1.5.1,wheel==0.24.0,wrapt==1.10.6
2016-03-08 17:31:32.258 | bandit runtests: PYTHONHASHSEED='956459498'
2016-03-08 17:31:32.258 | bandit runtests: commands[0] | bandit -c bandit.yaml -r keystonemiddleware -n5 -p gate
2016-03-08 17:31:32.446 | [config] WARNING Legacy blacklist data found in config, overriding data plugins
2016-03-08 17:31:32.447 | [main] ERROR Unknown Test found in profile: blacklist_functions
2016-03-08 17:31:32.459 | ERROR: InvocationError: '/home/jenkins/workspace/gate-bandit-integration-keystonemiddleware/openstack/keystonemiddleware/.tox/bandit/bin/bandit -c bandit.yaml -r keystonemiddleware -n5 -p gate'
2016-03-08 17:31:32.459 | ___________________________________ summary ____________________________________
2016-03-08 17:31:32.460 | ERROR: bandit: commands failed
2016-03-08 17:31:32.469 | ERROR: InvocationError: '/bin/bash scripts/integration-test.sh openstack keystonemiddleware ../keystonemiddleware'

Eric Brown (ericwb)
Changed in bandit:
importance: Undecided → High
milestone: none → 1.0
Revision history for this message
Christopher J Schaefer (cjschaef) wrote :

The bandit.yaml config file found in the keystonemiddleware (and I expect other projects) contains mislabeled test sections.

I notice that there are also warnings for two other tests with missing config sections:
    [tester] WARNING "hardcoded_tmp_directory" has been skipped due to missing config "hardcoded_tmp_directory".
    [tester] WARNING "try_except_pass" has been skipped due to missing config "try_except_pass".

Two solutions arise: fix or simply remove the config files in these projects, or try to add a special case to bandit to handle these old config files. Leaning toward fixing or removing (in favor of new Bandit funcitonality) of project config files as necessary.

Revision history for this message
Christopher J Schaefer (cjschaef) wrote :

The mislabeled test sections I mentioned in comment #1 is the old config files contain "blacklist_functions", which has been replaced with "blacklist_calls".

I went back roughly a year to look at the bandit.yaml included in bandit, to find where it had once been "blacklist_functions", I take it this was never updated in other projects:
https://github.com/openstack/bandit/commit/6e2e387e4fb5a91867e8c7ea46ed8c7357df253a#diff-556fd9544760506ffb560774bfb43e26L49

Revision history for this message
Christopher J Schaefer (cjschaef) wrote :

Eric, Please feel free to take ownership back from me as necessary. I feel removing bandit.yaml from repo's will be our best option, which I see a multitude of patches you've created for that.

Thanks.

Revision history for this message
Travis McPeak (travis-mcpeak) wrote :

Is this still an issue?

Revision history for this message
Stanislaw Pitucha (stanislaw-pitucha) wrote :

Ping. Do we need to look at this? There's been a good number of improvements since 0.17.1, especially with the config generation.
I'm happy to help creating a new config for keystonemiddleware (currently it passes without any issues) if you'd like.

Changed in bandit:
status: New → Incomplete
Revision history for this message
Travis McPeak (travis-mcpeak) wrote :

Re-open if we see this in the future.

Changed in bandit:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.