In the integration test, a few of the projects fail with "2016-03-08 17:31:32.447 | [main] ERROR Unknown Test found in profile: blacklist_functions". Probably a result of the recent code refactor of the blacklisting.
2016-03-08 17:31:31.191 | + tox -e bandit
2016-03-08 17:31:31.793 | bandit develop-inst-noop: /home/jenkins/workspace/gate-bandit-integration-keystonemiddleware/openstack/keystonemiddleware
2016-03-08 17:31:32.257 | bandit installed: You are using pip version 7.1.0, however version 8.1.0 is available.,You should consider upgrading via the 'pip install --upgrade pip' command.,amqp==1.4.9,anyjson==0.3.3,appdirs==1.4.0,Babel==2.2.0,bandit==0.17.1.dev163,cachetools==1.1.5,contextlib2==0.5.1,coverage==4.0.3,debtcollector==1.3.0,docutils==0.12,enum34==1.1.2,eventlet==0.18.4,extras==0.0.3,fasteners==0.14.1,fixtures==1.4.0,flake8==2.2.4,funcsigs==0.4,futures==3.0.5,futurist==0.13.0,gitdb==0.6.4,GitPython==1.0.2,greenlet==0.4.9,hacking==0.10.2,iso8601==0.1.11,Jinja2==2.8,keystoneauth1==2.3.0,-e git://git.openstack.org/openstack/keystonemiddleware@455d40c89a72499f6250dbe4f9b9513ace5b9be4#egg=keystonemiddleware-master,kombu==3.0.34,linecache2==1.0.0,MarkupSafe==0.23,mccabe==0.2.1,mock==1.3.0,monotonic==1.0,mox3==0.14.0,msgpack-python==0.4.7,netaddr==0.7.18,netifaces==0.10.4,os-client-config==1.16.0,oslo.concurrency==3.6.0,oslo.config==3.9.0,oslo.context==2.2.0,oslo.i18n==3.4.0,oslo.log==3.2.0,oslo.messaging==4.5.0,oslo.middleware==3.7.0,oslo.serialization==2.4.0,oslo.service==1.7.0,oslo.utils==3.7.0,oslosphinx==4.3.0,oslotest==2.3.0,Paste==2.0.2,PasteDeploy==1.5.2,pbr==1.8.1,pep8==1.5.7,pika==0.10.0,pika-pool==0.1.3,positional==1.0.1,prettytable==0.7.2,pycadf==2.1.0,pycrypto==2.6.1,pyflakes==0.8.1,Pygments==2.1.3,pyinotify==0.9.6,pyrsistent==0.11.12,python-dateutil==2.5.0,python-keystoneclient==2.3.1,python-memcached==1.57,python-mimeparse==1.5.1,python-subunit==1.2.0,pytz==2015.7,PyYAML==3.11,reno==1.5.0,repoze.lru==0.6,requests==2.9.1,requests-mock==0.7.0,requestsexceptions==1.1.3,retrying==1.3.3,Routes==2.2,six==1.10.0,smmap==0.9.0,Sphinx==1.2.3,stevedore==1.12.0,testrepository==0.0.20,testresources==1.0.0,testscenarios==0.5.0,testtools==2.0.0,traceback2==1.4.0,unittest2==1.1.0,WebOb==1.5.1,wheel==0.24.0,wrapt==1.10.6
2016-03-08 17:31:32.258 | bandit runtests: PYTHONHASHSEED='956459498'
2016-03-08 17:31:32.258 | bandit runtests: commands[0] | bandit -c bandit.yaml -r keystonemiddleware -n5 -p gate
2016-03-08 17:31:32.446 | [config] WARNING Legacy blacklist data found in config, overriding data plugins
2016-03-08 17:31:32.447 | [main] ERROR Unknown Test found in profile: blacklist_functions
2016-03-08 17:31:32.459 | ERROR: InvocationError: '/home/jenkins/workspace/gate-bandit-integration-keystonemiddleware/openstack/keystonemiddleware/.tox/bandit/bin/bandit -c bandit.yaml -r keystonemiddleware -n5 -p gate'
2016-03-08 17:31:32.459 | ___________________________________ summary ____________________________________
2016-03-08 17:31:32.460 | ERROR: bandit: commands failed
2016-03-08 17:31:32.469 | ERROR: InvocationError: '/bin/bash scripts/integration-test.sh openstack keystonemiddleware ../keystonemiddleware'
The bandit.yaml config file found in the keystonemiddleware (and I expect other projects) contains mislabeled test sections.
I notice that there are also warnings for two other tests with missing config sections: tmp_directory" has been skipped due to missing config "hardcoded_ tmp_directory" .
[tester] WARNING "hardcoded_
[tester] WARNING "try_except_pass" has been skipped due to missing config "try_except_pass".
Two solutions arise: fix or simply remove the config files in these projects, or try to add a special case to bandit to handle these old config files. Leaning toward fixing or removing (in favor of new Bandit funcitonality) of project config files as necessary.