diff options
| author | Christopher J Schaefer <cjschaef@us.ibm.com> | 2016-03-11 15:55:06 -0600 |
|---|---|---|
| committer | Christopher J Schaefer <cjschaef@us.ibm.com> | 2016-04-19 10:35:00 -0500 |
| commit | dbf4f3164655ec69a830ed87db0769f01ac1f720 (patch) | |
| tree | cb93fd0797e8ea00d6faa94f01adddc6bd7083c1 /keystoneclient/contrib | |
| parent | 91d1053f6811d454c538c85ea601dc700a56b4b3 (diff) | |
| download | python-keystoneclient-dbf4f3164655ec69a830ed87db0769f01ac1f720.tar.gz | |
Removing bandit.yaml in favor of defaults
Removing old configuration options for build-in defaults of latest
bandit functionality. Also, marking flagged items with _# nosec_
with a descriptive comment on why the code is acceptable as is.
Co-Authored-By: Christopher J Schaefer <cjschaef@us.ibm.com>
Co-Authored-By: Tom Cocozzello <tjcocozz@us.ibm.com>
Change-Id: I138ebd46a8be195177361a9c3306bb70423b639d
Diffstat (limited to 'keystoneclient/contrib')
| -rw-r--r-- | keystoneclient/contrib/auth/v3/saml2.py | 5 | ||||
| -rw-r--r-- | keystoneclient/contrib/ec2/utils.py | 3 | ||||
| -rw-r--r-- | keystoneclient/contrib/revoke/model.py | 5 |
3 files changed, 8 insertions, 5 deletions
diff --git a/keystoneclient/contrib/auth/v3/saml2.py b/keystoneclient/contrib/auth/v3/saml2.py index c42d3b6..bc8f11e 100644 --- a/keystoneclient/contrib/auth/v3/saml2.py +++ b/keystoneclient/contrib/auth/v3/saml2.py @@ -13,7 +13,7 @@ import datetime import uuid -from lxml import etree +from lxml import etree # nosec(cjschaef): used to create xml, not parse it from oslo_config import cfg from six.moves import urllib @@ -559,7 +559,8 @@ class ADFSUnscopedToken(_BaseSAMLPlugin): """ try: return bool(session.cookies) - except AttributeError: + except AttributeError: # nosec(cjschaef): fetch cookies from + # underylying requests.Session object, or fail trying pass return bool(session.session.cookies) diff --git a/keystoneclient/contrib/ec2/utils.py b/keystoneclient/contrib/ec2/utils.py index ed7ec28..2906abe 100644 --- a/keystoneclient/contrib/ec2/utils.py +++ b/keystoneclient/contrib/ec2/utils.py @@ -71,7 +71,8 @@ class Ec2Signer(object): if (credentials['params']['X-Amz-Algorithm'] == 'AWS4-HMAC-SHA256'): return True - except KeyError: + except KeyError: # nosec(cjschaef): in cases of not finding + # entries, simply return False pass return False diff --git a/keystoneclient/contrib/revoke/model.py b/keystoneclient/contrib/revoke/model.py index ecdea42..98c9017 100644 --- a/keystoneclient/contrib/revoke/model.py +++ b/keystoneclient/contrib/revoke/model.py @@ -219,8 +219,9 @@ class RevokeTree(object): try: if leaf['issued_before'] > token_data['issued_at']: return True - except KeyError: - pass + except KeyError: # nosec(cjschaef): 'issued_before' or + # 'issued_at' key doesn't exist, try next leaf + continue # If we made it out of the loop then no element in revocation tree # corresponds to our token and it is good. return False |