Tuesday, 2015-07-14

« Monday, 2015-07-13 Index Wednesday, 2015-07-15 »
*** jhfeng has quit IRC00:19
*** tmcpeak1 has quit IRC00:36
*** elo has joined #openstack-security01:39
*** hyakuhei has quit IRC01:40
*** hyakuhei has joined #openstack-security01:41
*** markvoelker has quit IRC01:44
*** browne has quit IRC01:54
*** sdake_ has joined #openstack-security01:55
*** sdake has quit IRC01:59
openstackgerritStanislaw Pitucha proposed openstack/anchor: Allow configurable signing backends  https://review.openstack.org/20139402:01
*** sdake has joined #openstack-security02:25
*** sdake_ has quit IRC02:29
*** sdake_ has joined #openstack-security02:40
*** sdake has quit IRC02:44
*** markvoelker has joined #openstack-security02:54
*** markvoelker has quit IRC02:55
*** markvoelker has joined #openstack-security02:55
*** browne has joined #openstack-security02:55
*** tmcpeak has joined #openstack-security03:04
openstackgerritJamie Finnigan proposed openstack/bandit: Add tool for reporting Bandit OpenStack coverage  https://review.openstack.org/20038303:39
*** sdake has joined #openstack-security04:03
*** sdake_ has quit IRC04:07
*** sdake_ has joined #openstack-security04:10
*** sdake has quit IRC04:13
*** sdake_ is now known as sdake04:13
*** sdake has quit IRC04:22
*** dave-mccowan has quit IRC04:25
*** markvoelker_ has joined #openstack-security04:48
*** markvoelker has quit IRC04:50
*** markvoelker_ has quit IRC04:52
*** markvoelker has joined #openstack-security04:57
*** markvoelker has quit IRC05:03
*** tmcpeak has quit IRC05:05
*** markvoelker has joined #openstack-security05:08
*** markvoelker has quit IRC05:16
*** markvoelker has joined #openstack-security05:22
*** markvoelker has quit IRC05:28
*** shohel has joined #openstack-security06:05
*** shohel has quit IRC06:10
*** elo has quit IRC06:11
*** dlitz has quit IRC06:19
*** dlitz has joined #openstack-security06:22
*** hyakuhei1 has joined #openstack-security07:21
*** hyakuhei has quit IRC07:21
*** browne has quit IRC07:41
*** alex_klimov has joined #openstack-security07:50
*** sdake has joined #openstack-security07:51
*** sdake has quit IRC07:58
openstackgerritStanislaw Pitucha proposed openstack/anchor: Allow configurable signing backends  https://review.openstack.org/20139408:21
openstackgerritStanislaw Pitucha proposed openstack/anchor: Add tests for higher coverage  https://review.openstack.org/20146408:55
*** tkelsey has joined #openstack-security08:59
*** eternus has joined #openstack-security09:46
*** eternus has left #openstack-security09:47
*** shohel has joined #openstack-security10:07
*** salv-orlando has quit IRC10:16
*** openstackgerrit has quit IRC11:09
*** openstackgerrit has joined #openstack-security11:09
*** alex_klimov has quit IRC11:21
*** hyakuhei has joined #openstack-security11:21
*** hyakuhei1 has quit IRC11:21
*** alex_klimov has joined #openstack-security11:29
*** hyakuhei has quit IRC11:52
*** hyakuhei has joined #openstack-security11:52
*** salv-orlando has joined #openstack-security12:08
*** edmondsw has joined #openstack-security12:09
*** openstack has joined #openstack-security12:13
*** edmondsw has quit IRC12:14
*** edmondsw has joined #openstack-security12:19
*** ig0r_ has joined #openstack-security12:23
*** dave-mccowan has joined #openstack-security12:38
*** markvoelker has joined #openstack-security12:43
*** markvoelker has quit IRC12:47
*** shohel has quit IRC12:53
*** markvoelker has joined #openstack-security12:57
*** markvoelker has quit IRC13:01
*** markvoelker has joined #openstack-security13:01
*** markvoelker has quit IRC13:06
*** shohel has joined #openstack-security13:09
*** markvoelker has joined #openstack-security13:10
*** elo has joined #openstack-security13:11
*** shohel has quit IRC13:13
*** singlethink has joined #openstack-security13:18
*** shohel has joined #openstack-security13:27
*** singleth_ has joined #openstack-security13:30
*** singlethink has quit IRC13:33
*** tmcpeak has joined #openstack-security13:40
*** singlethink has joined #openstack-security13:52
*** singleth_ has quit IRC13:56
*** singleth_ has joined #openstack-security13:56
*** singlet__ has joined #openstack-security13:59
*** singlethink has quit IRC13:59
*** markvoelker_ has joined #openstack-security14:00
*** sigmavirus24_awa is now known as sigmavirus2414:01
*** singleth_ has quit IRC14:01
*** markvoelker has quit IRC14:04
*** jhfeng has joined #openstack-security14:10
openstackgerritMerged openstack/bandit: Add tool for reporting Bandit OpenStack coverage  https://review.openstack.org/20038314:12
*** jhfeng has quit IRC14:12
*** browne has joined #openstack-security14:18
*** sdake_ has joined #openstack-security14:24
*** jhfeng has joined #openstack-security14:29
*** voodookid has joined #openstack-security14:29
*** sdake_ is now known as sdae14:37
*** sdae is now known as sdake14:37
openstackgerritTravis McPeak proposed openstack/bandit: Modifying Parmiko Injection plugin  https://review.openstack.org/20159814:45
openstackgerritTravis McPeak proposed openstack/bandit: Modifying Parmiko Injection plugin  https://review.openstack.org/20159814:46
*** markvoelker_ has quit IRC14:49
*** markvoelker has joined #openstack-security14:50
*** sdake has quit IRC14:51
*** sdake has joined #openstack-security14:51
*** markvoelker has quit IRC14:55
*** shohel has quit IRC15:04
*** ig0r_ has quit IRC15:10
*** ig0r__ has joined #openstack-security15:11
*** ig0r_ has joined #openstack-security15:17
*** ig0r__ has quit IRC15:19
*** markvoelker has joined #openstack-security15:26
openstackgerritTravis McPeak proposed openstack/bandit: Modifying Paramiko Injection plugin  https://review.openstack.org/20159815:35
*** hyakuhei has quit IRC15:38
*** hyakuhei has joined #openstack-security15:39
*** bpokorny has joined #openstack-security15:39
*** ig0r__ has joined #openstack-security15:40
*** ig0r_ has quit IRC15:43
*** singlethink has joined #openstack-security15:52
*** jhfeng has quit IRC15:53
*** jesusjl has joined #openstack-security15:55
*** jesusjl has left #openstack-security15:56
*** singlet__ has quit IRC15:56
Davieysigmavirus24: Good feedback, that is much cleaner.  I'll do that in a few hours.16:11
sigmavirus24Daviey: too much indentation annoys me =P16:12
sigmavirus24Also checking for a string to be substituted ain't always fool proof =P16:12
*** singlethink has quit IRC16:13
Davieysigmavirus24: Yeah, i was annoyed on both of those parts.. it felt dirty16:13
sigmavirus24Also that requirements job just gets more and more pedantic, huh?16:14
DavieyYeah, i thought licence was optional16:15
sigmavirus24Daviey: me too.16:15
sigmavirus24Also, lol at a mechanism for keeping projects co-installable when the community is moving towards virtualenv and container based installs which will not have those issues at all16:15
*** alex_klimov has quit IRC16:16
*** shohel has joined #openstack-security16:19
Davieysigmavirus24: Distro's very much still have that problem, and it isn't a bad workflow to standardize IMO16:29
sigmavirus24Daviey: it'd make more sense if we actually tested with versions in the range that aren't just the latest16:29
sigmavirus24i.e., if we had periodic jobs that tested against lowest constraints etc.16:30
sigmavirus24I've seen a few bugs out of Debian/Ubuntu packages relying on the lower limit value in g-r that was wrong and so the wrong version of a dependency was packaged for it16:30
*** singlethink has joined #openstack-security16:52
openstackgerritMerged openstack/bandit: Modifying Paramiko Injection plugin  https://review.openstack.org/20159816:58
*** browne has quit IRC17:04
*** bpokorny has quit IRC17:08
*** bpokorny has joined #openstack-security17:09
*** shohel has quit IRC17:25
*** dwyde has joined #openstack-security17:28
*** shohel has joined #openstack-security17:47
*** dlitz has quit IRC17:47
*** dlitz has joined #openstack-security17:51
*** browne has joined #openstack-security17:53
*** bpokorny_ has joined #openstack-security17:54
*** openstackgerrit has quit IRC17:56
*** openstackgerrit has joined #openstack-security17:56
*** bpokorny has quit IRC17:56
*** tkelsey has quit IRC17:59
*** bpokorny has joined #openstack-security18:01
*** bpokorny has quit IRC18:01
*** bpokorny has joined #openstack-security18:01
*** jmckind has joined #openstack-security18:01
*** jmckind has quit IRC18:02
*** jmckind has joined #openstack-security18:02
*** bpokorny_ has quit IRC18:04
*** dlitz has quit IRC18:13
*** dlitz has joined #openstack-security18:16
*** bpokorny has quit IRC18:25
*** bpokorny has joined #openstack-security18:25
*** mgagne_ has joined #openstack-security18:29
*** sigmavirus24 has quit IRC18:30
*** sigmavirus24 has joined #openstack-security18:30
*** hyakuhei has quit IRC18:30
*** mgagne has quit IRC18:30
*** mgagne_ has left #openstack-security18:33
*** janonymous_ has joined #openstack-security18:38
janonymous_Please could someone review : https://review.openstack.org/#/c/196395/\18:39
*** dlitz has quit IRC18:40
*** mgagne_ has joined #openstack-security18:41
*** dlitz has joined #openstack-security18:44
* sigmavirus24 waves to dlitz18:50
dlitzhi sigmavirus2418:51
sigmavirus24Do you work on OpenStack now?18:51
dlitznot at the moment, but I should probably learn it sooner or later :)18:51
sigmavirus24Fair enough18:52
*** openstackgerrit has quit IRC18:56
*** openstackgerrit has joined #openstack-security18:56
openstackgerritMerged openstack/bandit: Adding test for Try, Except, Pass  https://review.openstack.org/19958218:59
*** elo has quit IRC19:05
*** elo has joined #openstack-security19:06
tmcpeakjanonymous_: I'll take a look19:22
janonymous_Thanks a lot, i have configured according to swift19:23
janonymous_once merged new api's could be supported19:23
*** bpokorny_ has joined #openstack-security19:28
*** hyakuhei has joined #openstack-security19:29
*** bpokorny has quit IRC19:30
*** jmckind has quit IRC19:42
janonymous_tmcpeak : https://review.openstack.org/#/c/196395/5/bandit.yaml19:42
janonymous_i have disabled these as per requirement of swift community19:43
janonymous_they want to pass the bandit job, without showing errors. and this was the only way i could do that .19:44
tmcpeakjanonymous_: it would be far better to actually correct these errors as these are severe findings19:44
janonymous_I asked about that but for now they want them to be ignored ...19:45
tmcpeakhmmm… ok19:45
tmcpeakso we don't need the severity level filtering anymore since we're using a specific set of tests, is that right?19:46
janonymous_i am sorry  about that. But i am thankful about your continous support19:46
janonymous_yes19:46
tmcpeakjanonymous_: this is good work you're doing, it's better to have -a- bandit gate with limited checks than no bandit gate19:46
tmcpeakjanonymous_: update your commit message to take out the severity filtering and I'll +219:47
tmcpeakerr +119:47
janonymous_:) thanks i'll do it19:47
tmcpeakI haven't actually tested it mind you, I assume you and the rest of the swift cores will take care of that :)19:48
janonymous_I'm sorry for trouble again but could you suggest this , i'll update19:48
tmcpeakjanonymous_: done19:49
Davieysigmavirus24: Hey, do you think .insert is going to be a problem of a list of 3-4 max elements ?19:49
sigmavirus24Daviey: it really shouldn't be, but we don't necessarily have to insert19:50
sigmavirus24we can also add `'.:'` to the start of the string returned from appdirs19:50
sigmavirus24I'm not really particular on that point19:50
Davieyfair enough19:50
sigmavirus24And my confidence in my memory of the performance of insert is shakey at best right now19:51
sigmavirus24Inserting at the head of a linked list should be O(1) but for some reason I think Python does something weird and it isn't19:51
sigmavirus24Also having shaved off 10s of runtime for bandit recently it shouldn't be a big deal19:52
sigmavirus24And if it is an issue, we always have the spec that I have to write to add multiprocessing as an option19:52
*** jmckind has joined #openstack-security19:54
janonymous_tmcpeak: Please review,  please feel free to add features and enhancements in swift bandit . Thanks19:56
tmcpeakjanonymous_: features and enhancements?20:01
*** bpokorny_ has quit IRC20:01
janonymous_fot bandit updates in future releases if any..20:02
*** bpokorny has joined #openstack-security20:02
tmcpeaksorry, I'm not clear on what you're asking, you're asking to add what where? :)20:02
janonymous_ohh.. i am sorry,  I meant if there is an update in bandit and tht change needs to be reflected in .yaml file in future , please feel free to suggest such changes20:05
tmcpeakahh ok20:05
janonymous_\m20:06
janonymous_thank you20:06
tmcpeaksure, thanks for your work on this20:06
tmcpeakjanonymous_: so next step is the infra change to add the gate20:07
tmcpeakyou know how to do that?20:07
janonymous_yes once it is approved i'll proceed to the change..20:07
tmcpeakgreat20:08
janonymous_:)20:09
Davieysigmavirus24: TIL that % is invalud syntax in YAML20:17
Davieyinvalid*20:17
sigmavirus24whuh?!20:17
sigmavirus24what about quoting it?20:17
sigmavirus24"%(foo)s/bar/bogus"20:17
DavieyThat would work20:18
openstackgerritDave Walker proposed openstack/bandit: Install word_list, raise exception if cannot find  https://review.openstack.org/20105320:22
tmcpeakDaviey: this is cool, I never knew about appdirs before20:24
Davieytmcpeak: Yeah, seems to be a pretty graceful way of dealing with FHS type locations with distro differences20:26
DavieyStandard and Distro's in the same sentence #lolz #trollz20:26
*** dave-mccowan has quit IRC20:27
tmcpeakLOOOL20:27
DavieySilly question, but is anyone else finding that bandit plugins don't get installed by default with pip install ?20:28
*** dave-mccowan has joined #openstack-security20:29
tmcpeakemmm, no20:30
tmcpeakthat would be bad :)20:30
DavieySorry, ignore that.. It is when i am running it from local tox env20:30
tmcpeaktry "pip uinstall bandit" until it says it can't find it20:30
tmcpeakDaviey: bad news bears on that change, Bandit goes nuts if it can't find the wordlist20:31
DavieySo it does.. you'd think i'd have checked that20:32
*** jmckind has quit IRC20:33
tmcpeak:)20:33
*** sdake has quit IRC20:36
Davieytmcpeak: So I'm not quite sure how to solve this.. We want to avoid sys.ext on error, but also not be bombarded with errors with each test invocation.20:44
tmcpeakDaviey: yeah, it's an interesting puzzle20:45
Davieytmcpeak: I don't have a smart way of saying, raise once - then be silent.20:45
*** bpokorny_ has joined #openstack-security20:45
tmcpeakyeah, and we don't have to push something specific to this wordlist problem into generic Bandit code20:45
tmcpeakall things considered, exit might be appropriate.. since you are explicitly running the wordlist plugin and there isn't a wordlist, something is jacked up with your config.  Better to know about it and act appropriately20:46
sigmavirus24So20:46
sigmavirus24I agree with your last statement tmcpeak20:46
Davieytmcpeak: Well, I was thinking of having a "on_plugin_error: raise_and_continue|explode_the_world" for a more generic thing20:46
sigmavirus24If we want to warn once, though, the default setting for the warnings module is warn once (per unique warning string) and then stfu20:47
tmcpeaksigmavirus24: that sounds ideal20:47
tmcpeakwarn once then STFU20:47
tmcpeakwhat warnings module though?20:47
sigmavirus24standard library20:48
sigmavirus24import warnings; warnings.warn("message", WarningClass)20:48
*** bpokorny has quit IRC20:48
tmcpeakahh20:49
tmcpeakthis is good20:49
tmcpeakDaviey: what do you think of that?20:49
Davieysigmavirus24: well.. logger.warn is infact doing it with each string tested20:49
sigmavirus24Daviey: you mean warning that teh file is missing?20:49
Davieysigmavirus24: I almost added logger.warn("Using relative wordlist"), but i was seeing it for each test string20:49
sigmavirus24Daviey: logger.warn != warnings.warn20:50
Davieyoh20:50
sigmavirus24warnings.warn /can/ be told to write to the log though20:50
*** janonymous_ has quit IRC20:50
*** mgagne_ is now known as mgagne20:50
DavieyCool20:50
tmcpeakthe problem seems to be what is getting warned is indeed unique:20:50
tmcpeak[tester]ERRORBandit internal error running: hardcoded_password on file /Users/travismcpeak/Documents/projects/OpenStack_projects/keystone/keystone/assignment/core.py at line 568: Could not substitute '%(site_data_dir)s' to a path with a valid word_list fileTraceback (most recent call last):20:50
Davieyso that throws UserWarning20:51
DavieyThat is perfect20:51
tmcpeakbecause the warning is being done after the module returns, we just log whatever went wrong with it20:51
tmcpeakif we instead log in the module itself, then we can ensure that it is unique20:51
DavieyI can massage that20:51
tmcpeakcool20:51
openstackgerritDave Walker proposed openstack/bandit: Install word_list, raise exception if cannot find  https://review.openstack.org/20105321:13
*** singlethink has quit IRC21:16
*** dwyde has quit IRC21:20
*** sdake has joined #openstack-security21:21
*** dwyde has joined #openstack-security21:21
*** sdake_ has joined #openstack-security21:40
*** elo has quit IRC21:41
*** sdake has quit IRC21:41
*** shakamunyi has joined #openstack-security21:58
*** edmondsw has quit IRC22:08
*** kutija has quit IRC22:13
openstackgerritDave Walker proposed openstack/bandit: Consider other hardcoded tmp paths  https://review.openstack.org/20088222:16
*** kutija has joined #openstack-security22:20
*** dwyde has quit IRC22:31
*** sdake_ is now known as sdake22:34
*** kutija_ has joined #openstack-security22:36
*** kutija has quit IRC22:39
openstackgerritDave Walker proposed openstack/bandit: Consider other hardcoded tmp paths  https://review.openstack.org/20088222:44
*** dowlesbu has joined #openstack-security22:45
*** dwyde has joined #openstack-security22:47
*** dwyde has quit IRC22:47
*** bpokorny_ has quit IRC22:49
*** bpokorny has joined #openstack-security22:49
*** Aka_coder has joined #openstack-security23:00
*** sigmavirus24 is now known as sigmavirus24_awa23:01
*** voodookid has quit IRC23:04
*** Aka_coder has left #openstack-security23:05
*** Aka_coder has joined #openstack-security23:07
*** Aka_coder has left #openstack-security23:10
*** shohel has quit IRC23:24
*** hyakuhei has quit IRC23:31
*** bitblt has joined #openstack-security23:31
*** hyakuhei has joined #openstack-security23:33
*** barra204 has joined #openstack-security23:35
*** shakamunyi has quit IRC23:36
*** dlitz has quit IRC23:52
*** tmcpeak has quit IRC23:54
*** dlitz has joined #openstack-security23:54
« Monday, 2015-07-13 Index Wednesday, 2015-07-15 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!