Wednesday, 2016-01-27

« Tuesday, 2016-01-26 Index Thursday, 2016-01-28 »
*** winterIsLeaving has quit IRC00:32
*** winterIsLeaving has joined #openstack-security00:33
*** entPop has joined #openstack-security00:33
*** markvoelker has quit IRC00:51
*** austin987 has quit IRC00:52
*** markvoelker has joined #openstack-security00:56
*** jmckind_ has joined #openstack-security01:01
*** jmckind has quit IRC01:04
*** bpokorny_ has joined #openstack-security01:07
*** bpokorny_ has quit IRC01:07
*** bpokorny has quit IRC01:07
*** bpokorny has joined #openstack-security01:07
*** austin987 has joined #openstack-security01:09
*** bpokorny has quit IRC01:14
*** jmckind_ has quit IRC01:16
*** ninag has joined #openstack-security01:49
*** ninag has quit IRC01:53
*** jhfeng has joined #openstack-security02:07
*** jhfeng has quit IRC02:12
*** browne has quit IRC02:32
*** diazjf has joined #openstack-security02:33
*** diazjf has quit IRC03:08
*** ccneill has joined #openstack-security03:17
*** browne has joined #openstack-security03:21
*** yuanying has quit IRC03:21
*** yuanying has joined #openstack-security03:23
*** tmcpeak has quit IRC03:26
*** yuanying has quit IRC03:28
*** yuanying has joined #openstack-security03:33
*** yuanying has quit IRC03:40
*** yuanying has joined #openstack-security03:40
*** ccneill has quit IRC03:51
*** yuanying has quit IRC03:56
*** yuanying has joined #openstack-security03:57
*** yuanying_ has joined #openstack-security03:58
*** yuanying has quit IRC04:01
*** markvoelker has quit IRC04:04
*** salv-orl_ has quit IRC04:09
*** markvoelker has joined #openstack-security05:05
*** salv-orlando has joined #openstack-security05:05
*** markvoelker has quit IRC05:10
*** salv-orlando has quit IRC05:13
*** dave-mccowan has quit IRC05:52
*** salv-orlando has joined #openstack-security06:05
*** salv-orlando has quit IRC06:10
*** liverpooler has quit IRC06:13
*** salv-orlando has joined #openstack-security06:57
*** salv-orlando has quit IRC06:57
*** salv-orlando has joined #openstack-security06:58
*** markvoelker has joined #openstack-security07:06
*** markvoelker has quit IRC07:11
*** browne has quit IRC07:13
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/27293207:24
*** rcernin has joined #openstack-security07:27
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/27293207:36
*** ninag has joined #openstack-security07:43
*** ninag has quit IRC07:48
*** liverpooler has joined #openstack-security08:02
*** salv-orlando has quit IRC08:11
*** salv-orlando has joined #openstack-security09:04
*** markvoelker has joined #openstack-security09:07
*** markvoelker has quit IRC09:12
*** salv-orl_ has joined #openstack-security10:06
*** markvoelker has joined #openstack-security10:08
*** salv-orlando has quit IRC10:08
*** markvoelker has quit IRC10:13
*** lijie has joined #openstack-security10:29
*** salv-orl_ has quit IRC10:35
*** lijie has quit IRC10:38
*** pcaruana has joined #openstack-security11:44
*** markvoelker has joined #openstack-security12:09
*** markvoelker has quit IRC12:14
*** salv-orlando has joined #openstack-security12:35
*** pcaruana has quit IRC12:37
*** ninag has joined #openstack-security12:39
*** salv-orlando has quit IRC12:40
*** ninag has quit IRC12:40
*** ninag has joined #openstack-security12:41
*** dave-mccowan has joined #openstack-security13:05
*** markvoelker has joined #openstack-security13:09
*** markvoelker has quit IRC13:14
*** Sarah-VAIO has joined #openstack-security13:21
*** markvoelker has joined #openstack-security13:45
*** zul has joined #openstack-security13:59
*** salv-orlando has joined #openstack-security14:13
*** ykotko has joined #openstack-security14:15
openstackgerritAlex Howells proposed openstack/anchor: Adjust filename to include missing 'n' in backend. Fixes typo.  https://review.openstack.org/27306514:23
openstackgerritAlex Howells proposed openstack/anchor: Adjust filename to include missing 'n' in backend  https://review.openstack.org/27306514:34
ykotkoHello all, can somebody help me with such issue: trying to use bandit for  scanning the directory: 2 files   __init__.py  random_data.py, and scan freezes on scanning __init.py__.py file, http://paste.openstack.org/show/485152/14:36
elmikoykotko: hi, i've not seen that before, but it looks like most of the bandit devs aren't around right now14:39
elmikoykotko: have you tried marking the __all__ line as #nosec?14:40
*** liverpooler has quit IRC14:40
elmikootherwise, it might be worth opening a bug on https://bugs.launchpad.net/bandit14:41
ykotkomin just as fast workaround will try to add exclude on __init__14:42
elmikoright, that's why i suggested adding #nosec to the __init__14:43
elmikoi haven't seen any issues with scanning __init__ files, but who knows, maybe it's a bug14:44
ykotkoexclude_dirs:   - '/tests/'    - '__init__' the same14:45
elmikoykotko: yea, i think opening a bug would be worthwhile14:48
elmikoadding #nosec might help, but i'm not sure. i tried a local test but i can't reproduce the issue you are having14:49
elmikoykotko: does it work if you remove the __init__.py file (temporarily)14:49
elmikoi'm just curious if the __all__ is creating issue14:50
ykotkoyes14:51
ykotkoI have delete it and dir contains 2 files14:51
ykotkoit passes the  test in 2 sec14:52
elmikook, so try adding #nosec to the end of the last line of the __all__ assignment in the __init__.py file, that should instruct bandit to skip that line14:52
elmikoit's a workaround, but there may be a bug here14:53
*** ibravo has joined #openstack-security14:53
ykotkomin14:53
ykotkothe same14:55
ykotkodoes not help14:55
*** sigmavirus24_awa is now known as sigmavirus2414:55
elmikoah, too bad. sounds like a bug to me14:55
*** edmondsw has joined #openstack-security14:57
elmikosigmavirus24: are there any known issues in bandit when scanning __init__.py files that export __all__ variables?14:57
sigmavirus24elmiko: I don't know of any14:58
* sigmavirus24 reads backlog14:59
elmikoykotko is having some issues with bandit freezing, Hhttp://paste.openstack.org/show/485152/14:59
elmikosigmavirus24: thanks14:59
sigmavirus24ykotko: are you still around?14:59
ykotkoyep15:00
sigmavirus24So a few things15:00
sigmavirus241. Items in __all__ are supposed to be strings, not objects15:00
sigmavirus24er15:00
sigmavirus24Not classes/functions/etc15:00
*** cjschaef has joined #openstack-security15:00
sigmavirus24So your __all__ should look like: `('get_fake_env', 'get_fake_node', 'random_string', 'get_fake_interface_config', 'get_fake_network_config')15:01
elmikogood spot15:01
sigmavirus24Second, I suspect that bandit is freezing because those bindings do not exist in that namespace15:01
sigmavirus24Usually in an `__init__.py` file you do `from test.modA import get_fake_env; from test.modB import get_fake_node; # etc.` and have __all__ declared as above15:02
ykotkoI do have its, just did not put it in the paste15:02
*** zul has quit IRC15:03
*** jmckind has joined #openstack-security15:09
*** diazjf has joined #openstack-security15:11
*** tmcpeak has joined #openstack-security15:12
ykotkook, the exclude  #nosec in __init__   does not help to any ideas how to exclude the __init__   from  checking?15:14
tmcpeakykoto: you're trying to exclude one file (__init__.py)?15:16
tmcpeakykotko: ^15:16
ykotkoyes15:16
ykotkoor it possibles fro all files __init__15:17
tmcpeakok so you can use the -x flag or the .bandit file15:17
ykotkobandit.yaml ?15:18
ykotkomcpeak:   exclude_dirs:    - '/tests/'    - '__init__.*' does not help15:19
tmcpeakykotko: wildcards don't work15:21
tmcpeakfor that you can just put '__init__'15:21
tmcpeakit does string matching on whatever you put against the full path15:21
tmcpeakso '__init__' does what you want15:21
tmcpeakthere's some problem with glob, we looked into it.  I keep forgetting what it is (should document it one of these days)15:22
*** jmckind has quit IRC15:30
*** edtubill has joined #openstack-security15:31
ykotkosigmavirus24: I have done init with only one string comment, but still http://paste.openstack.org/show/485159/15:34
*** winterIsLeaving has quit IRC15:34
*** jhfeng has joined #openstack-security15:34
tmcpeakit's not finding the result in your init, it's finding it in base.py15:35
tmcpeakLocation: sec_scan/base.py:1315:35
tmcpeakhonestly though, we should run with a filter or something for you15:36
*** jmckind has joined #openstack-security15:36
tmcpeakthe "Consider possible security implications associated with subprocess module." isn't useful for a gate, only for some pentesting findings15:36
tmcpeakimporting subprocess by itself is obviously not a security issue15:36
tmcpeakit's more to find places in code that are going to shell out later15:37
elmiko+115:37
tmcpeakykotko: so in this case, the solution is going to be running this with a profile or with severity filtering -ll15:37
ykotkoit's not finding the result in your init, it's finding it in base.py  - only after the deletion of init it started check something15:38
ykotkoin init is present it will not give any results15:39
ykotkoit will just freezes15:39
tmcpeakbandit freezes if it's run against your init file?15:40
ykotkono15:40
ykotkobut if bandit runs with -r against dir with init it freezes15:40
ykotkosee its in the paste15:40
tmcpeakykotko: you're right, I've verified it15:42
tmcpeakthat's a bug :|15:42
elmiko\o/15:43
elmikoweird though, i tried testing that locally and it worked for me15:43
tmcpeakreally?15:43
*** Sarah-VAIO has quit IRC15:44
elmikoyea, but my example was fairly simple and i didn't have a bandit.yaml15:44
elmikoi just made a dir, plopped a __init__.py and a foo.py, then added a simple func to foo and put it in the __all__, and ran `bandit -r some_dir`15:45
tmcpeaksomething about this __init__ is tripping it up15:45
elmikoi'm surprised that adding #nosec to the __all__ line doesn't fix it15:45
tmcpeakI'm using ykotko's base.py and __init__.py and it hangs15:45
tmcpeakand yeah, if I remove or exclude __init__ it's fine15:46
elmikotmcpeak: if you are curious, here is my test http://paste.openstack.org/show/485160/15:49
tmcpeakhmm15:49
*** lijie has joined #openstack-security15:54
*** Sarah-VAIO has joined #openstack-security15:58
*** Sarah-VAIO has quit IRC16:04
*** salv-orl_ has joined #openstack-security16:06
*** salv-orlando has quit IRC16:09
*** rcernin has quit IRC16:09
*** wayward710 has quit IRC16:11
ykotkohttps://bugs.launchpad.net/bandit/+bug/153863316:13
openstackLaunchpad bug 1538633 in Bandit "Bandit freezes when start it with key -r against directory with __init__.py file" [Undecided,New]16:13
*** diazjf has quit IRC16:17
*** avarner has joined #openstack-security16:27
*** diazjf has joined #openstack-security16:28
*** austin987 has quit IRC16:36
*** bpokorny has joined #openstack-security16:41
tmcpeakykotko: still around?16:43
ykotkohttps://bugs.launchpad.net/bandit/+bug/153863316:43
openstackLaunchpad bug 1538633 in Bandit "Bandit freezes when start it with key -r against directory with __init__.py file" [High,Confirmed] - Assigned to Travis McPeak (travis-mcpeak)16:43
tmcpeakykotko: can you verify something for me?16:43
ykotkoyep16:44
tmcpeakare you running from within the directory or outside of it?16:44
ykotkooutside16:44
tmcpeakinteresting, I can reproduce only if I'm inside the directory it seems16:44
tmcpeakmaybe some other factor, I'll keep poking16:44
*** austin987 has joined #openstack-security16:49
*** bpokorny has quit IRC16:50
*** bpokorny has joined #openstack-security16:50
tmcpeakykotko: found the bug, thanks for the report!16:54
*** lijie has quit IRC16:55
elmikotmcpeak++16:55
openstackgerritChristopher J Schaefer proposed openstack/bandit: Added unit tests for CLI main module  https://review.openstack.org/27314716:57
*** jmckind_ has joined #openstack-security17:13
*** salv-orl_ has quit IRC17:16
*** jmckind has quit IRC17:16
openstackgerritFernando Diaz proposed openstack/security-specs: Bring Your Own Key Castellan Implementation  https://review.openstack.org/27151717:20
*** ccneill has joined #openstack-security17:22
*** tmcpeak has quit IRC17:43
*** tmcpeak has joined #openstack-security17:43
*** salv-orlando has joined #openstack-security17:53
*** dru has joined #openstack-security17:59
*** rcernin has joined #openstack-security18:00
*** dru is now known as anon03827418:00
*** anon038274 has left #openstack-security18:00
*** browne has joined #openstack-security18:12
openstackgerritTravis McPeak proposed openstack/bandit: Fixing hang in get_module_qualname_from_path  https://review.openstack.org/27318118:14
openstackgerritTravis McPeak proposed openstack/bandit: Fixing hang in get_module_qualname_from_path  https://review.openstack.org/27318118:15
tmcpeakykotko: can you validate that this fixes the issue please? https://review.openstack.org/27318118:15
tmcpeakit does in my test environment18:16
*** mvaldes has quit IRC18:31
openstackgerritFernando Diaz proposed openstack/security-specs: Bring Your Own Key Castellan Implementation  https://review.openstack.org/27151718:33
*** jmckind_ has quit IRC18:35
*** jmckind has joined #openstack-security18:38
*** ccneill has quit IRC18:45
*** tmcpeak has quit IRC18:54
*** mvaldes has joined #openstack-security18:56
*** ccneill has joined #openstack-security19:01
*** ccneill has quit IRC19:01
*** ccneill has joined #openstack-security19:02
openstackgerritChristopher J Schaefer proposed openstack/bandit: Added unit tests for CLI main module  https://review.openstack.org/27314719:03
*** bpokorny_ has joined #openstack-security19:29
*** bpokorny_ has quit IRC19:29
*** bpokorny_ has joined #openstack-security19:29
*** bpokorny has quit IRC19:32
*** c00p3r has quit IRC19:54
*** c00p3r has joined #openstack-security19:54
*** tmcpeak has joined #openstack-security19:55
*** tmcpeak has quit IRC20:02
*** barra204 has quit IRC20:06
*** Vayri has joined #openstack-security20:18
VayriHello20:19
VayriMind anyone spare me a link to some huge wordlist? Like larger than 100gb preferably20:19
*** bpokorny_ has quit IRC20:24
*** bpokorny has joined #openstack-security20:24
*** ibravo has quit IRC20:26
*** salv-orlando has quit IRC20:27
*** diazjf has quit IRC20:41
*** diazjf has joined #openstack-security21:15
*** salv-orlando has joined #openstack-security21:16
*** rcernin has quit IRC21:16
*** tmcpeak has joined #openstack-security21:29
openstackgerritTravis McPeak proposed openstack/bandit: Fixing hang in get_module_qualname_from_path  https://review.openstack.org/27318121:35
*** tmcpeak has quit IRC21:39
*** bpokorny_ has joined #openstack-security21:41
*** bpokorny_ has quit IRC21:41
*** bpokorny_ has joined #openstack-security21:42
*** bpokorny has quit IRC21:44
openstackgerritAlex Howells proposed openstack/anchor: Ignore the 'pep8.txt' file via .gitignore  https://review.openstack.org/27325021:48
*** winterIsLeaving has joined #openstack-security21:49
*** diazjf has quit IRC21:51
*** cjschaef has quit IRC21:51
*** bpokorny_ has quit IRC21:52
*** bpokorny has joined #openstack-security21:52
*** tmcpeak has joined #openstack-security21:57
elmikosigmavirus24: do you python paste well?22:03
sigmavirus24Not really22:03
sigmavirus24what's up?22:04
elmikohmm, should have read "do you know.."22:04
sigmavirus24I grokk'd it22:04
elmikoi'm just trying to figure something out about pipelines and i think i may be attempting to implement an anti-pattern22:04
elmikoi'm implementing an experimental api22:04
*** Vayri has quit IRC22:04
elmikoand i need to modify one of the validators in our pipeline22:04
elmikowondering if i should modify the validator, or attempt to have a pipeline change depending on url22:05
elmikoseems like creating multiple pipelines may be an anti-pattern22:05
elmikoi'm not sure though22:05
*** salv-orl_ has joined #openstack-security22:06
tmcpeakI don't actually know this to be true but multiple pipelines feels anti-pattern-y22:06
elmikoyea, same22:06
elmikoand #pythonpaste is totally dead...22:06
tmcpeakwell you brought it back22:06
tmcpeaknow there's 3 of us :P22:06
elmikohaha22:08
*** salv-orlando has quit IRC22:09
elmikoi'm gonna guess this is an antipattern and just hack up the validator22:09
elmikoi suppose i could post to the email list22:09
*** bpokorny has quit IRC22:11
tmcpeakelmiko: not enough bikeshed in your life?22:12
elmikohaha22:12
elmikoit's a good point, i just hack away and damned be the consequences22:12
elmikoi mean, it's an experimental api for a reason ;)22:12
tmcpeak+122:13
elmikolol22:13
elmikolpt: hack more, talk less22:13
*** diazjf has joined #openstack-security22:25
*** jmckind_ has joined #openstack-security22:26
*** jmckind has quit IRC22:30
*** bpokorny has joined #openstack-security22:30
*** jmckind has joined #openstack-security22:31
*** jmckind_ has quit IRC22:33
*** bpokorny_ has joined #openstack-security22:34
*** bpokorny_ has quit IRC22:35
*** bpokorny has quit IRC22:35
Ryan_Lanehow do I use the logger inside of a bandit plugin?22:36
*** bpokorny has joined #openstack-security22:36
*** jmckind has quit IRC22:41
tmcpeakRyan_Lane: good question, sigmavirus24 do you know?22:44
elmikolike, how to use the python logging module?22:46
Ryan_Lanewell, I'm using logging in a plugin and there's no output22:46
Ryan_Lanesigh. I bet I need to pip install -e again22:46
Ryan_Laneentrypoints for plugins sucks so much22:47
Ryan_Laneyep. that was the problem.22:47
elmikoyea, stale venvs kill puppies, imo22:47
elmikoXD22:47
tmcpeakbrowne, chair6, sigmavirus24: sorry, I messed this up.  Need another re-release23:01
tmcpeakforgot that we didn't have -include and -skips in 0.17.0 :\23:01
*** diazjf has quit IRC23:01
sigmavirus24and?23:02
tmcpeak#cherrypickingthings23:02
*** yuanying_ has quit IRC23:02
tmcpeaksigmavirus24: and there is no args option to set for it, I'm trying to set something that doesn't exist and its crashing out23:02
sigmavirus24cherry-picks are the (cherry-)bomb23:03
tmcpeakyeah, my first one and I already love it23:03
browneoops23:04
tmcpeakyeah :\23:04
tmcpeakit's ok, I'm fairly sure only my internal teams are using it :P23:04
tmcpeakupstream uses tox23:04
sigmavirus24how does that affect things?23:05
tmcpeakI'm better able to absorb the impact of internal teams complaining against me than external teams23:05
tmcpeakreviewsies please: https://review.openstack.org/27327323:08
tmcpeakbrowne, sigmavirus24 ^23:08
tmcpeakI'm going to try to push a new version today23:08
tmcpeaks/try to push/push23:09
tmcpeakbrowne, sigmavirus24 thanks guys23:10
brownenp23:11
sigmavirus24yw tmcpeak23:11
sigmavirus24And now I'll depart23:11
*** yuanying has joined #openstack-security23:12
tmcpeaksigmavirus24: sounds like a plan23:12
elmikolater sigmavirus2423:13
sigmavirus24later23:14
sigmavirus24guess tomorrow I'm going to start writing an ansible role to deploy barbican23:14
sigmavirus24this should be fun23:14
elmikoooh, neat!23:14
tmcpeakthat sounds cool23:14
elmikosigmavirus24: you might ping alee in the barbican channel, i think he may have done some of that with rdo23:14
sigmavirus24Could be cool or it could be painful23:14
tmcpeakI'm 100% sure it will be both23:14
sigmavirus24elmiko: RDO is all puppet23:14
sigmavirus24iirc23:14
elmikoyea, you're right23:15
elmikomaybe it was something else then, i saw them talking about it the other day23:15
elmikoeither way, gl =)23:15
*** sigmavirus24 is now known as sigmavirus24_awa23:16
*** edmondsw has quit IRC23:17
openstackgerritMichael Dong proposed openstack/syntribos: Hardcoded confidence levels  https://review.openstack.org/27327523:20
openstackgerritMichael Dong proposed openstack/syntribos: Updated README.md to include OpenCafe setup instructions  https://review.openstack.org/27217223:23
*** bpokorny_ has joined #openstack-security23:31
openstackgerritMerged openstack/syntribos: Updated README.md to include OpenCafe setup instructions  https://review.openstack.org/27217223:31
*** bpokorny_ has quit IRC23:32
*** bpokorny_ has joined #openstack-security23:32
*** bpokorny has quit IRC23:35
openstackgerritMichael Dong proposed openstack/syntribos: Added XML external entity test  https://review.openstack.org/27220823:36
*** bpokorny_ has quit IRC23:38
*** ccneill has quit IRC23:38
*** bpokorny has joined #openstack-security23:40
*** jhfeng has quit IRC23:41
openstackgerritMerged openstack/syntribos: Added XML external entity test  https://review.openstack.org/27220823:41
*** avarner has quit IRC23:42
*** bpokorny has quit IRC23:42
*** edtubill has quit IRC23:45
*** bpokorny has joined #openstack-security23:49
*** mvaldes has quit IRC23:59
« Tuesday, 2016-01-26 Index Thursday, 2016-01-28 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!