Removing bandit.yaml in favor of defaults

Removing old configuration options for build-in defaults of latest bandit functionality. Also, marking flagged items with _# nosec_ with a descriptive comment on why the code is acceptable as is. Co-Authored-By: Christopher J Schaefer <cjschaef@us.ibm.com> Co-Authored-By: Tom Cocozzello <tjcocozz@us.ibm.com> Change-Id: I138ebd46a8be195177361a9c3306bb70423b639d
author: Christopher J Schaefer <cjschaef@us.ibm.com> 2016-03-11 15:55:06 -0600
committer: Christopher J Schaefer <cjschaef@us.ibm.com> 2016-04-19 10:35:00 -0500
commit: dbf4f3164655ec69a830ed87db0769f01ac1f720 (patch)
tree: cb93fd0797e8ea00d6faa94f01adddc6bd7083c1 /keystoneclient/httpclient.py
parent: 91d1053f6811d454c538c85ea601dc700a56b4b3 (diff)
download: python-keystoneclient-dbf4f3164655ec69a830ed87db0769f01ac1f720.tar.gz
1 files changed, 17 insertions, 11 deletions
diff --git a/keystoneclient/httpclient.py b/keystoneclient/httpclient.py
index d6e0926..7517497 100644
--- a/keystoneclient/httpclient.py
+++ b/keystoneclient/httpclient.py
@@ -31,7 +31,7 @@ from positional import positional
 import requests
 
 try:
-    import pickle
+    import pickle  # nosec(cjschaef): see bug 1534288 for details
 
     # NOTE(sdague): The conditional keyring import needs to only
     # trigger if it's a version of keyring that's supported in global
@@ -129,7 +129,8 @@ class _KeystoneAdapter(adapter.LegacyJsonAdapter):
         # the identity plugin case
         try:
             return self.session.auth.get_access(self.session).user_id
-        except AttributeError:
+        except AttributeError:  # nosec(cjschaef): attempt legacy retrival, or
+            # return None
             pass
 
         # there is a case that we explicity allow (tested by our unit tests)
@@ -138,7 +139,8 @@ class _KeystoneAdapter(adapter.LegacyJsonAdapter):
         # a legacy then self.session.auth is a client and we retrieve user_id.
         try:
             return self.session.auth.user_id
-        except AttributeError:
+        except AttributeError:  # nosec(cjschaef): retrivals failed, return
+            # None
             pass
 
         return None
@@ -629,7 +631,8 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
                 auth_ref = keyring.get_password("keystoneclient_auth",
                                                 keyring_key)
                 if auth_ref:
-                    auth_ref = pickle.loads(auth_ref)  # nosec
+                    auth_ref = pickle.loads(auth_ref)  # nosec(cjschaef): see
+                    # bug 1534288
                     if auth_ref.will_expire_soon(self.stale_duration):
                         # token has expired, don't use it
                         auth_ref = None
@@ -647,7 +650,8 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
             try:
                 keyring.set_password("keystoneclient_auth",
                                      keyring_key,
-                                     pickle.dumps(self.auth_ref))
+                                     pickle.dumps(self.auth_ref))  # nosec
+                # (cjschaef): see bug 1534288
             except Exception as e:
                 _logger.warning(
                     _LW("Failed to store token into keyring %s"), e)
@@ -658,8 +662,8 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
                 service_type='identity',
                 endpoint_type='admin',
                 region_name=region_name)
-        except exceptions.EndpointNotFound:
-            pass
+        except exceptions.EndpointNotFound as e:
+            _logger.debug("Failed to find endpoint for management url %s", e)
 
     def process_token(self, region_name=None):
         """Extract and process information from the new auth_ref.
@@ -872,7 +876,8 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
     def __getattr__(self, name):
         try:
             var_name = self.deprecated_session_variables[name]
-        except KeyError:
+        except KeyError:  # nosec(cjschaef): try adapter variable or raise
+            # an AttributeError
             pass
         else:
             warnings.warn(
@@ -883,7 +888,7 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
 
         try:
             var_name = self.deprecated_adapter_variables[name]
-        except KeyError:
+        except KeyError:  # nosec(cjschaef): raise an AttributeError
             pass
         else:
             warnings.warn(
@@ -897,7 +902,8 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
     def __setattr__(self, name, val):
         try:
             var_name = self.deprecated_session_variables[name]
-        except KeyError:
+        except KeyError:  # nosec(cjschaef): try adapter variable or call
+            # parent class's __setattr__
             pass
         else:
             warnings.warn(
@@ -908,7 +914,7 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
 
         try:
             var_name = self.deprecated_adapter_variables[name]
-        except KeyError:
+        except KeyError:  # nosec(cjschaef): call parent class's __setattr__
             pass
         else:
             warnings.warn(
author	Christopher J Schaefer <cjschaef@us.ibm.com>	2016-03-11 15:55:06 -0600
committer	Christopher J Schaefer <cjschaef@us.ibm.com>	2016-04-19 10:35:00 -0500
commit	dbf4f3164655ec69a830ed87db0769f01ac1f720 (patch)
tree	cb93fd0797e8ea00d6faa94f01adddc6bd7083c1 /keystoneclient/httpclient.py
parent	91d1053f6811d454c538c85ea601dc700a56b4b3 (diff)
download	python-keystoneclient-dbf4f3164655ec69a830ed87db0769f01ac1f720.tar.gz