Tuesday, 2014-11-25

« Monday, 2014-11-24 Index Wednesday, 2014-11-26 »
*** nkinder has joined #openstack-security00:05
*** shohel02 has joined #openstack-security00:41
*** shohel02 has quit IRC00:46
*** tmcpeak has quit IRC01:02
*** salv-orlando has quit IRC01:04
*** tmcpeak has joined #openstack-security01:33
*** tmcpeak has quit IRC01:35
*** shohel02 has joined #openstack-security01:41
*** dave-mccowan has joined #openstack-security01:41
*** shohel02 has quit IRC01:46
*** bpokorny has joined #openstack-security01:51
*** bpokorny has quit IRC02:17
*** dave-mccowan has quit IRC02:40
*** dave-mccowan has joined #openstack-security02:40
*** shohel02 has joined #openstack-security02:41
*** hyakuhei has quit IRC02:45
*** shohel02 has quit IRC02:46
*** bpokorny has joined #openstack-security03:23
*** shohel02 has joined #openstack-security03:41
*** shohel02 has quit IRC03:46
*** dave-mccowan has quit IRC04:12
*** hyakuhei has joined #openstack-security04:29
*** _et has joined #openstack-security04:36
*** _et has left #openstack-security04:37
*** _et has joined #openstack-security04:37
chair6just noticed some weirdness in the online version of the security guide04:39
chair6links in the ToC on the left, and urls associated with each page, do not map to chapter number / title04:39
chair6for example, in the ToC the text '29. Message queuing architecture' points to URL http://docs.openstack.org/security-guide/content/ch037_risks.html04:40
chair6then the content at http://docs.openstack.org/security-guide/content/ch037_risks.html has heading 'Chapter 29. Message queuing architecure'04:40
chair6something funky going on..04:41
*** shohel02 has joined #openstack-security04:41
chair6looks like google has indexed content with those mismatched URLs as well04:43
*** shohel02 has quit IRC04:46
*** bpokorny has quit IRC04:47
_etchair6: file a bug?04:48
*** bpokorny has joined #openstack-security04:54
*** subscope_ has joined #openstack-security04:55
*** bpokorny has quit IRC04:56
_ethttps://bugs.launchpad.net/openstack-manuals/+bug/139597404:57
*** bpokorny has joined #openstack-security04:57
_etchair6: done.04:57
*** bpokorny has quit IRC05:01
chair6thanks _et05:06
*** jamielennox has quit IRC05:11
*** jamielennox has joined #openstack-security05:11
*** _et has quit IRC05:14
*** subscope_ has quit IRC05:25
*** shohel02 has joined #openstack-security05:41
*** shohel02 has quit IRC05:46
*** shohel02 has joined #openstack-security06:41
*** shohel02 has quit IRC06:46
*** shohel02 has joined #openstack-security07:41
openstackgerritMerged openstack/security-doc: Fix recommendations post-POODLE  https://review.openstack.org/13584407:45
*** shohel02 has quit IRC07:46
*** jamielennox is now known as jamielennox|away07:49
*** salv-orlando has joined #openstack-security08:08
*** shohel02 has joined #openstack-security08:14
*** salv-orlando has quit IRC10:00
*** salv-orlando has joined #openstack-security10:02
openstackgerritAbu Shohel Ahmed proposed openstack/security-doc: Adds OpenStack security threat analysis folder  https://review.openstack.org/12103410:14
*** salv-orlando has quit IRC10:57
*** salv-orlando has joined #openstack-security11:02
*** salv-orlando has quit IRC11:11
*** salv-orlando has joined #openstack-security11:11
*** shohel02 has quit IRC11:57
*** shohel02 has joined #openstack-security12:02
*** salv-orlando has quit IRC12:25
openstackgerritTim Kelsey proposed stackforge/bandit: Refactoring "checks_functions" to check function definitions  https://review.openstack.org/13704913:07
*** LinStatSDR has quit IRC13:18
*** LinStatSDR has joined #openstack-security13:18
*** shohel02 has quit IRC13:21
*** dave-mccowan has joined #openstack-security13:35
*** tmcpeak has joined #openstack-security13:40
*** shohel02 has joined #openstack-security13:43
*** salv-orlando has joined #openstack-security13:53
*** shohel02 has quit IRC13:59
*** shohel02 has joined #openstack-security14:06
*** shohel02 has quit IRC14:12
*** paulmo has joined #openstack-security14:13
*** nkinder has quit IRC14:14
*** shohel02 has joined #openstack-security14:19
*** dave-mccowan_ has joined #openstack-security14:29
*** dave-mccowan has quit IRC14:32
*** dave-mccowan_ is now known as dave-mccowan14:32
openstackgerritTim Kelsey proposed stackforge/bandit: Refactoring "checks_functions" to check function definitions  https://review.openstack.org/13704914:44
openstackgerritTim Kelsey proposed stackforge/bandit: Refactoring "checks_functions" to check function definitions  https://review.openstack.org/13704914:46
*** dave-mccowan has quit IRC14:47
*** dave-mccowan has joined #openstack-security15:01
openstackgerritTim Kelsey proposed stackforge/bandit: Refactoring "checks_functions" to check function definitions  https://review.openstack.org/13704915:02
*** nkinder has joined #openstack-security15:06
*** LinStatSDR has quit IRC15:14
*** voodookid has joined #openstack-security15:23
openstackgerritTim Kelsey proposed stackforge/bandit: Refactoring "checks_functions" to check function definitions  https://review.openstack.org/13704915:27
*** shohel02 has quit IRC15:41
*** sicarie has joined #openstack-security15:47
openstackgerritMerged stackforge/bandit: Refactoring "checks_functions" to check function definitions  https://review.openstack.org/13704915:52
*** shohel02 has joined #openstack-security15:55
*** bpokorny has joined #openstack-security15:56
tmcpeaknkinder: you around?16:04
*** tmcpeak has quit IRC16:58
*** salv-orlando has quit IRC17:01
*** LinStatSDR has joined #openstack-security17:03
*** bpokorny has quit IRC17:06
*** bpokorny has joined #openstack-security17:22
bknudsonI tried running bandit using http://git.openstack.org/cgit/stackforge/bandit/tree/README.md#n39 but it fails with a bunch of errors17:25
bknudsonAttributeError: 'Name' object has no attribute 'value'17:25
bknudsonI tried running the tests and those all passed17:26
*** edmondsw has joined #openstack-security17:30
*** tmcpeak has joined #openstack-security17:35
*** shohel02 has quit IRC17:39
openstackgerritTim Kelsey proposed stackforge/bandit: Fixing an oversight when processing none-attr nodes.  https://review.openstack.org/13715317:40
openstackgerritTim Kelsey proposed stackforge/bandit: Fixing an oversight when processing none-attr nodes  https://review.openstack.org/13715317:44
openstackgerritMerged stackforge/bandit: Fixing an oversight when processing none-attr nodes  https://review.openstack.org/13715318:04
chair6thanks bknudson, that bug should be fixed18:05
bknudsonI'll try it.18:06
bknudsonthat helped but getting a different error running against keystone18:08
bknudsonhttp://paste.openstack.org/show/138298/18:08
*** jamielennox|away is now known as jamielennox18:11
nkindertmcpeak: hey, what's up?18:11
openstackgerritTim Kelsey proposed stackforge/bandit: Graceful degradation when failing to full qualify an attr node.  https://review.openstack.org/13716518:25
tmcpeaknkinder: was going to check about what I should do to make a nicely formatted ML post18:25
tmcpeakbut hyakuhei pointed me to the ML etiquette link18:26
nkindertmcpeak: ok, cool18:27
*** bpokorny_ has joined #openstack-security18:27
*** bpokorny has quit IRC18:31
openstackgerritTim Kelsey proposed stackforge/bandit: Graceful degradation when failing to full qualify an attr node.  https://review.openstack.org/13716518:31
*** bpokorny has joined #openstack-security18:32
*** salv-orlando has joined #openstack-security18:33
*** bpokorn__ has joined #openstack-security18:33
*** bpokorny_ has quit IRC18:35
openstackgerritTim Kelsey proposed stackforge/bandit: Graceful degradation when failing to full qualify an attr node  https://review.openstack.org/13716518:36
*** bpokorny has quit IRC18:37
openstackgerritMerged stackforge/bandit: Graceful degradation when failing to full qualify an attr node  https://review.openstack.org/13716518:40
chair6bknudson: ^ that should do it, try again .. the joys of trying to get one last feature in before 'announcing' :(18:41
bknudsonchair6: how do I mark a line (use of random) as safe?18:42
bknudsonI need to get it to not look at test code18:42
chair6for an individual line, add a trailing # nosec18:43
tmcpeakbknudson: do you think a formal way to exclude a directory would be more useful?18:45
*** bpokorny has joined #openstack-security18:45
tmcpeakI guess the same thing could be done with a find command, or by running Bandit on individual directories though…18:46
bknudsontmcpeak: we'll need a way to run it for a project (e.g., keystone) and the project should be able to say what directories to exclude18:46
tmcpeakbknudson: yeah, totally18:46
bknudsonthe the directory is keystone/test and we want to exclude just that directory.18:46
tmcpeakdo you think running Bandit through find like this: find ~/openstack-repo/keystone -name '*.py' | xargs bandit -n 1  and then using some find magic to exclude that directory would be a good solution, or do you think we should build it into Bandit itself?18:47
bknudsonI think it should be built into bandit... you'll need a config file anyways18:48
*** bpokorn__ has quit IRC18:49
tmcpeakbknudson: cool, should be easy enough to add18:49
tmcpeakconfig file already there, just need to add that18:49
tmcpeakbknudson: I'll add that to the queue18:50
*** jimhoagland has joined #openstack-security19:40
*** gabriela has joined #openstack-security20:33
*** gabriela has left #openstack-security20:36
*** jimhoagland has quit IRC20:46
*** gabriela has joined #openstack-security21:02
gabrielahola21:08
*** gabriela has left #openstack-security21:19
*** sicarie_ has joined #openstack-security21:21
*** jamielennox is now known as jamielennox|away21:23
*** LinStatSDR has quit IRC21:25
*** jamielennox|away is now known as jamielennox21:28
*** paulmo has quit IRC21:45
*** dave-mccowan has quit IRC21:51
*** tmcpeak has quit IRC22:13
*** tmcpeak has joined #openstack-security22:14
*** tmcpeak has quit IRC23:09
*** edmondsw has quit IRC23:12
*** tmcpeak has joined #openstack-security23:15
*** nkinder has quit IRC23:18
*** sicarie_ has quit IRC23:29
« Monday, 2014-11-24 Index Wednesday, 2014-11-26 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!