| *** dave-mccowan has quit IRC | 00:03 | |
| *** voodookid has quit IRC | 00:03 | |
| *** markvoelker has quit IRC | 00:07 | |
| *** dwyde has quit IRC | 00:08 | |
| *** bdpayne has quit IRC | 00:11 | |
| *** sicarie has left #openstack-security | 00:58 | |
| *** markvoelker has joined #openstack-security | 01:08 | |
| *** markvoelker has quit IRC | 01:13 | |
| *** markvoelker has joined #openstack-security | 01:15 | |
| *** salv-orlando has quit IRC | 01:16 | |
| *** markvoelker has quit IRC | 01:20 | |
| openstackgerrit | Dave Belcher proposed stackforge/bandit: Refactored AST processing https://review.openstack.org/160166 | 01:42 |
|---|---|---|
| *** jamielennox is now known as jamielennox|lunc | 01:51 | |
| *** markvoelker has joined #openstack-security | 02:16 | |
| *** bpokorny_ has joined #openstack-security | 02:17 | |
| *** bpokorny has quit IRC | 02:20 | |
| *** nkinder has quit IRC | 02:21 | |
| *** markvoelker has quit IRC | 02:21 | |
| *** ljfisher has joined #openstack-security | 02:23 | |
| *** amrith is now known as _amrith_ | 02:26 | |
| *** nkinder has joined #openstack-security | 02:26 | |
| openstackgerrit | Shail Bhargava proposed openstack/security-doc: MySQL TLS transport config example https://review.openstack.org/159668 | 02:26 |
| *** bpokorny has joined #openstack-security | 02:35 | |
| *** bpokorny_ has quit IRC | 02:38 | |
| *** bpokorny has quit IRC | 02:42 | |
| *** bpokorny has joined #openstack-security | 02:43 | |
| *** jamielennox|lunc is now known as jamielennox | 02:47 | |
| *** bpokorny has quit IRC | 02:47 | |
| *** vozcelik has joined #openstack-security | 02:58 | |
| *** ljfisher has quit IRC | 03:16 | |
| *** markvoelker has joined #openstack-security | 03:17 | |
| *** fletcher has quit IRC | 03:18 | |
| *** markvoelker has quit IRC | 03:22 | |
| openstackgerrit | Shail Bhargava proposed openstack/security-doc: Fix typo "administator" https://review.openstack.org/161559 | 03:28 |
| *** browne has quit IRC | 03:34 | |
| *** vozcelik has quit IRC | 03:40 | |
| *** vozcelik has joined #openstack-security | 03:41 | |
| *** jamielennox is now known as jamielennox|away | 03:45 | |
| *** vozcelik has quit IRC | 03:52 | |
| *** dave-mccowan has joined #openstack-security | 03:58 | |
| *** dave-mcc_ has joined #openstack-security | 04:03 | |
| *** dave-mccowan has quit IRC | 04:03 | |
| *** salv-orlando has joined #openstack-security | 04:16 | |
| *** markvoelker has joined #openstack-security | 04:19 | |
| *** salv-orlando has quit IRC | 04:21 | |
| *** markvoelker has quit IRC | 04:23 | |
| *** dave-mcc_ has quit IRC | 04:27 | |
| *** browne has joined #openstack-security | 04:27 | |
| *** markvoelker has joined #openstack-security | 05:20 | |
| *** markvoelker has quit IRC | 05:25 | |
| *** markvoelker has joined #openstack-security | 06:22 | |
| *** markvoelker has quit IRC | 06:27 | |
| *** Krast has joined #openstack-security | 06:51 | |
| *** salv-orlando has joined #openstack-security | 07:14 | |
| *** salv-orlando has quit IRC | 07:19 | |
| *** markvoelker has joined #openstack-security | 07:22 | |
| *** salv-orlando has joined #openstack-security | 07:27 | |
| *** markvoelker has quit IRC | 07:28 | |
| *** openstackgerrit has quit IRC | 07:36 | |
| *** openstackgerrit has joined #openstack-security | 07:36 | |
| *** browne has quit IRC | 08:15 | |
| *** markvoelker has joined #openstack-security | 08:25 | |
| *** markvoelker has quit IRC | 08:29 | |
| *** Krast has quit IRC | 08:33 | |
| *** salv-orlando has quit IRC | 08:33 | |
| *** salv-orlando has joined #openstack-security | 09:05 | |
| *** browne has joined #openstack-security | 09:14 | |
| *** elmiko has quit IRC | 09:20 | |
| *** elmiko has joined #openstack-security | 09:20 | |
| *** markvoelker has joined #openstack-security | 09:26 | |
| *** markvoelker has quit IRC | 09:31 | |
| openstackgerrit | Tim Kelsey proposed stackforge/anchor: Fixing several issues in Anchor startup https://review.openstack.org/161301 | 09:52 |
| *** salv-orlando has quit IRC | 09:59 | |
| openstackgerrit | Dave Belcher proposed stackforge/bandit: Refactored AST processing https://review.openstack.org/160166 | 10:01 |
| *** browne has quit IRC | 10:11 | |
| *** markvoelker has joined #openstack-security | 10:27 | |
| *** markvoelker has quit IRC | 10:31 | |
| openstackgerrit | Tim Kelsey proposed stackforge/anchor: Fixing several issues in Anchor startup https://review.openstack.org/161301 | 10:49 |
| *** salv-orlando has joined #openstack-security | 11:00 | |
| *** rkgudboy has joined #openstack-security | 11:16 | |
| *** markvoelker has joined #openstack-security | 11:28 | |
| *** markvoelker has quit IRC | 11:32 | |
| openstackgerrit | Tim Kelsey proposed stackforge/anchor: Fixing several issues in Anchor startup https://review.openstack.org/161301 | 11:38 |
| *** rohitkashyap has joined #openstack-security | 11:41 | |
| *** salv-orlando has quit IRC | 11:42 | |
| *** rkgudboy has quit IRC | 11:44 | |
| openstackgerrit | Tim Kelsey proposed stackforge/anchor: Fixing several issues in Anchor startup https://review.openstack.org/161301 | 11:48 |
| *** _amrith_ is now known as amrith | 12:25 | |
| *** markvoelker has joined #openstack-security | 12:29 | |
| *** tmcpeak has joined #openstack-security | 12:31 | |
| *** markvoelker has quit IRC | 12:34 | |
| *** markvoelker has joined #openstack-security | 12:38 | |
| *** rohitkashyap has quit IRC | 12:40 | |
| *** salv-orlando has joined #openstack-security | 12:56 | |
| openstackgerrit | Merged stackforge/bandit: Refactored AST processing https://review.openstack.org/160166 | 12:57 |
| openstackgerrit | Merged stackforge/bandit: Clean up test property decorators after refactor https://review.openstack.org/161024 | 13:06 |
| openstackgerrit | Merged stackforge/bandit: Refactor functional tests to clarify scoring https://review.openstack.org/161005 | 13:08 |
| *** dave-mccowan has joined #openstack-security | 13:11 | |
| *** ljfisher has joined #openstack-security | 13:54 | |
| *** browne has joined #openstack-security | 14:45 | |
| *** voodookid has joined #openstack-security | 15:26 | |
| *** dwyde has joined #openstack-security | 15:39 | |
| *** edmondsw has joined #openstack-security | 15:46 | |
| *** edmondsw has quit IRC | 15:47 | |
| *** edmondsw has joined #openstack-security | 15:47 | |
| *** edmondsw has quit IRC | 15:47 | |
| *** edmondsw has joined #openstack-security | 15:48 | |
| *** browne has quit IRC | 15:55 | |
| *** dwyde has quit IRC | 16:09 | |
| *** browne has joined #openstack-security | 16:10 | |
| *** dwyde has joined #openstack-security | 16:21 | |
| *** dave-mcc_ has joined #openstack-security | 16:28 | |
| *** salv-orlando has quit IRC | 16:29 | |
| *** dave-mccowan has quit IRC | 16:30 | |
| *** dave-mccowan has joined #openstack-security | 16:31 | |
| *** dave-mcc_ has quit IRC | 16:34 | |
| *** salv-orlando has joined #openstack-security | 16:39 | |
| openstackgerrit | Rob Fletcher proposed stackforge/bandit: Add mako templating plugin and XSS profile https://review.openstack.org/158801 | 16:44 |
| *** tkelsey has joined #openstack-security | 16:46 | |
| *** sicarie has joined #openstack-security | 16:47 | |
| tmcpeak | reminder: meeting in 5 mins - #openstack-meeting-alt | 16:55 |
| *** fletcher has joined #openstack-security | 17:00 | |
| *** fletcher has quit IRC | 17:00 | |
| *** fletcher has joined #openstack-security | 17:01 | |
| *** fletcher_ has joined #openstack-security | 17:01 | |
| *** bdpayne has joined #openstack-security | 17:04 | |
| *** fletcher has quit IRC | 17:04 | |
| *** bpokorny has joined #openstack-security | 17:08 | |
| *** bpokorny has quit IRC | 17:16 | |
| tmcpeak | sweston: can you come to #openstack-meeting-alt? | 17:16 |
| *** bpokorny has joined #openstack-security | 17:18 | |
| openstackgerrit | Merged openstack/security-doc: Fix typo "administator" https://review.openstack.org/161559 | 17:19 |
| openstackgerrit | Merged openstack/security-doc: Add reference links to Openstack Security Guide https://review.openstack.org/160868 | 17:29 |
| openstackgerrit | Merged openstack/security-doc: Removal of unnecessary parts of the text about boot process using TLS https://review.openstack.org/160881 | 17:31 |
| *** browne has quit IRC | 17:33 | |
| openstackgerrit | Tim Kelsey proposed stackforge/anchor: Adding functional testing https://review.openstack.org/161821 | 18:04 |
| *** JAHoagie has joined #openstack-security | 18:15 | |
| openstackgerrit | Shail Bhargava proposed openstack/security-doc: MySQL TLS transport config example https://review.openstack.org/159668 | 18:25 |
| openstackgerrit | Tim Kelsey proposed stackforge/anchor: Adding functional testing https://review.openstack.org/161821 | 18:29 |
| *** ljfisher has quit IRC | 18:32 | |
| *** ljfisher has joined #openstack-security | 18:36 | |
| *** dwyde has quit IRC | 18:37 | |
| *** amrith is now known as _amrith_ | 18:46 | |
| *** _amrith_ is now known as amrith | 18:49 | |
| openstackgerrit | Merged stackforge/bandit: Add mako templating plugin and XSS profile https://review.openstack.org/158801 | 18:59 |
| *** ljfisher has quit IRC | 19:01 | |
| *** ljfisher has joined #openstack-security | 19:02 | |
| *** ljfisher has quit IRC | 19:06 | |
| *** dwyde has joined #openstack-security | 19:14 | |
| *** browne has joined #openstack-security | 19:41 | |
| *** bdpayne has quit IRC | 19:56 | |
| *** bpokorny_ has joined #openstack-security | 20:02 | |
| *** bpokorny has quit IRC | 20:06 | |
| *** sicarie has quit IRC | 20:07 | |
| dwyde | I'm working on a bunch of additions to bandit's checks for dangerous functions | 20:07 |
| dwyde | things like os.system, pickle.load, cPickle, etc. | 20:07 |
| dwyde | I think it's cleaner to write plugins than to clutter "blacklist_functions" in the config file | 20:07 |
| dwyde | any thoughts? | 20:07 |
| *** bpokorny has joined #openstack-security | 20:08 | |
| *** bpokorny_ has quit IRC | 20:11 | |
| tmcpeak | dwyde: either is a viable approach, the original thought behind blacklist_functions was basically just that a bunch of tests are literally the same thing | 20:25 |
| tmcpeak | is this function being used? | 20:25 |
| *** openstackgerrit has quit IRC | 20:25 | |
| *** openstackgerrit has joined #openstack-security | 20:25 | |
| tmcpeak | if it's just that test, then it's up to implementer about where to put it, but blacklist_functions handles the logic for those extremely simple - flag every time this function is used, case | 20:26 |
| tmcpeak | if you have a single operating theme, it might be cleaner to implement them all in one plugin, in which case you can leave them out of blacklist_functions | 20:26 |
| tmcpeak | the choice is yours | 20:26 |
| dwyde | tmcpeak: got it, thanks | 20:27 |
| tmcpeak | sure | 20:27 |
| dwyde | the other thing I was thinking is that some tests might want to know about all the ways of calling a shell | 20:28 |
| dwyde | linux_commands_wildcard_injection, for example | 20:28 |
| tmcpeak | can you elaborate please? | 20:29 |
| dwyde | that test loops through a list of functions that can shell out (currently os.system, subprocess.Popen, and os.popen) | 20:29 |
| tmcpeak | yep | 20:30 |
| dwyde | so maybe it makes sense to have a central listing of functions that can call a shell | 20:30 |
| tmcpeak | the wildcard injection case is special | 20:30 |
| tmcpeak | it's not an issue that they can call shell, it's an issue in the way those particular commands work | 20:30 |
| tmcpeak | check this out: http://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt | 20:31 |
| dwyde | right, maybe I’m just riding the DRY high from the functional tests :-) | 20:32 |
| tmcpeak | :) | 20:32 |
| tmcpeak | brb | 20:33 |
| *** bdpayne has joined #openstack-security | 20:47 | |
| *** tkelsey has quit IRC | 20:58 | |
| *** salv-orlando is now known as ihate-salv-orlan | 20:59 | |
| *** ihate-salv-orlan is now known as salv-orlando | 21:00 | |
| *** tmcpeak has quit IRC | 21:17 | |
| *** tmcpeak has joined #openstack-security | 21:19 | |
| tmcpeak | dwyde: I see what you're saying | 21:21 |
| tmcpeak | by all means, clean that up :) | 21:21 |
| tmcpeak | sounds like a good optimization | 21:21 |
| dwyde | cool | 21:22 |
| *** gabriela has joined #openstack-security | 21:44 | |
| *** gabriela has left #openstack-security | 21:44 | |
| *** jamielennox|away is now known as jamielennox | 21:56 | |
| *** bpokorny_ has joined #openstack-security | 22:02 | |
| *** bpokorny has quit IRC | 22:05 | |
| *** edmondsw has quit IRC | 22:07 | |
| openstackgerrit | Joel Coffman proposed openstack/security-doc: Remove duplicate word in sentence https://review.openstack.org/161926 | 22:19 |
| *** tmcpeak has quit IRC | 23:12 | |
| *** openstack has joined #openstack-security | 23:53 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!