Thursday, 2015-07-30

openstackgerrit	Eric Brown proposed openstack/bandit: Add a confidence filter https://review.openstack.org/207258	00:08
*** salv-orlando has quit IRC		00:31
*** edmondsw has quit IRC		00:34
*** h00327910__ has joined #openstack-security		00:58
*** bknudson has joined #openstack-security		01:17
*** browne has quit IRC		01:29
*** elo1 has quit IRC		01:49
*** baby has joined #openstack-security		01:49
*** baby has quit IRC		01:51
*** dey has joined #openstack-security		02:08
*** bpokorny has quit IRC		02:12
*** dey has quit IRC		02:38
*** bknudson has quit IRC		02:43
*** tmcpeak has joined #openstack-security		03:01
*** browne has joined #openstack-security		03:02
*** sdake has joined #openstack-security		03:05
*** markvoelker_ has quit IRC		03:20
*** markvoelker_ has joined #openstack-security		03:22
*** dave-mccowan has quit IRC		03:34
*** sdake has quit IRC		03:36
*** jamielennox\|away is now known as jamielennox		03:47
openstackgerrit	Eric Brown proposed openstack/bandit: Add a confidence filter https://review.openstack.org/207258	04:19
*** salv-orlando has joined #openstack-security		04:21
*** salv-orlando has quit IRC		04:25
*** mcurran has joined #openstack-security		04:26
*** jamielennox is now known as jamielennox\|away		04:33
*** luisle has joined #openstack-security		04:42
*** luisle has quit IRC		04:43
*** misc has quit IRC		04:50
*** misc has joined #openstack-security		04:52
*** tmcpeak has quit IRC		05:05
*** Eric_HOU has joined #openstack-security		05:15
*** Eric_HOU has left #openstack-security		05:32
*** lexholden has quit IRC		05:40
*** mcurran has quit IRC		05:49
*** salv-orlando has joined #openstack-security		05:54
*** salv-orlando has quit IRC		05:55
*** salv-orlando has joined #openstack-security		05:56
*** shohel has joined #openstack-security		06:23
*** browne has quit IRC		07:10
*** salv-orlando has quit IRC		07:15
*** tjt263 has joined #openstack-security		07:51
*** alex_klimov has joined #openstack-security		07:52
*** alex_klimov has quit IRC		07:53
*** alex_klimov has joined #openstack-security		07:53
*** jamielennox\|away is now known as jamielennox		07:57
*** OD_WA_Dawid_Loni has joined #openstack-security		08:10
*** OD_WA_Dawid_Loni has left #openstack-security		08:10
*** tjt263 has quit IRC		08:15
openstackgerrit	Merged openstack/anchor: Add stub for Sphinx documentation https://review.openstack.org/206920	08:24
*** salv-orlando has joined #openstack-security		08:37
*** salv-orlando has quit IRC		08:49
*** Warthebunny has joined #openstack-security		08:54
*** Warthebunny has left #openstack-security		08:55
*** tkelsey has joined #openstack-security		08:58
*** jamielennox is now known as jamielennox\|away		09:25
*** ig0r_ has joined #openstack-security		09:31
*** salv-orlando has joined #openstack-security		09:38
*** hyakuhei has joined #openstack-security		10:11
*** shohel has quit IRC		10:35
*** shohel has joined #openstack-security		10:36
*** salv-orl_ has joined #openstack-security		11:25
*** salv-orlando has quit IRC		11:26
*** Noobata has joined #openstack-security		11:46
*** Noobata has quit IRC		11:47
*** viraptor has quit IRC		12:14
*** bknudson has joined #openstack-security		12:18
*** edmondsw has joined #openstack-security		12:19
*** jamielennox\|away is now known as jamielennox		12:35
openstackgerrit	Tim Kelsey proposed openstack/bandit: Adding a more informative help message for "-l" https://review.openstack.org/207080	12:48
*** salv-orl_ has quit IRC		12:54
*** jamielennox is now known as jamielennox\|away		13:06
*** browne has joined #openstack-security		13:08
*** ig0r_ has quit IRC		13:10
*** ig0r_ has joined #openstack-security		13:16
*** rbrooker has joined #openstack-security		13:23
*** singlethink has joined #openstack-security		13:25
*** shohel has quit IRC		13:27
*** ig0r_ has quit IRC		13:31
openstackgerrit	Tim Kelsey proposed openstack/bandit: Adding documentation for configuration https://review.openstack.org/205501	13:32
*** salv-orlando has joined #openstack-security		13:49
*** shohel has joined #openstack-security		13:54
*** tmcpeak has joined #openstack-security		14:03
*** markvoelker_ has quit IRC		14:06
*** sigmavirus24_awa is now known as sigmavirus24		14:13
*** markvoelker has joined #openstack-security		14:27
*** markvoelker_ has joined #openstack-security		14:28
*** ig0r_ has joined #openstack-security		14:31
*** markvoelker has quit IRC		14:32
*** rbrooker has quit IRC		14:38
*** jmckind has joined #openstack-security		14:38
*** salv-orlando has quit IRC		14:42
*** voodookid has joined #openstack-security		14:44
*** voodookid has quit IRC		14:49
*** jmckind has quit IRC		15:00
*** dwyde has joined #openstack-security		15:01
*** rbrooker has joined #openstack-security		15:02
*** voodookid has joined #openstack-security		15:02
*** ig0r_ has quit IRC		15:03
*** ig0r__ has joined #openstack-security		15:03
*** jmckind has joined #openstack-security		15:05
*** ig0r_ has joined #openstack-security		15:08
*** ig0r__ has quit IRC		15:09
*** bpokorny has joined #openstack-security		15:11
*** ig0r__ has joined #openstack-security		15:12
*** fubi has joined #openstack-security		15:13
*** ig0r__ has quit IRC		15:15
*** ig0r_ has quit IRC		15:15
*** sdake has joined #openstack-security		15:27
*** singlethink has quit IRC		15:30
*** zul has quit IRC		15:31
openstackgerrit	Merged openstack/anchor: Remove unnecessary static auth code https://review.openstack.org/201874	15:35
*** jmckind has quit IRC		15:38
*** jmckind has joined #openstack-security		15:39
*** jmckind has quit IRC		15:39
*** jmckind has joined #openstack-security		15:40
*** rbrooker has quit IRC		15:45
*** ig0r_ has joined #openstack-security		15:52
openstackgerrit	Tim Kelsey proposed openstack/bandit: Bug fix for SQL tests https://review.openstack.org/207513	15:53
*** evandown has quit IRC		15:55
*** woodrow has quit IRC		15:55
*** h00327910__ has quit IRC		15:55
*** rbrooker has joined #openstack-security		15:58
*** rbrooker has quit IRC		16:06
*** salv-orl_ has joined #openstack-security		16:06
*** rbrooker has joined #openstack-security		16:08
*** zul has joined #openstack-security		16:10
*** jmckind has quit IRC		16:11
*** jmckind has joined #openstack-security		16:11
*** jmckind has quit IRC		16:11
*** jmckind has joined #openstack-security		16:11
*** rbrooker has quit IRC		16:14
*** zul has quit IRC		16:16
*** woodrow has joined #openstack-security		16:19
*** alex_klimov has quit IRC		16:22
*** zul has joined #openstack-security		16:28
*** jmckind has quit IRC		16:28
*** timkennedy has joined #openstack-security		16:30
*** jmckind has joined #openstack-security		16:32
*** zul has quit IRC		16:33
*** dwyde has quit IRC		16:39
*** salv-orl_ has quit IRC		16:39
*** fubi has quit IRC		16:40
*** zul has joined #openstack-security		16:42
*** singlethink has joined #openstack-security		17:04
Daviey	pants in American doesn't translate the same...... :)	17:07
*** evandown has joined #openstack-security		17:07
tmcpeak	ha, it doesn't?	17:07
tmcpeak	ooooh, I bet I know what it is in UK :P	17:07
*** elo has joined #openstack-security		17:08
*** h00327910__ has joined #openstack-security		17:08
elmiko	there needs to be an american<->english dictionary ;)	17:09
sigmavirus24	does jfdi mean what I think it means?	17:16
tmcpeak	yep	17:16
tmcpeak	with a nike swoosh symbol below it	17:17
*** dwyde has joined #openstack-security		17:18
timkennedy	i wonder if that's available as a license plate.	17:18
tmcpeak	I'm sure it is in North Dakota :P	17:18
sigmavirus24	lol	17:19
timkennedy	lol	17:19
Daviey	dg_ / bknudson: We should make better use of paste anyway.. Could help solve the API version stuff aswell	17:21
*** browne has quit IRC		17:33
*** shohel has quit IRC		17:36
Daviey	tmcpeak: Funnily enough, I was running https through stunnel->apache on that site... did a self-audit and found that I was exposing SSLv3	17:41
Daviey	tmcpeak: Was surprised to learn it was still in stunnel by default.	17:41
tmcpeak	Daviey: yeah, that's… not great :)	17:41
tmcpeak	good on you for finding it though	17:41
*** elo has left #openstack-security		17:44
Daviey	tmcpeak: I was experimenting with multiplexing TLS :443 with HTTP traffic, ssh-over-ssl and ssh-over-ssl-encoded-with-Markov-chains. Fun.	17:45
tmcpeak	do you ever sleep bro :P	17:45
sigmavirus24	tmcpeak: why would Daviey sleep?	17:49
tmcpeak	good Q	17:49
sigmavirus24	sleep is not beneficial to GTD	17:49
Daviey	Sleep is for the weak.	17:50
*** elo has joined #openstack-security		17:52
sigmavirus24	Sleep is for the people who don't maintain a tonne of things =P	18:01
*** dg_ has joined #openstack-security		18:04
dg_	Daviey you around?	18:04
*** salv-orlando has joined #openstack-security		18:05
Daviey	dg_: just	18:05
dg_	quick one - what roles is anchor expecting to see in keystone?	18:06
dg_	I have added an anchoruser who is a user in the anchor project	18:06
dg_	but when I get the json back from the keystone api, it doesnt list any roles, just the name and a few other bits	18:07
Daviey	dg_: That is another part of why it sucks... It correctly retrieves the roles, but is permissive by default.. no?	18:07
Daviey	So having ANY access on a keystone project gives you ability to create certs	18:08
dg_	so yeah i was thinking that sucks	18:08
dg_	on my list of things to fix, but turns out learning keystone was a little more involved than i thought	18:08
Daviey	dg_: but it does parse the groups and pass them up the stack	18:09
dg_	so the question is what I should have set in keystone to make it work?	18:09
Daviey	dg_: line 83+ lists the two roles by default https://review.openstack.org/#/c/206141/1/tests/auth/test_keystone.py	18:09
Daviey	dg_: Default keystone should JFDI	18:09
Daviey	dg_: Using devstack branch + that branch should give you a working setup	18:10
Daviey	dg_: I need to go now, but i'll be back in <2 hours if you are still around then	18:10
dg_	cheers for your help! I'll take another look at my keystone setup	18:11
dg_	I have to go to the pub in a bit, but might catch you tomorrow	18:11
*** browne has joined #openstack-security		18:12
*** jmckind has quit IRC		18:14
*** jmckind has joined #openstack-security		18:14
*** jmckind has quit IRC		18:15
*** tkelsey has quit IRC		18:19
*** ig0r__ has joined #openstack-security		18:24
*** singleth_ has joined #openstack-security		18:30
*** jraim_ has joined #openstack-security		18:31
*** sweston_ has joined #openstack-security		18:32
*** singlethink has quit IRC		18:33
*** misc_ has joined #openstack-security		18:34
*** sweston has quit IRC		18:34
*** jraim has quit IRC		18:34
*** misc has quit IRC		18:34
*** jraim_ is now known as jraim		18:35
*** sweston_ is now known as sweston		18:35
*** salv-orlando has quit IRC		18:40
*** dg_ has quit IRC		18:47
*** ig0r_ has quit IRC		18:50
hyakuhei	Hey tmcpeak how'd the meeting go?	19:02
elmiko	sicarie: do you want us to push some patches against these bugs in the rst stuff?	19:03
elmiko	hyakuhei: tmcpeak handled it well =)	19:03
hyakuhei	Excellent, sorry I couldn't make it. Damned customers! It's been a crazy few weeks.	19:03
hyakuhei	Anyone here have any experience building multi-network heat templates ?	19:04
*** ig0r_ has joined #openstack-security		19:04
elmiko	hehe, those darned customers, always getting the way of fun meetings ;)	19:04
hyakuhei	I know right!?	19:05
hyakuhei	I'm building up some sample heat templates for simple secure network deployments, separations, CoreOS clusters etc	19:06
tmcpeak	hyakuhei: yeah, went well	19:07
tmcpeak	elmiko: thank you :)	19:07
hyakuhei	Eventually I want to build one that stands up Snort inline with a nice reporting function too	19:07
hyakuhei	tmcpeak: I can't find the logs for it	19:07
*** jmckind has joined #openstack-security		19:08
tmcpeak	really?	19:08
*** jmckind has quit IRC		19:08
tmcpeak	http://eavesdrop.openstack.org/meetings/security/2015/security.2015-07-23-17.00.txt	19:09
hyakuhei	I'm thinking there might be some hiccup in the logging bot.	19:09
*** jmckind has joined #openstack-security		19:09
tmcpeak	oh wait,	19:09
tmcpeak	wrong one	19:09
tmcpeak	http://eavesdrop.openstack.org/meetings/security/2015/security.2015-07-30-17.02.log.txt	19:09
tmcpeak	^ that one	19:09
hyakuhei	excellent thanks, when I was looking in the DIR tree it wasn't showing that as up to date. Probably my mistake.	19:10
*** jmckind has quit IRC		19:10
tmcpeak	dg_ is even on the hook for JFDI'ing	19:10
*** jmckind has joined #openstack-security		19:10
hyakuhei	lol, looks like a fun meeting :P	19:11
*** jmckind has quit IRC		19:11
tmcpeak	:)	19:11
*** jmckind has joined #openstack-security		19:12
hyakuhei	what were the zuul issues on https://review.openstack.org/#/c/206141 Daviey ?	19:12
tmcpeak	zuul is just broken today	19:13
hyakuhei	aaah k	19:13
hyakuhei	Looks like a good change	19:13
*** jmckind has quit IRC		19:13
*** jmckind has joined #openstack-security		19:14
*** jmckind has quit IRC		19:14
*** jmckind has joined #openstack-security		19:20
*** jmckind has quit IRC		19:21
*** jmckind has joined #openstack-security		19:23
*** salv-orlando has joined #openstack-security		19:29
*** elo has quit IRC		19:34
sigmavirus24	hyakuhei: zuul was (last I checked) 7.5 hours behind because it went down earlier	19:37
*** openstackgerrit has quit IRC		19:46
*** openstackgerrit has joined #openstack-security		19:46
*** ig0r_ has quit IRC		19:56
*** dwyde has quit IRC		19:57
*** dwyde has joined #openstack-security		19:58
*** browne has quit IRC		20:02
*** browne has joined #openstack-security		20:03
*** singleth_ has quit IRC		20:04
*** jmckind has quit IRC		20:04
*** singlethink has joined #openstack-security		20:04
*** openstackgerrit has quit IRC		20:16
*** openstackgerrit has joined #openstack-security		20:16
*** tkelsey has joined #openstack-security		20:17
*** tkelsey has quit IRC		20:22
*** dwyde has left #openstack-security		20:27
*** jmckind has joined #openstack-security		20:36
sicarie	elmiko: ing	20:41
sicarie	ping, even	20:41
elmiko	sicarie: hey	20:41
sicarie	Yeah, I think those changes need to be made, I was going to submit them tonight, but if you have the time to take a crack at a few, that would be awesome	20:42
* Daviey checks in		20:42
elmiko	sicarie: i was gonna take a look at the missing case study stuff	20:42
Daviey	hyakuhei: Yeah, looks like just a stupidly large backlog... zuul has been up and down like a yoyo this week	20:42
sicarie	elmiko: awesome, that would be great	20:42
elmiko	sicarie: k, i'll put something up	20:43
sicarie	tahnks!	20:43
sicarie	thanks even!	20:43
* sicarie looks for his copy of Touch Typing for Beginners		20:43
*** browne has quit IRC		20:43
*** elo has joined #openstack-security		20:44
*** browne has joined #openstack-security		20:44
*** openstackgerrit has quit IRC		20:46
*** openstackgerrit has joined #openstack-security		20:46
Daviey	wow, looks like the queue is >12 hours	20:48
*** elo has quit IRC		20:48
openstackgerrit	Michael McCune proposed openstack/security-doc: fix instance management case studies https://review.openstack.org/207617	20:49
sicarie	>13 now (thanks a LOT elmiko)	20:49
elmiko	oops	20:49
elmiko	not that it matter, but it passed on my local tox check ¯\_(ツ)_/¯	20:53
sicarie	I wish my local tox checks worked :\	20:53
*** jamielennox\|away is now known as jamielennox		20:57
*** jmckind has quit IRC		20:59
*** jmckind has joined #openstack-security		21:00
*** openstack has joined #openstack-security		21:10
*** elo has joined #openstack-security		21:12
sigmavirus24	sicarie: why don't they?	21:17
sigmavirus24	or rather, what problems are you seeing with tox?	21:18
*** zul has joined #openstack-security		21:18
elmiko	sigmavirus24: dont tell me you're core on tox too... ;)	21:33
sigmavirus24	LOLNO	21:33
elmiko	i had to ask	21:35
*** markvoelker_ has quit IRC		21:46
sicarie	sigmavirus24: I did some update and haven't had time to un-bjork them	21:49
sigmavirus24	did you upgrade python?	21:50
sicarie	probably :)	21:50
sicarie	I don't remember - I was out for a week or so, and am heading out next week, so I haven't had time to sit down and fix it	21:50
*** ig0r__ has quit IRC		21:51
elmiko	probably just need a `tox -r` or something	21:52
sigmavirus24	^^	21:52
*** jmckind has quit IRC		21:55
*** sdake has quit IRC		22:05
*** sdake has joined #openstack-security		22:05
*** markvoelker has joined #openstack-security		22:08
*** sdake has quit IRC		22:10
*** sdake has joined #openstack-security		22:11
*** jamielennox is now known as jamielennox\|away		22:15
Daviey	Anyone here have a mac they can test a snippet of code for me please?	22:22
*** austin_laptop has joined #openstack-security		22:25
austin_laptop	hi, I wanted to report an issue with bandit, but it seems that issues are disabled on github for this project? https://github.com/openstack/bandit where should I report bugs?	22:25
austin_laptop	bandit fails to parse some source files of ours with python 3.4 (works with 3.3), and throws exceptions when run with a non high (-lll) level	22:28
elmiko	i think launchpad is where you want to log issues	22:28
elmiko	austin_laptop: https://bugs.launchpad.net/bandit	22:28
austin_laptop	elmiko, thanks	22:29
austin_laptop	elmiko, not sure if you're a contributor or not, but that would be helpful to put in the README (or I can send a PR)	22:29
elmiko	good idea	22:30
elmiko	and i have not contributed to bandit, although i do use it	22:30
*** markvoelker_ has joined #openstack-security		22:32
Daviey	austin_laptop: It is indeed Launchpad	22:34
Daviey	austin_laptop: FIle bugs here, https://bugs.launchpad.net/bandit/+filebug	22:34
*** markvoelker has quit IRC		22:35
Daviey	elmiko: What OS do you use?	22:37
elmiko	fedora mainly, these days. i do have a mac though	22:38
*** singlethink has quit IRC		22:38
Daviey	elmiko: Would you mind runing a snippet of code for me on both OS's? :)	22:38
elmiko	not at all	22:38
Daviey	elmiko: https://gist.github.com/Daviey/6edf198a996ba55a0167	22:38
Daviey	You'll need to (pip) install appdirs	22:39
elmiko	ok	22:39
elmiko	(this better not be some sort of complicated rick roll)	22:39
austin_laptop	Daviey, thanks, already filed two issues :) https://bugs.launchpad.net/bandit/+bug/1479996 / https://bugs.launchpad.net/bandit/+bug/1479997	22:40
openstack	Launchpad bug 1479996 in Bandit "bandit fails to run with medium severity under python 3.4" [Undecided,New]	22:40
openstack	Launchpad bug 1479997 in Bandit "syntax error while parsing AST from file (python 3.4)" [Undecided,New]	22:40
Daviey	austin_laptop: sweet! Thanks. Out of interest where did you hear of bandit?	22:40
Daviey	elmiko: I dropped the ball there.. I reckon i could gave pulled out some random bits of a path and generated a rickroll url	22:41
austin_laptop	Daviey, internal security team asked me (release engineering) to try it on some of our python projects	22:41
austin_laptop	I'd have to ask my contact where he heard of it though	22:41
Daviey	austin_laptop: Not urgent.. Just curious how it is getting exposure.	22:42
elmiko	Daviey: k, i'm all setup	22:42
austin_laptop	Daviey, gotcha	22:42
elmiko	oop sorry, didn't see the gist	22:43
elmiko	Daviey: on fedora,	22:45
elmiko	$ python daviey-test.py	22:45
elmiko	['./bandit.yaml', '/home/mike/.config/bandit/bandit.yaml', '/etc/bandit/bandit.yaml', '/usr/local/etc/bandit/bandit.yaml']	22:45
*** elo has joined #openstack-security		22:46
Daviey	ok, great.. same as Ubuntu	22:46
Daviey	Is your mac handy?	22:46
austin_laptop	Daviey, not sure if you can commit, but https://github.com/openstack/bandit/pull/2	22:47
elmiko	Daviey: on mac,	22:48
elmiko	$ python daviey-test.py	22:48
elmiko	['./bandit.yaml', '/Users/mike/Library/Application Support/bandit/bandit.yaml', '/Library/Application Support/bandit/bandit.yaml']	22:48
elmiko	also, that print is not py3 compliant... ಠ_ಠ	22:48
Daviey	austin_laptop: We actually use gerrit to handle pull requests, the github mirror is read only.	22:48
Daviey	elmiko: Pah!	22:48
elmiko	lol	22:48
Daviey	elmiko: Dumb question, but on Mac is ~ == /Users/mike/ ?	22:49
elmiko	yes	22:49
Daviey	ta	22:49
elmiko	the max is just happy to have some action lol	22:49
elmiko	*mac	22:49
austin_laptop	Daviey, so where should I send the patch? I don't see anything about that in the README either..	22:50
Daviey	austin_laptop: Yeah, we should really make the README more useful!	22:50
elmiko	austin_laptop: you probably want to start by reading the openstack gerrit workflow	22:50
elmiko	http://docs.openstack.org/infra/manual/developers.html	22:51
elmiko	all projects in openstack follow that generla pattern for submissions	22:51
Daviey	elmiko: Are we allowed to 'sponsor' pull requests?	22:51
elmiko	like, from github?	22:52
Daviey	I mean, if someone wants to do a drive-by submission.. can we push up a gerrit?	22:52
Daviey	yeah, so pull the branch from github and 'git review' it	22:52
elmiko	you could cherry-pick their commit off git and push it yourself	22:52
elmiko	yea, that's fine afaik	22:52
austin_laptop	elmiko, thanks for the link, but that's a lot of work for a 3 line patch (I don't see myself sending many patches upstream)	22:52
Daviey	right, but is it allowed by OpenStack Contributor Agreement BS?	22:52
elmiko	good question	22:52
austin_laptop	especially since I'd have to sign a CLA/etc.	22:52
Daviey	austin_laptop: Hold that thought!	22:52
* austin_laptop holding		22:53
sigmavirus24	austin_laptop: if you're using bandit on a project using python 3.4 then run bandit under python3.4	22:53
elmiko	i mean, as long as austin_laptop is giving specific permission and no rights attached, i don't see why not, but inal	22:53
sigmavirus24	my guess is that if you're installing bandit for python 2.7 and that's why you're having issues	22:54
austin_laptop	sigmavirus24, I made a gentoo ebuild, with support for 2.7 and 3.4	22:56
austin_laptop	though regarding the ast issue, you're right, the two projects I tested are 2.7 only	22:57
austin_laptop	that doesn't explain the exception thrown with -ll -n3 though (while -lll -n3 works)	23:01
austin_laptop	elmiko, it would be trivial to reword the patch if you're worried about infringement. I don't really care if my name is on it, I just want to prevent confusion for others about where to report issues	23:03
*** tkelsey has joined #openstack-security		23:05
elmiko	austin_laptop: i'm just guessing that's what Daviey was referring to when he mentioned CLA/etc.	23:06
elmiko	austin_laptop: i think the best course foward, if you don't want post a patch in gerrit is to create a bug in launchpad and attach your patch there as a diff or something	23:07
Daviey	austin_laptop: Okay, i'll just re-implement it... I was just talking to the infra' people, and they seem to think i need to talk to lawyers.	23:07
Daviey	FML	23:07
elmiko	hehe	23:07
*** tmcpeak1 has quit IRC		23:08
sigmavirus24	Daviey: don't you have lawyers on autodial?	23:08
austin_laptop	Daviey, thanks	23:08
Daviey	sigmavirus24: In dayjob(s), sadly i do.	23:08
elmiko	night gang	23:09
*** tkelsey has quit IRC		23:09
sigmavirus24	austin_laptop: so I don't understand. You made bandit work on Python 3.3 and to check a Python 2.7 only project (ostensibly containing Python 2.7 only code) ...	23:09
*** voodookid has quit IRC		23:09
sigmavirus24	bandit's classifiers explicitly say it is only intended to be run on Python 2.7 and whichever version you install it under should be the same as the project you're intending to run it against	23:10
sigmavirus24	Python 2.7 only project => Install bandit on 2.7 and run it against the project	23:10
* sigmavirus24 thought that was at least in the README		23:10
austin_laptop	sigmavirus24, that is; though I'm not sure how gentoo's python_compat stuff works, e.g., how to force the non-default python to be used	23:12
sigmavirus24	Oh gentoo uses 3.x by default?	23:12
sigmavirus24	A) That's awesome	23:12
sigmavirus24	B) Virtual Environments are your friend	23:12
austin_laptop	sigmavirus24, well, our internal systems do. Not sure about gentoo upstream	23:14
sigmavirus24	One sec, my coworker maintains the openstack packages for Gentoo. I'm going to ping him in here to see if he can help out	23:14
austin_laptop	sigmavirus24, thanks	23:14
sigmavirus24	It's well past our quitting time though so he might not be around for the night	23:14
*** markvoelker_ has quit IRC		23:14
openstackgerrit	Dave Walker proposed openstack/bandit: Actually default to /etc/ rather than just claim https://review.openstack.org/203451	23:14
austin_laptop	no worries; I'll probably idle here for a while	23:15
Daviey	sigmavirus24: I'd really like your review on that ^^, i'm not quite sure i like the unit tests TBH.	23:16
austin_laptop	alternatively, if bandit had a way to specify the python binary to use, that may also provide a workaround	23:17
sigmavirus24	austin_laptop: that's not how bandit is designed to work	23:18
Daviey	austin_laptop: /usr/bin/python2.7 /usr/local/bandit -c foo.yaml file.py ?	23:18
sigmavirus24	Daviey: that won't work if bandit is installed into python3.4's site-packages directory	23:18
Daviey	Oh true	23:18
sigmavirus24	It sounds like bandit is installed on Python 3.x for austin_laptop and they need it to be installed on Python 2.7	23:18
sigmavirus24	austin_laptop: I have no clue how gentoo works but I'm assuming you have python2.7 installed. You could use virtualenv and do `virtualenv -p python2.7 bandit-env; source bandit-env/bin/activate; pip install bandit; bandit -c config.yaml -r project`	23:19
sigmavirus24	That sidesteps emerge and all that other noise until you have time to figure that out. You can then get bandit running at least	23:20
austin_laptop	sigmavirus24, thanks for the suggestion; Daviey's suggestion also works	23:20
sigmavirus24	... that's very ... interesting	23:20
austin_laptop	for reference, installed files: http://pastebin.ca/3082403	23:20
sigmavirus24	huh	23:21
sigmavirus24	Works fo rme	23:21
austin_laptop	http://pastebin.ca/3082405 for getting the right python version, at least..	23:22
sigmavirus24	so Daviey I haven't looked at the tests yet, but I'm wondering if you had trouble mocking out the functions from app_dirs	23:22
Daviey	sigmavirus24: Sort of... I'd really have liked a built in appdirs mock.. but rather than do that.. I'm using the same logic to generate the paths in the test, then mocking os.path.isfile() to selectively lie about the presence.	23:23
Daviey	So on a Mac, the test data differs from Linux.	23:23
sigmavirus24	Daviey: that output could be so much better. We could group those files by directory to make it easier to read	23:24
Daviey	It is kinda testing that 0==0 and 1==1, but meh	23:24
sigmavirus24	Daviey: that's how I feel about most mocked tests	23:25
sigmavirus24	Daviey: you should watch my talk from PyCon because I talk about that =P	23:26
Daviey	linky for the lazy?	23:26
sigmavirus24	Daviey: I'm going to eat dinner quickly and then I'll finish looking at your patch	23:26
sigmavirus24	one sec	23:26
*** jmckind has joined #openstack-security		23:26
sigmavirus24	Daviey: https://www.youtube.com/watch?v=YHbKxFcDltM	23:26
Daviey	ta	23:26
sigmavirus24	brb	23:27
austin_laptop	sigmavirus24, while poking around, I noticed that there are two binaries installed: /usr/lib/python-exec/python3.4/bandit and /usr/lib/python-exec/python2.7/bandit, calling those with the full path gets the right python version	23:31
austin_laptop	sigmavirus24, I found the gentoo way: EPYTHON=python2.7 bandit ... or EPYTHON=python3.4 bandit ...	23:44
*** viraptor has joined #openstack-security		23:50
openstackgerrit	Stanislaw Pitucha proposed openstack/anchor: Simplify the tests https://review.openstack.org/201875	23:54
*** salv-orlando has quit IRC		23:57

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!