Wednesday, 2015-11-11

« Tuesday, 2015-11-10 Index Thursday, 2015-11-12 »
*** pdesai has quit IRC00:03
*** ccneill has quit IRC00:09
*** jmckind has joined #openstack-security00:22
*** bpokorny has quit IRC00:23
*** austin987 has quit IRC00:26
*** subscope has quit IRC00:35
*** austin987 has joined #openstack-security00:40
*** tjt263 has quit IRC00:40
*** tjt263 has joined #openstack-security00:41
*** tjt263 has quit IRC00:44
*** tjt263 has joined #openstack-security00:45
*** salv-orlando has quit IRC00:49
*** browne has quit IRC01:56
*** salv-orlando has joined #openstack-security01:57
*** salv-orlando has quit IRC01:59
*** salv-orlando has joined #openstack-security01:59
*** yuanying_ has joined #openstack-security02:02
*** edmondsw has quit IRC02:04
*** yuanying has quit IRC02:05
*** jmckind has quit IRC02:10
*** yuanying_ has quit IRC02:11
*** salv-orlando has quit IRC02:46
*** yuanying has joined #openstack-security02:52
*** jhfeng has joined #openstack-security02:53
*** jamielennox is now known as jamielennox|away03:00
*** jhfeng has quit IRC03:08
*** jamielennox|away is now known as jamielennox03:10
*** yuanying has quit IRC03:23
*** jerrygb has quit IRC03:33
*** jerrygb has joined #openstack-security03:34
*** agireud has joined #openstack-security03:34
*** agireud has quit IRC03:39
*** agireud has joined #openstack-security03:41
*** dave-mcc_ has quit IRC03:45
*** salv-orlando has joined #openstack-security03:47
*** salv-orlando has quit IRC03:52
*** yuanying has joined #openstack-security04:07
*** salv-orlando has joined #openstack-security04:48
*** salv-orlando has quit IRC04:52
*** jhfeng has joined #openstack-security05:06
*** jhfeng has quit IRC05:10
*** Ladillado has joined #openstack-security05:17
*** Ladillado has quit IRC05:18
*** jerrygb has quit IRC05:28
*** jerrygb has joined #openstack-security05:29
*** jerrygb has quit IRC05:33
*** subscope has joined #openstack-security05:45
*** jamielennox is now known as jamielennox|away06:29
*** subscope has quit IRC06:32
*** browne has joined #openstack-security06:57
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/24398207:14
*** jerrygb has joined #openstack-security07:30
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/24398207:31
*** jerrygb has quit IRC07:36
*** jamielennox|away has quit IRC07:41
*** whydidyoustealmy has joined #openstack-security07:42
*** barra204 has quit IRC07:43
*** liverpooler has joined #openstack-security07:45
*** subscope has joined #openstack-security08:07
*** alex_klimov has joined #openstack-security08:21
*** jamielennox|away has joined #openstack-security08:31
*** jamielennox|away is now known as jamielennox08:31
*** Windir has joined #openstack-security08:37
*** subscope has quit IRC08:52
*** subscope has joined #openstack-security09:08
*** browne has quit IRC09:09
*** subscope has quit IRC09:46
*** alex_klimov has quit IRC09:56
*** subscope has joined #openstack-security09:58
*** tjt263 has quit IRC10:20
*** shohel has joined #openstack-security10:32
*** alex_klimov has joined #openstack-security10:34
*** markvoelker has quit IRC10:37
*** subscope has quit IRC10:53
*** subscope has joined #openstack-security10:53
*** subscope has quit IRC11:14
openstackgerritTim Kelsey proposed openstack/bandit: Fixing bug when encountering tuple params  https://review.openstack.org/24405311:30
openstackgerritTim Kelsey proposed openstack/bandit: Fixing bug when encountering tuple params  https://review.openstack.org/24405311:32
*** markvoelker has joined #openstack-security11:37
*** markvoelker has quit IRC11:42
*** shohel has quit IRC12:04
*** subscope has joined #openstack-security12:05
*** shohel has joined #openstack-security12:20
*** shohel has quit IRC12:25
*** openstackgerrit has quit IRC12:31
*** openstackgerrit has joined #openstack-security12:31
openstackgerritTim Kelsey proposed openstack/bandit: os.system et al. all spawn a shell so we should use the same logic  https://review.openstack.org/24407512:36
*** jerrygb has joined #openstack-security12:37
*** shohel has joined #openstack-security12:52
*** markvoelker has joined #openstack-security12:53
*** markvoelker has quit IRC12:58
*** shohel has quit IRC13:03
*** salv-orlando has joined #openstack-security13:03
*** salv-orlando has quit IRC13:09
*** edmondsw has joined #openstack-security13:31
*** shohel has joined #openstack-security13:36
*** shohel has quit IRC13:41
*** dave-mccowan has joined #openstack-security13:41
*** shohel has joined #openstack-security13:41
*** Lalena has joined #openstack-security13:50
*** shohel has quit IRC13:53
*** subscope has quit IRC13:54
*** markvoelker has joined #openstack-security13:54
*** markvoelker has quit IRC13:58
*** Lalena has quit IRC14:00
*** agireud has quit IRC14:08
*** subscope has joined #openstack-security14:13
*** agireud has joined #openstack-security14:15
*** markvoelker has joined #openstack-security14:15
openstackgerritTim Kelsey proposed openstack/bandit: os.system et al. all spawn a shell so we should use the same logic  https://review.openstack.org/24407514:29
*** shohel has joined #openstack-security14:29
*** shohel1 has joined #openstack-security14:32
*** shohel has quit IRC14:32
*** tmcpeak has joined #openstack-security14:34
*** shohel1 has quit IRC14:36
*** shohel has joined #openstack-security14:43
*** austin987 has quit IRC14:45
*** jhfeng has joined #openstack-security15:10
*** sigmavirus24_awa is now known as sigmavirus2415:27
*** salv-orlando has joined #openstack-security15:38
openstackgerritMerged openstack/security-doc: Adding Security Checklist  https://review.openstack.org/24037015:54
*** shohel has quit IRC15:57
*** shohel has joined #openstack-security16:01
*** openstackgerrit has quit IRC16:02
*** openstackgerrit has joined #openstack-security16:02
*** liverpooler has quit IRC16:02
*** austin987 has joined #openstack-security16:12
*** shohel has quit IRC16:12
*** kun_huang_ has joined #openstack-security16:13
*** subscope has quit IRC16:14
*** subscope has joined #openstack-security16:15
*** dlitz_ has joined #openstack-security16:16
*** subscope has quit IRC16:16
*** kun_huang has quit IRC16:17
*** dlitz has quit IRC16:17
*** subscope has joined #openstack-security16:17
*** kun_huang_ is now known as kun_huang16:17
*** salv-orlando has quit IRC16:23
*** subscope has quit IRC16:27
*** alex_klimov has quit IRC16:27
*** subscope has joined #openstack-security16:29
*** subscope has quit IRC16:30
*** ccneill has joined #openstack-security16:33
*** subscope has joined #openstack-security16:33
*** bpokorny has joined #openstack-security16:58
*** yeison has joined #openstack-security16:58
*** yeison has left #openstack-security16:59
*** pdesai has joined #openstack-security17:02
*** salv-orlando has joined #openstack-security17:13
*** subscope has quit IRC17:13
*** subscope has joined #openstack-security17:33
openstackgerritTravis McPeak proposed openstack/bandit: Changing issue candidates in baseline to ordered dict  https://review.openstack.org/24424717:34
*** subscope has quit IRC17:35
*** markvoelker has quit IRC17:35
openstackgerritTravis McPeak proposed openstack/bandit: Adding the Text Baseline Formatter  https://review.openstack.org/24247517:35
*** koon has joined #openstack-security17:36
*** koon has quit IRC17:37
openstackgerritTravis McPeak proposed openstack/bandit: Adding the Text Baseline Formatter  https://review.openstack.org/24247517:40
*** browne has joined #openstack-security17:44
openstackgerritTravis McPeak proposed openstack/bandit: Adding the Text Baseline Formatter  https://review.openstack.org/24247517:56
*** markvoelker has joined #openstack-security18:31
*** austin987 has quit IRC18:34
*** austin987 has joined #openstack-security18:47
*** ccneill has quit IRC19:00
*** salv-orlando has quit IRC19:22
*** lexholden has joined #openstack-security19:23
*** salv-orlando has joined #openstack-security19:24
openstackgerritTravis McPeak proposed openstack/bandit: Adding the Text Baseline Formatter  https://review.openstack.org/24247519:45
*** salv-orlando has quit IRC19:52
*** salv-orlando has joined #openstack-security19:53
*** salv-orlando has quit IRC19:58
*** alex_klimov has joined #openstack-security20:09
openstackgerritTravis McPeak proposed openstack/bandit: Adding the Text Baseline Formatter  https://review.openstack.org/24247520:13
*** lexholden has quit IRC20:19
*** salv-orlando has joined #openstack-security20:39
openstackgerritTravis McPeak proposed openstack/bandit: Adding the Text Baseline Formatter  https://review.openstack.org/24247520:48
openstackgerritNathaniel Dillon proposed openstack/security-doc: Updating Bob's Case Studies - Tenant Data Privacy  https://review.openstack.org/23736920:49
openstackgerritTravis McPeak proposed openstack/bandit: Adding HTML baseline formatter  https://review.openstack.org/24430720:49
tmcpeakbrowne: can you do some reviews?20:51
tmcpeakfirst this: https://review.openstack.org/24424720:51
tmcpeakthen this: https://review.openstack.org/24247520:51
tmcpeakthen this: https://review.openstack.org/24430720:51
*** sigmavirus24 is now known as sigmavirus24_awa21:03
brownetmcpeak: sure21:13
tmcpeakbrowne: awesome, thank you21:14
*** jhfeng has quit IRC21:16
*** jhfeng has joined #openstack-security21:18
brownetmcpeak: could you explain the baseline formatters more to me.  not sure i understand how or what these are for21:20
tmcpeaksure - so with baseline our new approach is to pair down all the issues21:20
tmcpeakso if we had 2 insecure tmps in a file and now we have 3, we'll say one is the new issue21:21
tmcpeakbut we don't know which one21:21
tmcpeakso the baseline formatter will show candidate issues in the case where it can't match which is the new issue21:21
browneoh, its a delta from a previous run somehow?21:21
tmcpeakyeah, it compares to a JSON output that was taken on a previous run21:21
tmcpeakI've got a gate that will automatically do it based on the parent commit that I'll be upstreaming soon21:22
*** salv-orlando has quit IRC21:22
brownebut so it shows the issue, but not the line number?21:23
tmcpeakit makes a list of issues with corresponding candidates21:23
tmcpeakif there is only 1 candidate for an issue, it just shows it normally21:23
tmcpeakif there are 2+ candidates it shows the issue without the code and then the code blocks where it could be21:23
tmcpeakif you want to play with it, do this21:24
tmcpeakcreate some code, run bandit code.py -f json -o baseline.json21:24
browneha, was just about to ask21:24
tmcpeakthen add some issues21:24
tmcpeakrun bandit.py -b baseline.json21:24
tmcpeakyou'll see just the issues you've added21:24
tmcpeakif one of the is the same issue category you already had in there, you'll see candidates21:25
*** salv-orlando has joined #openstack-security21:25
brownethx, i'll play with it21:26
tmcpeakcool, sounds good21:26
tmcpeakbrowne: you might as well synch the HTML formatter, the output is cool (if I do say so myself)21:27
brownealright21:27
openstackgerritMerged openstack/bandit: Fixing bug when encountering tuple params  https://review.openstack.org/24405321:42
*** subscope has joined #openstack-security21:57
*** subscope has quit IRC22:02
*** alex_klimov has quit IRC22:08
*** salv-orlando has quit IRC22:13
*** jhfeng has quit IRC22:19
*** jhfeng has joined #openstack-security22:21
*** jhfeng has quit IRC22:22
*** jhfeng has joined #openstack-security22:22
*** edmondsw has quit IRC22:23
*** tmcpeak has quit IRC22:39
openstackgerritMerged openstack/bandit: Changing issue candidates in baseline to ordered dict  https://review.openstack.org/24424722:39
openstackgerritMerged openstack/security-doc: Updating Bob's Case Studies - Tenant Data Privacy  https://review.openstack.org/23736922:39
*** ccneill has joined #openstack-security23:26
*** jhfeng has quit IRC23:41
*** sicarie has quit IRC23:47
*** ccneill has quit IRC23:56
« Tuesday, 2015-11-10 Index Thursday, 2015-11-12 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!