Thursday, 2016-03-17

« Wednesday, 2016-03-16 Index Friday, 2016-03-18 »
*** tmcpeak has quit IRC00:04
*** austin987 has quit IRC00:16
*** tmcpeak has joined #openstack-security00:24
*** austin987 has joined #openstack-security00:31
*** tmcpeak has quit IRC00:37
*** tmcpeak has joined #openstack-security00:38
*** salv-orl_ has quit IRC00:40
*** JAHoagie has joined #openstack-security00:49
*** JAHoagie has quit IRC01:00
*** bpokorny has quit IRC01:04
*** tmcpeak has quit IRC01:08
*** browne has quit IRC02:03
*** salv-orlando has joined #openstack-security02:03
*** jhfeng has joined #openstack-security02:08
*** salv-orlando has quit IRC02:12
*** avarner has quit IRC02:12
*** jhfeng has quit IRC02:19
*** dave-mccowan has quit IRC02:19
*** nkinder has quit IRC02:19
*** jraim has quit IRC02:19
*** jhfeng has joined #openstack-security02:25
*** dave-mccowan has joined #openstack-security02:25
*** nkinder has joined #openstack-security02:25
*** jraim has joined #openstack-security02:25
*** tkelsey has joined #openstack-security02:50
*** tkelsey has quit IRC02:54
*** markvoelker has quit IRC03:15
*** salv-orlando has joined #openstack-security03:17
*** salv-orlando has quit IRC03:26
*** tmcpeak has joined #openstack-security03:44
*** tmcpeak has quit IRC03:49
*** jhfeng has quit IRC03:59
*** dave-mccowan has quit IRC04:00
*** jass93 has joined #openstack-security04:01
*** jass93_ has quit IRC04:02
*** tmcpeak has joined #openstack-security04:05
*** tmcpeak has quit IRC04:09
*** tmcpeak has joined #openstack-security04:26
*** tmcpeak has quit IRC04:30
*** browne has joined #openstack-security04:39
*** salv-orlando has joined #openstack-security04:48
*** austin987 has quit IRC04:50
*** salv-orlando has quit IRC04:51
*** markvoelker has joined #openstack-security05:15
*** markvoelker has quit IRC05:21
*** tmcpeak has joined #openstack-security05:23
*** tmcpeak has quit IRC05:27
*** salv-orlando has joined #openstack-security06:13
*** tmcpeak has joined #openstack-security06:20
*** salv-orlando has quit IRC06:23
*** tmcpeak has quit IRC06:24
*** BigWillie has joined #openstack-security06:33
*** BigWillie has quit IRC06:34
*** tmcpeak has joined #openstack-security06:40
*** tmcpeak has quit IRC06:44
*** tkelsey has joined #openstack-security06:51
*** markvoelker has joined #openstack-security06:52
*** tkelsey has quit IRC06:56
*** markvoelker has quit IRC06:58
*** tesseract has joined #openstack-security07:15
*** tesseract is now known as Guest5718207:15
*** shakamunyi has quit IRC07:18
*** shakamunyi has joined #openstack-security07:23
*** salv-orlando has joined #openstack-security07:32
*** rcernin has joined #openstack-security07:39
*** salv-orlando has quit IRC07:40
*** tkelsey has joined #openstack-security07:43
*** y_sawai has joined #openstack-security07:46
*** tkelsey has quit IRC07:57
*** browne has quit IRC08:02
*** salv-orlando has joined #openstack-security08:23
*** pcaruana has joined #openstack-security08:24
*** barra204 has joined #openstack-security08:43
*** shakamunyi has quit IRC08:44
*** liverpooler has joined #openstack-security08:49
*** y_sawai has quit IRC08:57
*** y_sawai has joined #openstack-security09:01
*** salv-orlando has quit IRC09:07
*** d0ugal has quit IRC09:13
*** d0ugal has joined #openstack-security09:15
*** y_sawai has quit IRC09:33
*** y_sawai has joined #openstack-security09:33
*** y_sawai has quit IRC09:33
*** y_sawai has joined #openstack-security09:40
*** tkelsey has joined #openstack-security09:54
*** tkelsey has quit IRC09:58
*** y_sawai has quit IRC10:04
*** y_sawai has joined #openstack-security10:07
*** y_sawai has quit IRC10:35
*** tkelsey has joined #openstack-security10:42
*** tkelsey has quit IRC10:46
*** salv-orlando has joined #openstack-security11:07
*** salv-orlando has quit IRC11:18
*** openstackgerrit has quit IRC11:48
*** openstackgerrit has joined #openstack-security11:48
*** dave-mccowan has joined #openstack-security11:53
*** edmondsw has joined #openstack-security12:18
*** tkelsey has joined #openstack-security12:43
*** ninag has joined #openstack-security12:43
*** tkelsey has quit IRC12:47
*** salv-orlando has joined #openstack-security12:48
*** Trident has quit IRC12:57
*** salv-orlando has quit IRC12:58
*** markvoelker has joined #openstack-security13:11
*** Trident has joined #openstack-security13:12
*** salv-orlando has joined #openstack-security13:15
*** avarner has joined #openstack-security13:44
*** sigmavirus24_awa is now known as sigmavirus2413:47
*** cleong has joined #openstack-security13:52
*** mvaldes has joined #openstack-security14:00
*** mvaldes1 has joined #openstack-security14:06
*** mvaldes has quit IRC14:10
*** cjschaef has joined #openstack-security14:20
*** pcaruana has quit IRC14:28
*** sigmavirus24 is now known as sigmavirus24_awa14:40
*** sigmavirus24_awa is now known as sigmavirus2414:41
*** ccneill has joined #openstack-security14:45
*** cjschaef has quit IRC14:49
*** ccneill_ has joined #openstack-security14:52
*** edtubill has joined #openstack-security14:53
*** ccneill has quit IRC14:54
*** ccneill_ has quit IRC14:57
*** cjschaef has joined #openstack-security14:59
*** alejandrito has joined #openstack-security15:05
*** tmcpeak has joined #openstack-security15:11
*** jhfeng has joined #openstack-security15:16
*** browne has joined #openstack-security15:22
*** liverpooler has quit IRC15:23
*** tkelsey has joined #openstack-security15:25
*** avarner has quit IRC15:33
*** jhfeng has quit IRC15:39
*** pdesai has joined #openstack-security15:40
*** pdesai has quit IRC15:44
*** pdesai has joined #openstack-security15:45
*** JAHoagie has joined #openstack-security15:47
*** pdesai1 has joined #openstack-security15:48
*** pdesai has quit IRC15:49
*** bpokorny has joined #openstack-security15:50
*** pdesai has joined #openstack-security15:52
*** pdesai1 has quit IRC15:53
*** pdesai1 has joined #openstack-security15:56
*** pdesai has quit IRC15:57
openstackgerritJoel Coffman proposed openstack/security-doc: [security-guide]Update the content of the signed image validation  https://review.openstack.org/28764015:57
tkelseyhi ykotko, are you about?16:00
tmcpeakdaylight savings?16:00
tkelseytmcpeak: humm?16:01
tmcpeakthought it was meeting time16:01
tmcpeakdaylight savings in the US always messes me up16:01
tkelseybah, forgot about that16:01
tkelseyno its in an hour16:02
tmcpeakthis is the one people in US show up early for16:02
tmcpeakone in September people miss ;)16:02
tkelseylol16:02
tkelseyso tmcpeak were you able to repro https://bugs.launchpad.net/bandit/+bug/1554112 ?16:03
openstackLaunchpad bug 1554112 in Bandit "After excluding plugin from the bandit.yaml it still was used during the scaning" [Critical,Confirmed] - Assigned to Tim Kelsey (tim-kelsey)16:03
tmcpeakyeah not only that but check this out16:03
tmcpeakone sec16:03
tmcpeaktkelsey: run this bandit -r <project> -s B110 and look carefully at the headers16:04
tmcpeakcommand line exclude is being included in profile exclude list16:04
tkelseyoh yeah16:05
tkelseyd'oh my bad, I'll fix that one. I was just trying to repro the other one16:05
tkelseyis there a bug in LP for the header one?16:06
tkelseyif not i'll make one16:06
tmcpeaktkelsey: and also config generator just puts this: # (optional) list included tests here:16:06
tmcpeakit should aslo put the option (with comment) that you'd actually use to exclude/include tests16:07
tmcpeaktkelsey: no, I don't have a bug16:08
tmcpeakbut yeah, I also repro'd that issue16:08
tkelseyok, let me fix that simple one first :P then I'll talk about repro for the second, I didnt manage to trigger it16:10
tmcpeakok16:13
*** avarner has joined #openstack-security16:14
*** pdesai has joined #openstack-security16:20
openstackgerritTim Kelsey proposed openstack/bandit: The source of include/exclude conditions was incorrectly reported  https://review.openstack.org/29413516:21
*** sicarie has joined #openstack-security16:22
*** pcaruana has joined #openstack-security16:22
tkelseytmcpeak: ^16:22
*** pdesai1 has quit IRC16:22
*** cjschaef has quit IRC16:25
*** salv-orlando has quit IRC16:25
tmcpeaktkelsey: looking16:25
tkelseyty16:25
*** salv-orlando has joined #openstack-security16:26
*** cjschaef has joined #openstack-security16:27
*** browne has quit IRC16:29
*** ninag has quit IRC16:29
*** ninag has joined #openstack-security16:29
*** ninag_ has joined #openstack-security16:30
*** ninag_ has quit IRC16:32
tkelseycool, so tmcpeak how did you repro that other bug then? I tried using the config on LP and the All profile but it seemed to work for me?16:32
*** ninag_ has joined #openstack-security16:33
tmcpeakyeah there was another one yesterday16:33
tmcpeaklet me see if I have it in my scrollback16:34
*** avarner_ has joined #openstack-security16:34
*** ninag has quit IRC16:34
tmcpeaktkelsey: I don't have his (her) paste anymore16:36
*** avarner__ has joined #openstack-security16:36
*** avarner_ has quit IRC16:36
tkelseyok, I'll do some digging, thanks man16:37
tmcpeakthe config didn't look right though16:38
*** avarner has quit IRC16:38
tmcpeakI remember that :)16:38
tmcpeakseemed like the case where we should have better validation of the things in the config file16:38
tmcpeakit dumped a traceback16:38
tkelseyyeah, the config needs validating for sure16:39
*** ninag_ has quit IRC16:44
*** ninag has joined #openstack-security16:44
*** sigmavirus24 is now known as sigmavirus24_awa16:45
*** sigmavirus24_awa is now known as sigmavirus2416:45
*** yarkot_ has joined #openstack-security16:48
*** alejandrito has quit IRC16:49
*** ninag has quit IRC16:49
*** alejandrito has joined #openstack-security16:51
*** singlethink has joined #openstack-security16:59
*** hyakuhei has joined #openstack-security17:01
*** alejandrito has quit IRC17:01
*** ninag has joined #openstack-security17:08
*** browne has joined #openstack-security17:15
*** B_Smith_ has quit IRC17:15
*** B_Smith has joined #openstack-security17:16
*** yarkot_ has quit IRC17:19
sigmavirus24I have to cut out of the meeting early tmcpeak  but I'll chat with y'all later17:28
tmcpeaksigmavirus24: sounds good17:29
openstackgerritMerged openstack/bandit: The source of include/exclude conditions was incorrectly reported  https://review.openstack.org/29413517:31
*** ninag has quit IRC17:34
*** ninag has joined #openstack-security17:35
*** ninag has quit IRC17:36
*** ninag has joined #openstack-security17:36
*** Guest57182 has quit IRC17:36
*** ninag has quit IRC17:39
*** ninag has joined #openstack-security17:39
*** ninag has quit IRC17:43
openstackgerritMerged openstack/bandit: Update command line help baseline report  https://review.openstack.org/28955317:53
*** rcernin has quit IRC17:55
*** sigmavirus24 is now known as sigmavirus24_awa18:00
*** hyakuhei has quit IRC18:00
*** sicarie has quit IRC18:00
*** singlethink has quit IRC18:03
*** ninag has joined #openstack-security18:17
*** pcaruana has quit IRC18:18
*** cleong has quit IRC18:22
*** sigmavirus24_awa is now known as sigmavirus2418:28
*** pcaruana has joined #openstack-security18:30
tkelseytmcpeak: I cant seem to repro this bug18:42
tkelseyykotko: are you about?18:43
tmcpeaktkelsey: hmm18:43
tmcpeaktkelsey: maybe drop a comment on the bug?18:44
tmcpeakask ykotko to attach pastebin of his profile and the command line18:44
tkelseyso im running "bandit -c ./bandit_hack.yml -r ./fuel-web/ -n5 -p All" with my config edited to match the one in the bug report18:44
tmcpeakthen go do something fun with the evening :)18:44
tmcpeakyeah I didn't repro with the one in the bug report either18:44
tkelseyheh, yeah I want to try and get this one nailed down if i can18:45
tmcpeakhe put a new one which I promptly lost18:45
tkelseyah lol18:45
tmcpeakhe/she18:45
tkelseyhumm, OK, well i cant repro it, so i'll comment and se if i can get some more info18:46
tmcpeakcool18:47
chair6if this is the same bug, i repro'd it yesterday.. but from current bandit release on pypi18:48
tmcpeakahh ok18:52
tmcpeakI repro'd with a different config on master18:52
*** ninag has quit IRC18:56
*** ninag has joined #openstack-security19:00
*** ninag has quit IRC19:05
*** tkelsey has quit IRC19:08
*** ninag has joined #openstack-security19:10
*** mvaldes1 has quit IRC19:12
*** tkelsey has joined #openstack-security19:12
*** salv-orl_ has joined #openstack-security19:16
*** salv-orlando has quit IRC19:19
openstackgerritMerged openstack/security-doc: add a readme to the security guide project  https://review.openstack.org/28615219:20
*** mvaldes has joined #openstack-security19:23
*** ninag has quit IRC19:43
*** tkelsey has quit IRC19:49
*** avarner_ has joined #openstack-security19:59
*** avarner__ has quit IRC20:02
*** pcaruana has quit IRC20:17
*** pcaruana has joined #openstack-security20:30
*** ninag has joined #openstack-security20:34
*** ametts has joined #openstack-security20:42
*** mvaldes has quit IRC20:56
*** mvaldes has joined #openstack-security21:06
*** pdesai has quit IRC21:30
*** cjschaef has quit IRC21:33
*** tmcpeak has quit IRC21:35
*** tmcpeak has joined #openstack-security21:36
*** mvaldes has quit IRC21:43
*** ninag has quit IRC21:44
*** jass93_ has joined #openstack-security22:02
*** jass93 has quit IRC22:02
*** nkinder has quit IRC22:04
*** nkinder has joined #openstack-security22:04
*** zul has joined #openstack-security22:06
*** edtubill has quit IRC22:08
*** ametts has quit IRC22:14
*** zul has quit IRC22:18
openstackgerritEric Brown proposed openstack/bandit: Adding test for os.path.join with variables  https://review.openstack.org/28144122:21
*** bpokorny_ has joined #openstack-security22:31
*** bpokorny has quit IRC22:34
*** edtubill has joined #openstack-security22:40
*** sigmavirus24 is now known as sigmavirus24_awa22:40
openstackgerritMerged openstack/security-doc: [security-guide]Update the content of the signed image validation  https://review.openstack.org/28764022:46
*** edtubill has quit IRC23:24
*** bpokorny_ has quit IRC23:31
*** bpokorny has joined #openstack-security23:32
*** bpokorny has quit IRC23:32
*** bpokorny has joined #openstack-security23:33
*** Trident has quit IRC23:40
*** Trident has joined #openstack-security23:40
*** tmcpeak has quit IRC23:43
*** markvoelker has quit IRC23:54
« Wednesday, 2016-03-16 Index Friday, 2016-03-18 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!