Thursday, 2016-10-06

« Wednesday, 2016-10-05 Index Friday, 2016-10-07 »
*** dikonoor has joined #openstack-security00:09
*** knangia has quit IRC00:12
*** vinaypotluri has quit IRC00:12
*** dikonoor has quit IRC00:18
*** markvoelker has joined #openstack-security00:22
*** markvoelker has quit IRC00:27
*** BR5C003Y_D00 has joined #openstack-security00:47
*** dave-mcc_ has joined #openstack-security00:54
*** zul has joined #openstack-security00:55
*** dave-mccowan has quit IRC00:55
*** BR5C003Y_D00 has quit IRC00:59
*** browne has quit IRC01:04
*** zul has quit IRC01:08
*** zul has joined #openstack-security01:12
*** encodingcollecto has joined #openstack-security01:22
*** jass93_ has joined #openstack-security01:25
*** dave-mccowan has joined #openstack-security01:27
*** dave-mcc_ has quit IRC01:29
*** encodingcollecto has quit IRC01:57
*** dave-mccowan has quit IRC02:01
*** gouthamr has quit IRC02:07
*** yuanying has quit IRC02:27
*** sdake has joined #openstack-security03:14
*** knangia has joined #openstack-security03:32
*** sdake_ has joined #openstack-security03:45
*** sdake has quit IRC03:47
*** yuanying has joined #openstack-security04:13
*** agireud has quit IRC04:16
*** diazjf has joined #openstack-security04:19
*** agireud has joined #openstack-security04:24
*** markvoelker has joined #openstack-security04:25
*** markvoelker has quit IRC04:30
*** salv-orlando has joined #openstack-security04:41
*** yuanying has quit IRC04:45
*** liverpooler has quit IRC04:45
*** salv-orlando has quit IRC04:46
*** yuanying has joined #openstack-security04:54
*** salv-orlando has joined #openstack-security05:07
*** diazjf has quit IRC05:09
*** markvoelker has joined #openstack-security05:26
*** markvoelker has quit IRC05:31
*** knangia has quit IRC05:52
*** liverpooler has joined #openstack-security06:02
*** yuanying has quit IRC06:02
*** liverpooler has quit IRC06:07
*** liverpooler has joined #openstack-security06:07
*** sdake_ has quit IRC06:11
*** rcernin has joined #openstack-security06:15
*** markvoelker has joined #openstack-security06:27
*** salv-orlando has quit IRC06:29
*** markvoelker has quit IRC06:32
*** salv-orlando has joined #openstack-security06:36
*** shohel has joined #openstack-security06:40
*** salv-orlando has quit IRC06:41
*** tesseract- has joined #openstack-security07:11
*** salv-orlando has joined #openstack-security07:14
*** yuanying has joined #openstack-security07:14
*** pcaruana has joined #openstack-security07:26
*** markvoelker has joined #openstack-security07:28
*** markvoelker has quit IRC07:32
*** salv-orl_ has joined #openstack-security07:56
*** salv-orlando has quit IRC07:58
*** jass93_ has quit IRC08:06
*** jass93_ has joined #openstack-security08:11
*** qwertyco_ has joined #openstack-security08:15
*** jass93_ has quit IRC08:18
*** jass93_ has joined #openstack-security08:19
*** qwertyco_ has quit IRC08:21
*** qwertyco has joined #openstack-security08:21
*** qwertyco is now known as qwertyco_08:24
*** qwertyco_ has quit IRC08:26
*** qwertyco has joined #openstack-security08:26
*** lhinds is now known as lhinds|away08:47
*** qwertyco has quit IRC08:58
*** qwertyco has joined #openstack-security08:58
*** qwertyco has quit IRC08:58
*** qwertyco has joined #openstack-security08:59
*** qwertyco has quit IRC09:14
*** qwertyco has joined #openstack-security09:14
*** SlapChopGraty has joined #openstack-security09:18
*** SlapChopGraty has left #openstack-security09:20
*** qwertyco has quit IRC09:21
*** qwertyco has joined #openstack-security09:21
*** qwertyco has quit IRC09:37
*** qwertyco has joined #openstack-security09:37
*** salv-orl_ has quit IRC09:51
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/38281409:53
*** woodster_ has quit IRC10:00
*** salv-orlando has joined #openstack-security10:23
openstackgerritDoug Chivers proposed openstack/security-analysis: Initial draft of Barbican review  https://review.openstack.org/35797810:46
openstackgerritDoug Chivers proposed openstack/security-analysis: Initial draft of Barbican review  https://review.openstack.org/35797810:46
hyakuhei-Thanks sic10:55
*** d0ugal has quit IRC11:05
*** d0ugal has joined #openstack-security11:06
*** kun_huang has quit IRC11:10
*** kun_huang has joined #openstack-security11:11
*** usuario has joined #openstack-security11:48
usuariohello?11:48
hyakuhei-hi11:51
*** hyakuhei- has quit IRC11:52
*** hyakuhei- has joined #openstack-security11:52
*** hyakuhei- has quit IRC11:52
*** hyakuhei- has joined #openstack-security11:52
*** hyakuhei- is now known as hyakuhei11:52
usuarioU know how I cant stop the /tree command?11:57
usuariohe is reading the OS in sequency11:57
usuarioAnd I cant stop it11:57
*** usuario has quit IRC11:59
*** gouthamr has joined #openstack-security12:02
*** salv-orlando has quit IRC12:24
*** qwertyco has quit IRC12:24
*** qwertyco has joined #openstack-security12:24
*** lamt has quit IRC12:25
*** edmondsw has joined #openstack-security12:26
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/38281412:30
*** markvoelker has joined #openstack-security12:31
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/38281412:37
*** liverpooler has quit IRC12:56
*** dave-mccowan has joined #openstack-security13:04
*** ayoung has joined #openstack-security13:04
*** agireud has quit IRC13:10
*** shohel has quit IRC13:11
*** agireud has joined #openstack-security13:18
*** zul has quit IRC13:30
*** zul has joined #openstack-security13:33
*** mvaldes has joined #openstack-security13:54
*** sdake has joined #openstack-security13:59
*** hongbin has joined #openstack-security14:06
*** sdake has quit IRC14:15
*** mvaldes1 has joined #openstack-security14:15
*** mvaldes has quit IRC14:17
*** liverpooler has joined #openstack-security14:23
*** gouthamr has quit IRC14:29
*** gouthamr has joined #openstack-security14:31
*** qwertyco has quit IRC14:41
*** diazjf has joined #openstack-security14:46
*** diazjf has quit IRC14:48
*** tmcpeak has joined #openstack-security14:50
*** capnoday has joined #openstack-security14:53
*** capnoday has quit IRC14:55
*** DuncanT has quit IRC14:55
*** woodrow has quit IRC14:55
*** capnoday has joined #openstack-security14:55
*** sweston has quit IRC14:55
*** dougwig has quit IRC14:55
*** ediardo has quit IRC14:55
*** fyxim has quit IRC14:55
*** diazjf has joined #openstack-security14:58
*** salv-orlando has joined #openstack-security14:59
*** diazjf has quit IRC15:01
*** mvaldes1 has quit IRC15:05
*** mvaldes has joined #openstack-security15:05
*** jass93_ has quit IRC15:08
*** fyxim has joined #openstack-security15:11
*** diazjf has joined #openstack-security15:15
*** dougwig has joined #openstack-security15:18
*** sweston has joined #openstack-security15:20
*** woodrow has joined #openstack-security15:25
*** DuncanT has joined #openstack-security15:36
*** vinaypotluri has joined #openstack-security15:42
*** ediardo has joined #openstack-security15:43
*** diazjf has quit IRC15:44
*** diazjf has joined #openstack-security15:45
*** knangia has joined #openstack-security15:46
*** unrahul has quit IRC15:52
*** unrahul has joined #openstack-security15:52
*** woodburn has joined #openstack-security15:54
*** rcernin has quit IRC16:01
*** ccneill has joined #openstack-security16:17
*** jass93_ has joined #openstack-security16:18
unrahulHey ccneill u thr?16:20
unrahulHey michaelxin ccneill do we have a meeting now?16:20
ccneillunrahul: sorry, should've mentioned this earlier. we're having a security engineering hack day today16:23
ccneillprobably won't be super active today on IRC (though I'll at least lurk in our OSSP meeting and chime in with syntribos updates)16:24
tmcpeaksecurity engineering hack day sounds legit16:24
unrahulHey ccneill sounds cool16:24
ccneilltmcpeak: been agitating for it for a long time.. :)16:25
tmcpeakgood man :)16:26
*** eoroot has joined #openstack-security16:28
*** eoroot has left #openstack-security16:28
*** tesseract- has quit IRC16:31
*** eoroot has joined #openstack-security16:31
eoroothello16:32
*** eoroot has left #openstack-security16:32
*** mdong has joined #openstack-security16:34
*** diazjf has quit IRC16:42
*** tkelsey has joined #openstack-security16:45
*** mvaldes has quit IRC16:47
*** mvaldes has joined #openstack-security16:47
dave-mccowantmcpeak ping16:51
tmcpeakdave-mccowan: yo! how's it going?16:51
dave-mccowanhi travis.  good.  i ran into a bandit issue, and found there is already a bug open.16:52
dave-mccowanhttps://bugs.launchpad.net/bandit/+bug/162261516:52
openstackLaunchpad bug 1622615 in Bandit "Bandit reports 'json.load' as 'yaml.load'" [Undecided,New]16:52
dave-mccowanbandit is mistaking json.load() with yaml.load()16:52
dave-mccowando you already know about this?16:52
tmcpeakdave-mccowan: no, that sounds sub-optimal :D16:52
tmcpeakI'll check it out today, thanks!16:52
dave-mccowanlooking at the code, it looks like anything.load() would also trigger the blacklist, as long as the yaml library is also imported.16:53
openstackgerritOpenStack Proposal Bot proposed openstack/anchor: Updated from global requirements  https://review.openstack.org/38055416:53
openstackgerritOpenStack Proposal Bot proposed openstack/bandit: Updated from global requirements  https://review.openstack.org/38310516:53
dave-mccowantmcpeak i'd be happy to help with the fix.  i just wanted to check that it wasn't a known issue or limitation of the design.  let me know if i can help.16:54
tmcpeakdave-mccowan: that's awesome, should be a simple fix, I think we just need to include the full qualname of the yaml.load16:54
dave-mccowantmcpeak what would happen if i "import yaml as foo" and then called "foo.load()"?  (not sure if that's a requirement...)16:55
tmcpeaktkelsey: ^ do you remember?16:56
tmcpeakI think this works as expected16:56
tmcpeakdave-mccowan: would love your help on the fix though16:59
tkelseyhumm?17:00
tmcpeakif you alias an import17:00
dave-mccowantmcpeak ok.  i just assigned it to myself.17:00
tmcpeakdave-mccowan: thanks!17:00
tkelseyit should detect alias stuff fine17:00
tkelseybut it should not get it confused :-/17:01
*** sdake has joined #openstack-security17:01
*** jamielennox|away has quit IRC17:02
*** woodster_ has joined #openstack-security17:05
*** jamielennox|away has joined #openstack-security17:16
*** jamielennox|away is now known as jamielennox17:16
tmcpeakdave-mccowan: an interesting design choice we made :P https://github.com/openstack/bandit/blob/master/bandit/plugins/yaml_load.py#L5817:32
dave-mccowantmcpeak yea, that code doesn't seem very smart.17:33
tmcpeakagreed :)17:33
tmcpeakespecially since qualname is for that exact thing17:34
dave-mccowantmcpeak should this code be removed, and the check added to blacklists/calls.py?17:36
openstackgerritMerged openstack/bandit: Updated from global requirements  https://review.openstack.org/38310517:39
dave-mccowantmcpeak nevermind.  i see how to use qualname in this case.17:41
tmcpeakdave-mccowan: thanks!17:41
dave-mccowantmcpeak quick question... i've forgotten how to run bandit out of my tree, instead of the version that is pip installed on my server.17:45
tmcpeaksigmavirus: ^17:45
tmcpeakwhat was that magics you used for that?17:45
tmcpeakI think there's s —develop or something17:46
tmcpeakotherwise you can do 'pip install -e .' or something17:46
sigmavirusthe -e. is the magic17:48
dave-mccowansigmavirus any way to run the source directly from the tree?  this would be handy to run bandit inside a debugger.17:49
sigmavirusdave-mccowan: that's it17:50
sigmaviruspip install -e. will install it from source and any modifications you make will get picked up17:50
sigmavirusbecause it does symlinks not a real install17:50
sigmavirus-e stands for editable17:50
dave-mccowansigmavirus cool. thanks.17:51
sigmavirustox -e venv does something similar too iirc17:51
*** jass93__ has joined #openstack-security17:56
*** tkelsey has quit IRC17:56
*** jass93_ has quit IRC17:58
*** diazjf has joined #openstack-security18:23
openstackgerritAndreas Jaeger proposed openstack/bandit: Enable release notes translation  https://review.openstack.org/38320018:24
openstackgerritDave McCowan proposed openstack/bandit: Use qualname list to avoid false positive on load()  https://review.openstack.org/38324518:31
*** mdong has quit IRC18:33
*** mdong has joined #openstack-security18:35
*** mvaldes has quit IRC18:35
*** mvaldes has joined #openstack-security18:35
openstackgerritDeepak proposed openstack/anchor: Changed the home-page link  https://review.openstack.org/38331418:41
*** capnoday has quit IRC18:46
*** jamielennox has quit IRC19:03
openstackgerritDeepak proposed openstack/bandit: Changed the home-page url link  https://review.openstack.org/38341519:04
*** jamielennox|away has joined #openstack-security19:05
*** jamielennox|away is now known as jamielennox19:06
*** salv-orlando has quit IRC19:13
*** nkinder has quit IRC19:15
*** nkinder has joined #openstack-security19:16
sigmavirustmcpeak: ^ Do we want to point to the developer docs instead of the wiki?19:18
tmcpeaksigmavirus: what's this?19:19
sigmavirustmcpeak: https://review.openstack.org/38341519:19
tmcpeaksigmavirus: no, I think we want to keep it at the wiki19:19
tmcpeakonly developers would use the developer docs19:19
sigmavirusprobably same for anchor then, eh?19:19
sigmavirushttps://review.openstack.org/38331419:19
tmcpeaksigmavirus: yep19:19
tmcpeakgood call19:20
*** Canaimero-e64b8 has joined #openstack-security19:20
*** agireud has quit IRC19:21
sigmavirustmcpeak: always be suspicious of reviews like that proposed in batches19:21
tmcpeaksigmavirus: yep yep19:21
*** Canaimero-e64b8 has left #openstack-security19:22
*** agireud has joined #openstack-security19:29
*** agireud has quit IRC19:33
openstackgerritMerged openstack/bandit: Enable release notes translation  https://review.openstack.org/38320019:34
*** agireud has joined #openstack-security19:43
*** jass93_ has joined #openstack-security19:46
*** jass93__ has quit IRC19:48
*** dave-mccowan has quit IRC19:49
*** dave-mccowan has joined #openstack-security19:58
*** dave-mcc_ has joined #openstack-security20:01
*** dave-mccowan has quit IRC20:04
*** agireud has quit IRC20:06
*** sdake has quit IRC20:09
openstackgerritDave McCowan proposed openstack/bandit: Use qualname list to avoid false positive on load()  https://review.openstack.org/38324520:18
*** salv-orlando has joined #openstack-security20:27
*** ludeatbest has joined #openstack-security20:31
*** ludeatbest has quit IRC20:33
*** mvaldes has quit IRC20:34
*** browne has joined #openstack-security20:40
*** dave-mcc_ has quit IRC20:41
*** mvaldes has joined #openstack-security21:00
*** zooey has joined #openstack-security21:01
*** dave-mccowan has joined #openstack-security21:01
*** ayoung has quit IRC21:02
*** zooey has quit IRC21:10
*** zooey has joined #openstack-security21:10
*** zooey has joined #openstack-security21:10
*** diazjf has quit IRC21:13
*** diazjf has joined #openstack-security21:25
*** gfhellma has joined #openstack-security21:26
tmcpeakbrowne: yo21:27
tmcpeaksigmavirus:21:27
tmcpeakhttps://review.openstack.org/#/c/383245/21:27
tmcpeak+A por favor?21:27
*** gouthamr has quit IRC21:27
*** gouthamr has joined #openstack-security21:31
*** gouthamr has quit IRC21:32
*** gouthamr has joined #openstack-security21:35
*** gouthamr has quit IRC21:37
*** agireud has joined #openstack-security21:37
brownetmcpeak: what's up21:42
browneoh, i'll review21:43
tmcpeaksweet, thanks21:43
*** rcernin has joined #openstack-security21:47
*** diazjf has quit IRC21:51
openstackgerritMerged openstack/bandit: Use qualname list to avoid false positive on load()  https://review.openstack.org/38324521:51
*** rcernin has quit IRC21:59
*** rcernin has joined #openstack-security21:59
*** sdake has joined #openstack-security22:13
*** mdong has quit IRC22:13
*** mdong has joined #openstack-security22:14
*** ayoung has joined #openstack-security22:21
*** mvaldes has quit IRC22:35
*** mdong has quit IRC22:37
*** tmcpeak has quit IRC22:59
*** salv-orlando has quit IRC23:01
*** gouthamr has joined #openstack-security23:01
*** ayoung has quit IRC23:05
*** hongbin has quit IRC23:08
*** ccneill_ has joined #openstack-security23:09
*** ccneill has quit IRC23:11
*** gfhellma has quit IRC23:14
*** jass93_ has quit IRC23:32
*** zooey has left #openstack-security23:34
*** rcernin has quit IRC23:36
*** ayoung has joined #openstack-security23:49
*** pcaruana has quit IRC23:55
« Wednesday, 2016-10-05 Index Friday, 2016-10-07 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!