Monday, 2016-12-19

« Sunday, 2016-12-18 Index Tuesday, 2016-12-20 »
*** yuanying has quit IRC00:08
*** yuanying has joined #openstack-security01:04
*** liujiong has joined #openstack-security01:29
*** murphy_zhao has joined #openstack-security02:13
*** catintheroof has quit IRC02:28
*** catintheroof has joined #openstack-security02:30
*** catintheroof has quit IRC02:34
*** gouthamr has joined #openstack-security02:56
*** yuanying_ has joined #openstack-security02:57
*** yuanying has quit IRC03:00
*** ediardo has quit IRC03:09
*** liujiong_66 has joined #openstack-security03:09
*** liujiong has quit IRC03:10
*** gouthamr has quit IRC03:11
*** ediardo has joined #openstack-security03:11
*** yuanying_ has quit IRC03:13
*** yuanying has joined #openstack-security03:13
*** yuanying has quit IRC03:17
*** nkinder has quit IRC03:50
*** ashcrack4 has joined #openstack-security05:32
*** ashcrack4 has quit IRC05:42
openstackgerritEric Brown proposed openstack/bandit: Add functional tests for B308, B321, and B402  https://review.openstack.org/41229506:12
*** yuanying has joined #openstack-security06:14
*** yuanying has quit IRC06:19
openstackgerritEric Brown proposed openstack/bandit: Typo in calls doc for input call  https://review.openstack.org/41230606:32
*** liujiong_66 is now known as liujiong06:53
openstackgerritEric Brown proposed openstack/bandit: Handle curve keyword arg weak_cryptographic_key  https://review.openstack.org/41231607:02
openstackgerritEric Brown proposed openstack/bandit: Handle curve keyword arg weak_cryptographic_key  https://review.openstack.org/41231607:03
*** tesseract has joined #openstack-security07:04
*** tesseract is now known as Guest3325407:05
*** pcaruana has joined #openstack-security07:33
openstackgerritEric Brown proposed openstack/bandit: Handle several truth values for shell in subprocess  https://review.openstack.org/41234308:07
*** shohel has joined #openstack-security10:14
*** yuanying has joined #openstack-security10:15
*** shohel has quit IRC10:20
*** shohel has joined #openstack-security10:20
*** liujiong has quit IRC10:22
*** shohel has quit IRC10:23
*** shohel has joined #openstack-security10:25
*** Serlex has joined #openstack-security10:32
*** shohel has quit IRC10:39
*** shohel has joined #openstack-security11:01
*** dave-mccowan has joined #openstack-security11:26
*** dave-mcc_ has joined #openstack-security11:45
*** dave-mccowan has quit IRC11:48
*** ChubbyBreakfast has joined #openstack-security12:02
*** ChubbyBreakfast has left #openstack-security12:03
*** catintheroof has joined #openstack-security12:18
*** dave-mcc_ has quit IRC12:18
*** lamt has quit IRC13:12
*** gouthamr has joined #openstack-security13:26
*** tiger_huyuan has joined #openstack-security13:30
*** knangia has joined #openstack-security13:35
*** tiger_huyuan has quit IRC13:39
*** dwyde has joined #openstack-security13:40
*** lamt has joined #openstack-security14:11
*** cleong has joined #openstack-security14:14
*** jmckind has joined #openstack-security14:39
*** singlethink has joined #openstack-security14:44
*** liverpooler has joined #openstack-security14:44
*** liverpooler has quit IRC14:49
*** liverpooler has joined #openstack-security14:51
*** jmckind_ has joined #openstack-security14:52
*** jmckind has quit IRC14:54
*** jamielennox is now known as jamielennox|away14:56
*** jmckind has joined #openstack-security15:09
*** jmckind_ has quit IRC15:11
*** liverpooler has quit IRC15:15
*** liverpooler has joined #openstack-security15:15
*** jmckind_ has joined #openstack-security15:16
*** jmckind has quit IRC15:17
*** jmckind__ has joined #openstack-security15:23
*** jmckind_ has quit IRC15:23
*** jmckind__ has quit IRC15:27
*** jmckind has joined #openstack-security15:36
*** shohel has quit IRC15:40
*** Guest33254 has quit IRC16:02
*** ccneill has joined #openstack-security16:03
*** hongbin has joined #openstack-security16:10
*** knangia has quit IRC16:10
*** mhayden has quit IRC16:13
*** pcaruana has quit IRC16:15
*** diazjf has joined #openstack-security16:15
*** browne has joined #openstack-security16:24
*** ashcrack4 has joined #openstack-security16:32
*** Serlex has quit IRC16:34
*** jmckind has quit IRC16:36
*** mhayden has joined #openstack-security16:41
openstackgerritTravis McPeak proposed openstack/bandit: Update shell_injection_plugin to use whitelist  https://review.openstack.org/41252416:44
*** tmcpeak has joined #openstack-security17:08
*** ashcrack4 has quit IRC17:08
tmcpeakbrowne: sigmavirus you guys around?17:08
sigmavirusI am17:08
browneyep17:08
tmcpeaksweet17:09
tmcpeakwe've each got some work in flight to fix bugs17:09
tmcpeakyou guys around this week?17:09
tmcpeaklet's synch closely with eachother to push through the bug fixes?17:09
browneyep, i'll be around17:09
tmcpeakawesome17:09
sigmavirusI'm out Friday, otherwise, ping me with priority reviews :)17:10
tmcpeakI'm going to be fixing a few too17:10
tmcpeaksigmavirus: ack, thank you17:10
tmcpeakI thought you had some in flight too17:10
tmcpeakmaybe you were fixing something somebody else started?17:10
tmcpeaksigmavirus:17:10
tmcpeaksigmavirus: this might be ready to go for starters: https://review.openstack.org/#/c/412343/17:11
browneyeah, bunch of bugs came in.17:11
tmcpeaksigmavirus: and this - https://review.openstack.org/41252417:11
brownewe'll probably need a new release after fixing them17:12
tmcpeakyep17:12
tmcpeakI've got some time this week so planning to smash a few17:12
tmcpeakStan and Jamie are sadly MIA and tkelsey is already on break17:13
*** cleong has quit IRC17:15
*** cleong has joined #openstack-security17:15
tmcpeakbrowne: I can't think of a simple way to test this and I'd rather get it landed than not - https://bugs.launchpad.net/bandit/+bug/161316917:15
openstackLaunchpad bug 1613169 in Bandit "Python 3.x html output on stdout is mangled" [Medium,In progress] - Assigned to Stanislaw Pitucha (stanislaw-pitucha)17:15
tmcpeakyour comment is valid but I'm just afraid it's going to jam us up here17:16
tmcpeakmaybe we can add a todo for that unit test?17:16
*** knangia has joined #openstack-security17:16
browneok, i can probably let this one slide.  testing stdout things is difficult in unit tests17:17
tmcpeakbrowne: awesome17:18
*** ccneill_ has joined #openstack-security17:19
*** ccneill has quit IRC17:20
*** corey_ has joined #openstack-security17:23
*** cleong has quit IRC17:23
*** corey_ is now known as Guest162217:24
openstackgerritMerged openstack/bandit: Detect binary output file (txt/html)  https://review.openstack.org/35530517:24
sigmavirusoh, I actually had a test for that locally I think :X17:32
*** ccneill_ is now known as ccneill17:33
openstackgerritEric Brown proposed openstack/bandit: Add functional tests for B308, B321, and B402  https://review.openstack.org/41229517:41
*** liverpooler has quit IRC17:53
*** liverpooler has joined #openstack-security17:55
*** dwyde has quit IRC18:02
*** diazjf has quit IRC18:18
*** dwyde has joined #openstack-security18:34
*** gagehugo has joined #openstack-security18:46
*** browne has quit IRC19:05
*** openstack has joined #openstack-security19:14
dwydejust wanted to say thanks for all the hard work on Bandit :-) Sorry for filing so many bugs in quick succession!19:26
*** diazjf has joined #openstack-security19:34
openstackgerritTravis McPeak proposed openstack/bandit: Fixing partial path detection for Windows  https://review.openstack.org/41259819:35
tmcpeakdwyde: thanks for filing them!19:35
tmcpeakgood stuff!19:35
*** hello443 has joined #openstack-security19:37
*** hello443 has left #openstack-security19:38
dwyde:-)19:40
tmcpeakdwyde: I think I'm in agreement with you about rethinking how we're doing severity's for these injections19:43
tmcpeakI guess my hesitancy to change is we might seriously break some people19:45
tmcpeakthat are currently using filters and stuff19:46
dwydemm, I don’t feel super strongly about it19:48
tmcpeakI can't explain this logic to myself, lol19:52
tmcpeaksigmavirus: in your opinion is change of issue severity a "breaking change"?19:54
tmcpeak1) I want to fix this, 2) I don't want to roll a 2.0 for this19:54
tmcpeakI'd say not19:55
sigmavirustmcpeak: so, I'd say changing confidence would be more breaking than not19:56
*** rcernin has joined #openstack-security19:56
sigmavirusSeverity is a little more fluid imo19:56
tmcpeakyeah..19:57
sigmavirusbut yeah, if people are filtering out low severity and/or low confidence issues and we increase either one, that's kind of a breaking change20:02
sigmavirusThen again, I expect projects in OS to be using upper-constraints so that shouldn't be a significant issue for them20:02
tmcpeakok, what I've done is gotten rid of the special characters thing.  Anything that would have been medium is now low20:04
tmcpeakso this shouldn't break anybody's filtering20:04
*** diazjf has quit IRC20:07
sigmavirusRight, so I'd nuance my position further in saying taking either severity or confidence from a higher to lower position is absolutely not breaking20:09
sigmavirusthe opposite, however, is a gray area20:09
*** knangia has quit IRC20:10
tmcpeaksigmavirus: ack, thank you20:18
*** jmckind has joined #openstack-security20:25
openstackgerritTravis McPeak proposed openstack/bandit: Remove checking for special characters in shells  https://review.openstack.org/41252420:38
dwydegit archaelogy: ‘tox -e pep8’ was apparently failing for me because bandit.py from 2014 was getting copied from build/ into site-packages/bandit/, which messed with the imports bandit/__init__.py !20:47
dwydeworking in a clean tree, lol20:47
*** jmckind has quit IRC20:50
tmcpeakyikes20:52
*** jamielennox|away is now known as jamielennox21:04
*** v12aml has quit IRC21:08
*** v12aml has joined #openstack-security21:11
*** gouthamr has quit IRC21:17
openstackgerritTravis McPeak proposed openstack/bandit: Remove checking for special characters in shells  https://review.openstack.org/41252421:18
*** Guest1622 has quit IRC21:18
*** jmckind has joined #openstack-security21:19
*** _elmiko is now known as elmiko21:19
*** liverpooler has quit IRC21:41
*** browne has joined #openstack-security21:53
tmcpeaksigmavirus: browne: blessings? https://review.openstack.org/#/c/412524/22:01
*** dave-mccowan has joined #openstack-security22:11
*** knangia has joined #openstack-security22:20
*** jmckind_ has joined #openstack-security22:32
*** jmckind has quit IRC22:34
*** jmckind_ has quit IRC22:40
openstackgerritDavid Wyde proposed openstack/bandit: Make Bandit's HTML report pass markup validation  https://review.openstack.org/41264423:11
*** singlethink has quit IRC23:25
*** dwyde has quit IRC23:28
*** lamt has quit IRC23:32
*** tmcpeak has quit IRC23:35
*** dave-mccowan has quit IRC23:50
*** tmcpeak has joined #openstack-security23:51
tmcpeaksigmavirus: you still around?23:58
*** gouthamr has joined #openstack-security23:58
« Sunday, 2016-12-18 Index Tuesday, 2016-12-20 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!