)]}'
{"bandit/bandit_baseline.py":[{"author":{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},"change_message_id":"abf9dcdb1b254596659461e99e1c8e1dafb07a59","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"7a740942_8f02b1b2","updated":"2015-12-08 23:41:41.000000000","message":"Why not just use argparse?  I see code that\u0027s doing a bunch with the passed in arguments.\n\nAlso why not use gitpython?  I much prefer APIs over command line parsing.  And gitpython is already in g-r, so no need to update there.\n\nhttps://github.com/openstack/requirements/blob/master/global-requirements.txt","commit_id":"305faff4f055344b1b123a2a09ed5ecfb9212e13"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"93f3212ddc602918386223f93947e966ba61e5ed","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"7a740942_010e958b","in_reply_to":"7a740942_8f02b1b2","updated":"2015-12-09 00:16:11.000000000","message":"Good point on the constant name and argparse.  I\u0027ll make those changes now.\n\nI\u0027d like to defer the Git API stuff to a future change as I haven\u0027t used it before and seems like a fair amount of effort to learn.  In the mean time return code and stderr checking should give us most of what we want.\n\nI\u0027ll also make the tmp file change.","commit_id":"305faff4f055344b1b123a2a09ed5ecfb9212e13"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"ddb0221c7f830f6632f9ec3bea59d3e3540fa6f8","unresolved":false,"context_lines":[{"line_number":30,"context_line":""},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"def main():"},{"line_number":33,"context_line":"    global bandit_args"},{"line_number":34,"context_line":"    global original_branch"},{"line_number":35,"context_line":"    global output_format"},{"line_number":36,"context_line":"    global report_fname"}],"source_content_type":"text/x-python","patch_set":2,"id":"7a740942_34b2f4e5","line":33,"updated":"2015-12-08 23:26:41.000000000","message":"Doesn\u0027t need to be global here, it\u0027s not modified.","commit_id":"305faff4f055344b1b123a2a09ed5ecfb9212e13"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"4f7ccc39d1e0552d02650a57309010be3539ec08","unresolved":false,"context_lines":[{"line_number":30,"context_line":""},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"def main():"},{"line_number":33,"context_line":"    global bandit_args"},{"line_number":34,"context_line":"    global original_branch"},{"line_number":35,"context_line":"    global output_format"},{"line_number":36,"context_line":"    global report_fname"}],"source_content_type":"text/x-python","patch_set":2,"id":"7a740942_0f57a1ca","line":33,"in_reply_to":"7a740942_34b2f4e5","updated":"2015-12-08 23:41:37.000000000","message":"Done","commit_id":"305faff4f055344b1b123a2a09ed5ecfb9212e13"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"ddb0221c7f830f6632f9ec3bea59d3e3540fa6f8","unresolved":false,"context_lines":[{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    report_fname \u003d \"{}.{}\".format(report_basename, output_format)"},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"    if not valid_requirements():"},{"line_number":48,"context_line":"        sys.exit(2)"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"    _, output, _ \u003d call_command([\u0027git\u0027, \u0027rev-parse\u0027, \u0027--abbrev-ref\u0027,"}],"source_content_type":"text/x-python","patch_set":2,"id":"7a740942_941f28b6","line":47,"updated":"2015-12-08 23:26:41.000000000","message":"if you pass the needed variables to valid_requirements, most don\u0027t need to be globals at all","commit_id":"305faff4f055344b1b123a2a09ed5ecfb9212e13"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"4f7ccc39d1e0552d02650a57309010be3539ec08","unresolved":false,"context_lines":[{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    report_fname \u003d \"{}.{}\".format(report_basename, output_format)"},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"    if not valid_requirements():"},{"line_number":48,"context_line":"        sys.exit(2)"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"    _, output, _ \u003d call_command([\u0027git\u0027, \u0027rev-parse\u0027, \u0027--abbrev-ref\u0027,"}],"source_content_type":"text/x-python","patch_set":2,"id":"7a740942_6f6425b8","line":47,"in_reply_to":"7a740942_941f28b6","updated":"2015-12-08 23:41:37.000000000","message":"Done","commit_id":"305faff4f055344b1b123a2a09ed5ecfb9212e13"},{"author":{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},"change_message_id":"abf9dcdb1b254596659461e99e1c8e1dafb07a59","unresolved":false,"context_lines":[{"line_number":59,"context_line":"    commands \u003d [[\u0027git\u0027, \u0027checkout\u0027, parent_commit],"},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"                [\u0027bandit\u0027] + bandit_args + [\u0027-f\u0027, \u0027json\u0027, \u0027-o\u0027,"},{"line_number":62,"context_line":"                                            \u0027_bandit_baseline_run.json_\u0027],"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"                [\u0027git\u0027, \u0027checkout\u0027, original_branch],"},{"line_number":65,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"7a740942_cfeaf9da","line":62,"updated":"2015-12-08 23:41:41.000000000","message":"This filename is used several times.  How about a constant.  Also, might want to consider writing the file to /tmp instead of the CWD.","commit_id":"305faff4f055344b1b123a2a09ed5ecfb9212e13"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"ddb0221c7f830f6632f9ec3bea59d3e3540fa6f8","unresolved":false,"context_lines":[{"line_number":59,"context_line":"    commands \u003d [[\u0027git\u0027, \u0027checkout\u0027, parent_commit],"},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"                [\u0027bandit\u0027] + bandit_args + [\u0027-f\u0027, \u0027json\u0027, \u0027-o\u0027,"},{"line_number":62,"context_line":"                                            \u0027_bandit_baseline_run.json_\u0027],"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"                [\u0027git\u0027, \u0027checkout\u0027, original_branch],"},{"line_number":65,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"7a740942_af8a0d62","line":62,"updated":"2015-12-08 23:26:41.000000000","message":"the filename could be a constant somewhere. Easy to misspell and used a few times.","commit_id":"305faff4f055344b1b123a2a09ed5ecfb9212e13"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"ddb0221c7f830f6632f9ec3bea59d3e3540fa6f8","unresolved":false,"context_lines":[{"line_number":87,"context_line":"            sys.exit(return_code)"},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"    if output_format \u003d\u003d \u0027terminal\u0027:"},{"line_number":90,"context_line":"        print output"},{"line_number":91,"context_line":"    else:"},{"line_number":92,"context_line":"        logger.info(\"Successfully wrote %s\", report_fname)"},{"line_number":93,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"7a740942_9492c8f4","line":90,"updated":"2015-12-08 23:26:41.000000000","message":"print(output) for py3","commit_id":"305faff4f055344b1b123a2a09ed5ecfb9212e13"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"4f7ccc39d1e0552d02650a57309010be3539ec08","unresolved":false,"context_lines":[{"line_number":87,"context_line":"            sys.exit(return_code)"},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"    if output_format \u003d\u003d \u0027terminal\u0027:"},{"line_number":90,"context_line":"        print output"},{"line_number":91,"context_line":"    else:"},{"line_number":92,"context_line":"        logger.info(\"Successfully wrote %s\", report_fname)"},{"line_number":93,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"7a740942_cf751964","line":90,"in_reply_to":"7a740942_9492c8f4","updated":"2015-12-08 23:41:37.000000000","message":"Done","commit_id":"305faff4f055344b1b123a2a09ed5ecfb9212e13"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"ddb0221c7f830f6632f9ec3bea59d3e3540fa6f8","unresolved":false,"context_lines":[{"line_number":116,"context_line":"    # git log -2 --first-parent --pretty\u003doneline | cut -d \" \" -f1 | sed -n 2p"},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"    _, cmd_output, err \u003d call_command([\u0027git\u0027, \u0027log\u0027, \u0027-2\u0027, \u0027--first-parent\u0027,"},{"line_number":119,"context_line":"                                       \u0027--pretty\u003doneline\u0027])"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"    try:"},{"line_number":122,"context_line":"        # we want the first word of the second line"}],"source_content_type":"text/x-python","patch_set":2,"id":"7a740942_b4526433","line":119,"updated":"2015-12-08 23:26:41.000000000","message":"Like in the original comment - is that different from \"rev-parse HEAD^\"? (doesn\u0027t require post-processing)","commit_id":"305faff4f055344b1b123a2a09ed5ecfb9212e13"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"4f7ccc39d1e0552d02650a57309010be3539ec08","unresolved":false,"context_lines":[{"line_number":116,"context_line":"    # git log -2 --first-parent --pretty\u003doneline | cut -d \" \" -f1 | sed -n 2p"},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"    _, cmd_output, err \u003d call_command([\u0027git\u0027, \u0027log\u0027, \u0027-2\u0027, \u0027--first-parent\u0027,"},{"line_number":119,"context_line":"                                       \u0027--pretty\u003doneline\u0027])"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"    try:"},{"line_number":122,"context_line":"        # we want the first word of the second line"}],"source_content_type":"text/x-python","patch_set":2,"id":"7a740942_4f0849da","line":119,"in_reply_to":"7a740942_b4526433","updated":"2015-12-08 23:41:37.000000000","message":"It is apparently not, good call","commit_id":"305faff4f055344b1b123a2a09ed5ecfb9212e13"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"ddb0221c7f830f6632f9ec3bea59d3e3540fa6f8","unresolved":false,"context_lines":[{"line_number":189,"context_line":"        valid \u003d False"},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"    # check valid git project and git installed"},{"line_number":192,"context_line":"    (return_code,_,_) \u003d call_command([\u0027git\u0027, \u0027branch\u0027])"},{"line_number":193,"context_line":""},{"line_number":194,"context_line":"    if return_code:"},{"line_number":195,"context_line":"        valid \u003d False"}],"source_content_type":"text/x-python","patch_set":2,"id":"7a740942_8f3391f5","line":192,"updated":"2015-12-08 23:26:41.000000000","message":"Can this be \u0027git status\u0027 instead? You could also make sure from the return code that the current tree is clean. (i.e. switching branches won\u0027t cause conflicts)","commit_id":"305faff4f055344b1b123a2a09ed5ecfb9212e13"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"4f7ccc39d1e0552d02650a57309010be3539ec08","unresolved":false,"context_lines":[{"line_number":189,"context_line":"        valid \u003d False"},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"    # check valid git project and git installed"},{"line_number":192,"context_line":"    (return_code,_,_) \u003d call_command([\u0027git\u0027, \u0027branch\u0027])"},{"line_number":193,"context_line":""},{"line_number":194,"context_line":"    if return_code:"},{"line_number":195,"context_line":"        valid \u003d False"}],"source_content_type":"text/x-python","patch_set":2,"id":"7a740942_8f75d132","line":192,"in_reply_to":"7a740942_8f3391f5","updated":"2015-12-08 23:41:37.000000000","message":"Done","commit_id":"305faff4f055344b1b123a2a09ed5ecfb9212e13"},{"author":{"_account_id":11029,"name":"Jamie Finnigan","email":"jamiefinnigan@gmail.com","username":"jamiefinnigan"},"change_message_id":"2028c23f1679b8672bfafac7a9e1785fee30810f","unresolved":false,"context_lines":[{"line_number":1,"context_line":"# -*- coding:utf-8 -*-"},{"line_number":2,"context_line":"#"},{"line_number":3,"context_line":"# Copyright 2015 Hewlett-Packard Enterprise"},{"line_number":4,"context_line":"#"}],"source_content_type":"text/x-python","patch_set":5,"id":"7a740942_abcf5754","line":1,"updated":"2015-12-09 06:05:45.000000000","message":"I feel like this needs a few lines of comment/docstring that describes the general logic of what it is doing.  Not immediately obvious to me what I\u0027m looking at.","commit_id":"6d0a90869a9dd5534fc311b48932da71bb072661"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"1a5f70f213102661eca0bd444598ccd1ac832431","unresolved":false,"context_lines":[{"line_number":21,"context_line":"import sys"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"bandit_args \u003d sys.argv[1:]"},{"line_number":24,"context_line":"baseline_tmp_file \u003d \u0027/tmp/_bandit_baseline_run.json_\u0027"},{"line_number":25,"context_line":"default_output_format \u003d \u0027terminal\u0027"},{"line_number":26,"context_line":"logger \u003d logging.getLogger(__name__)"},{"line_number":27,"context_line":"original_branch \u003d None"}],"source_content_type":"text/x-python","patch_set":5,"id":"7a740942_d79daf0a","line":24,"updated":"2015-12-09 01:28:53.000000000","message":"https://docs.python.org/2/library/tempfile.html#tempfile.NamedTemporaryFile instead of hardcoded /tmp ?","commit_id":"6d0a90869a9dd5534fc311b48932da71bb072661"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"95b880eccbbbff9b2b2f7004b948c6b9391432b2","unresolved":false,"context_lines":[{"line_number":21,"context_line":"import sys"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"bandit_args \u003d sys.argv[1:]"},{"line_number":24,"context_line":"baseline_tmp_file \u003d \u0027/tmp/_bandit_baseline_run.json_\u0027"},{"line_number":25,"context_line":"default_output_format \u003d \u0027terminal\u0027"},{"line_number":26,"context_line":"logger \u003d logging.getLogger(__name__)"},{"line_number":27,"context_line":"original_branch \u003d None"}],"source_content_type":"text/x-python","patch_set":5,"id":"7a740942_9a750e65","line":24,"in_reply_to":"7a740942_d79daf0a","updated":"2015-12-09 01:42:46.000000000","message":"Doesn\u0027t matter. Needs more changes than it\u0027s worth.","commit_id":"6d0a90869a9dd5534fc311b48932da71bb072661"},{"author":{"_account_id":11029,"name":"Jamie Finnigan","email":"jamiefinnigan@gmail.com","username":"jamiefinnigan"},"change_message_id":"2028c23f1679b8672bfafac7a9e1785fee30810f","unresolved":false,"context_lines":[{"line_number":112,"context_line":""},{"line_number":113,"context_line":"def get_parent_commit():"},{"line_number":114,"context_line":"    # call the following command safely:"},{"line_number":115,"context_line":"    # git log -2 --first-parent --pretty\u003doneline | cut -d \" \" -f1 | sed -n 2p"},{"line_number":116,"context_line":""},{"line_number":117,"context_line":"    return_code, cmd_output, err \u003d call_command([\u0027git\u0027, \u0027rev-parse\u0027, \u0027HEAD^\u0027])"},{"line_number":118,"context_line":""}],"source_content_type":"text/x-python","patch_set":5,"id":"7a740942_4b75932f","line":115,"updated":"2015-12-09 06:05:45.000000000","message":"Comment doesn\u0027t line up with what is being passed to call_command()?","commit_id":"6d0a90869a9dd5534fc311b48932da71bb072661"},{"author":{"_account_id":4190,"name":"lifeless","email":"robertc@robertcollins.net","username":"lifeless"},"change_message_id":"f2ece760fd1d61f1745587a2d6839b493f89bcea","unresolved":false,"context_lines":[{"line_number":33,"context_line":"import git"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"bandit_args \u003d sys.argv[1:]"},{"line_number":36,"context_line":"baseline_tmp_file \u003d \u0027/tmp/_bandit_baseline_run.json_\u0027"},{"line_number":37,"context_line":"current_commit \u003d None"},{"line_number":38,"context_line":"default_output_format \u003d \u0027terminal\u0027"},{"line_number":39,"context_line":"logger \u003d logging.getLogger(__name__)"}],"source_content_type":"text/x-python","patch_set":11,"id":"7a740942_06898eca","line":36,"updated":"2015-12-09 22:51:13.000000000","message":"This is a problem: it will cause concurrent runs of bandit to collide on the same path, not to mention itself being a classic example of a security flaw - one that bandit should be reporting on :) - see http://capec.mitre.org/data/definitions/132.html\n\nA safe pattern to avoid this is to make a temporary directory and use a path within that. (You can wrap that up in a context manager using TempDir if you like:\n\n with TempDir() as t:\n     tmp_path \u003d os.path.join(t.path, \u0027baseline.json\u0027)\n     ... call baseline\n # and its cleaned up for you here.\n\nI think you\u0027ll save a lot of code using this approach.","commit_id":"41da34917cf6eb1968e37c73f8fb9734768ec31e"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"fe2633fe1e015c01b9a3f5a8781e5f8d6d0f8693","unresolved":false,"context_lines":[{"line_number":33,"context_line":"import git"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"bandit_args \u003d sys.argv[1:]"},{"line_number":36,"context_line":"baseline_tmp_file \u003d \u0027/tmp/_bandit_baseline_run.json_\u0027"},{"line_number":37,"context_line":"current_commit \u003d None"},{"line_number":38,"context_line":"default_output_format \u003d \u0027terminal\u0027"},{"line_number":39,"context_line":"logger \u003d logging.getLogger(__name__)"}],"source_content_type":"text/x-python","patch_set":11,"id":"7a740942_e1730c14","line":36,"in_reply_to":"7a740942_06898eca","updated":"2015-12-10 00:45:14.000000000","message":"Done","commit_id":"41da34917cf6eb1968e37c73f8fb9734768ec31e"},{"author":{"_account_id":4190,"name":"lifeless","email":"robertc@robertcollins.net","username":"lifeless"},"change_message_id":"f2ece760fd1d61f1745587a2d6839b493f89bcea","unresolved":false,"context_lines":[{"line_number":121,"context_line":""},{"line_number":122,"context_line":"    output, err \u003d cmd.communicate()"},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"    return cmd.returncode, output, err"},{"line_number":125,"context_line":""},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"# #################### Clean up before exit ###################################"}],"source_content_type":"text/x-python","patch_set":11,"id":"7a740942_26228aba","line":124,"updated":"2015-12-09 22:51:13.000000000","message":"I think you\u0027ll find subprocess.check_output is a pithy, safe replacement for this function, which will save you some more code","commit_id":"41da34917cf6eb1968e37c73f8fb9734768ec31e"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"fe2633fe1e015c01b9a3f5a8781e5f8d6d0f8693","unresolved":false,"context_lines":[{"line_number":121,"context_line":""},{"line_number":122,"context_line":"    output, err \u003d cmd.communicate()"},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"    return cmd.returncode, output, err"},{"line_number":125,"context_line":""},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"# #################### Clean up before exit ###################################"}],"source_content_type":"text/x-python","patch_set":11,"id":"7a740942_c19290f6","line":124,"in_reply_to":"7a740942_26228aba","updated":"2015-12-10 00:45:14.000000000","message":"Done","commit_id":"41da34917cf6eb1968e37c73f8fb9734768ec31e"},{"author":{"_account_id":4190,"name":"lifeless","email":"robertc@robertcollins.net","username":"lifeless"},"change_message_id":"f2ece760fd1d61f1745587a2d6839b493f89bcea","unresolved":false,"context_lines":[{"line_number":127,"context_line":"# #################### Clean up before exit ###################################"},{"line_number":128,"context_line":"@atexit.register"},{"line_number":129,"context_line":"def clean_up():"},{"line_number":130,"context_line":"    call_command([\u0027rm\u0027, baseline_tmp_file])"},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"    if repo:"},{"line_number":133,"context_line":"        repo.head.reset(commit\u003dcurrent_commit, working_tree\u003dTrue)"}],"source_content_type":"text/x-python","patch_set":11,"id":"7a740942_463a36e9","line":130,"updated":"2015-12-09 22:51:13.000000000","message":"So this is pretty weird - its reading like C, not python.\n\natexit.register really isn\u0027t needed here: just put the cleanups in a context manager and use that (or use an existing one as already suggested).","commit_id":"41da34917cf6eb1968e37c73f8fb9734768ec31e"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"d720a235f7f500d5721ddaf977a45aaeac022f68","unresolved":false,"context_lines":[{"line_number":58,"context_line":"    output_format, repo, report_fname \u003d initialize()"},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"    if not repo:"},{"line_number":61,"context_line":"        return 2"},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"    # #################### Find current and parent commits ####################"},{"line_number":64,"context_line":"    try:"}],"source_content_type":"text/x-python","patch_set":12,"id":"7a740942_bc720a48","line":61,"updated":"2015-12-10 01:02:52.000000000","message":"That was supposed to be sys.exit(2), wasn\u0027t it?","commit_id":"b1f84c611693048a6db40d979636573e73493495"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"38fa7f7eec8ab297efcbc76752ee857f9a91abbd","unresolved":false,"context_lines":[{"line_number":58,"context_line":"    output_format, repo, report_fname \u003d initialize()"},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"    if not repo:"},{"line_number":61,"context_line":"        return 2"},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"    # #################### Find current and parent commits ####################"},{"line_number":64,"context_line":"    try:"}],"source_content_type":"text/x-python","patch_set":12,"id":"7a740942_3de26d30","line":61,"in_reply_to":"7a740942_bc720a48","updated":"2015-12-10 15:56:17.000000000","message":"Done","commit_id":"b1f84c611693048a6db40d979636573e73493495"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"d720a235f7f500d5721ddaf977a45aaeac022f68","unresolved":false,"context_lines":[{"line_number":64,"context_line":"    try:"},{"line_number":65,"context_line":"        branch \u003d repo.active_branch"},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"        commits \u003d list(repo.iter_commits(branch))"},{"line_number":68,"context_line":"        current_commit \u003d commits[0].hexsha"},{"line_number":69,"context_line":"        logger.info(\u0027Got current commit: [%s]\u0027, commits[0].name_rev)"},{"line_number":70,"context_line":""}],"source_content_type":"text/x-python","patch_set":12,"id":"7a740942_dccd9687","line":67,"updated":"2015-12-10 01:02:52.000000000","message":"This is going to take non-trivial time/memory on a repository with lots of history (like nova). Since you only check the first two commits, how about:\n\n        commits \u003d repo.iter_commits(branch)\n        current_commit \u003d commits.next()\n        parent_commit \u003d commits.next()\n        ...\n    except (git.GitCommandError, StopIteration):\n\n?","commit_id":"b1f84c611693048a6db40d979636573e73493495"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"38fa7f7eec8ab297efcbc76752ee857f9a91abbd","unresolved":false,"context_lines":[{"line_number":64,"context_line":"    try:"},{"line_number":65,"context_line":"        branch \u003d repo.active_branch"},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"        commits \u003d list(repo.iter_commits(branch))"},{"line_number":68,"context_line":"        current_commit \u003d commits[0].hexsha"},{"line_number":69,"context_line":"        logger.info(\u0027Got current commit: [%s]\u0027, commits[0].name_rev)"},{"line_number":70,"context_line":""}],"source_content_type":"text/x-python","patch_set":12,"id":"7a740942_7d90f54e","line":67,"in_reply_to":"7a740942_dccd9687","updated":"2015-12-10 15:56:17.000000000","message":"Done","commit_id":"b1f84c611693048a6db40d979636573e73493495"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"d720a235f7f500d5721ddaf977a45aaeac022f68","unresolved":false,"context_lines":[{"line_number":73,"context_line":""},{"line_number":74,"context_line":"    except (git.GitCommandError, IndexError):"},{"line_number":75,"context_line":"        logger.error(\"Unable to get current branch and/or parent branch\")"},{"line_number":76,"context_line":"        exit(2)"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"    # #################### Run Bandit against both commits ####################"},{"line_number":79,"context_line":"    output_type \u003d ([\u0027-f\u0027, \u0027txt\u0027] if output_format \u003d\u003d default_output_format"}],"source_content_type":"text/x-python","patch_set":12,"id":"7a740942_7c934250","line":76,"updated":"2015-12-10 01:02:52.000000000","message":"sys.exit","commit_id":"b1f84c611693048a6db40d979636573e73493495"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"38fa7f7eec8ab297efcbc76752ee857f9a91abbd","unresolved":false,"context_lines":[{"line_number":73,"context_line":""},{"line_number":74,"context_line":"    except (git.GitCommandError, IndexError):"},{"line_number":75,"context_line":"        logger.error(\"Unable to get current branch and/or parent branch\")"},{"line_number":76,"context_line":"        exit(2)"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"    # #################### Run Bandit against both commits ####################"},{"line_number":79,"context_line":"    output_type \u003d ([\u0027-f\u0027, \u0027txt\u0027] if output_format \u003d\u003d default_output_format"}],"source_content_type":"text/x-python","patch_set":12,"id":"7a740942_fdd2a55a","line":76,"in_reply_to":"7a740942_7c934250","updated":"2015-12-10 15:56:17.000000000","message":"Done","commit_id":"b1f84c611693048a6db40d979636573e73493495"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"d720a235f7f500d5721ddaf977a45aaeac022f68","unresolved":false,"context_lines":[{"line_number":113,"context_line":"        logger.info(\"Successfully wrote %s\", report_fname)"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"    # exit with the code the last Bandit run returned"},{"line_number":116,"context_line":"    return return_code"},{"line_number":117,"context_line":""},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"# #################### Utility function to run Bandit commands ################"}],"source_content_type":"text/x-python","patch_set":12,"id":"7a740942_9cacee8d","line":116,"updated":"2015-12-10 01:02:52.000000000","message":"sys.exit(return_code) ?","commit_id":"b1f84c611693048a6db40d979636573e73493495"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"38fa7f7eec8ab297efcbc76752ee857f9a91abbd","unresolved":false,"context_lines":[{"line_number":113,"context_line":"        logger.info(\"Successfully wrote %s\", report_fname)"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"    # exit with the code the last Bandit run returned"},{"line_number":116,"context_line":"    return return_code"},{"line_number":117,"context_line":""},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"# #################### Utility function to run Bandit commands ################"}],"source_content_type":"text/x-python","patch_set":12,"id":"7a740942_3d9a6d6f","line":116,"in_reply_to":"7a740942_9cacee8d","updated":"2015-12-10 15:56:17.000000000","message":"Done","commit_id":"b1f84c611693048a6db40d979636573e73493495"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"d720a235f7f500d5721ddaf977a45aaeac022f68","unresolved":false,"context_lines":[{"line_number":136,"context_line":"def baseline_setup():"},{"line_number":137,"context_line":"    d \u003d tempfile.mkdtemp()"},{"line_number":138,"context_line":"    yield d"},{"line_number":139,"context_line":"    subprocess.call([\u0027rm\u0027, \u0027-rf\u0027, d])"},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    if repo:"},{"line_number":142,"context_line":"        repo.head.reset(commit\u003dcurrent_commit, working_tree\u003dTrue)"}],"source_content_type":"text/x-python","patch_set":12,"id":"7a740942_7c8ca235","line":139,"updated":"2015-12-10 01:02:52.000000000","message":"shutil.rmtree(d, True) ?","commit_id":"b1f84c611693048a6db40d979636573e73493495"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"38fa7f7eec8ab297efcbc76752ee857f9a91abbd","unresolved":false,"context_lines":[{"line_number":136,"context_line":"def baseline_setup():"},{"line_number":137,"context_line":"    d \u003d tempfile.mkdtemp()"},{"line_number":138,"context_line":"    yield d"},{"line_number":139,"context_line":"    subprocess.call([\u0027rm\u0027, \u0027-rf\u0027, d])"},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    if repo:"},{"line_number":142,"context_line":"        repo.head.reset(commit\u003dcurrent_commit, working_tree\u003dTrue)"}],"source_content_type":"text/x-python","patch_set":12,"id":"7a740942_dd032975","line":139,"in_reply_to":"7a740942_7c8ca235","updated":"2015-12-10 15:56:17.000000000","message":"Done","commit_id":"b1f84c611693048a6db40d979636573e73493495"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"22131f00d6b812fc2c741a00f3c35c4ee8cce5c8","unresolved":false,"context_lines":[{"line_number":74,"context_line":"        parent_commit \u003d commit.hexsha"},{"line_number":75,"context_line":"        logger.info(\u0027Got parent commit: [%s]\u0027, commit.name_rev)"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"    except (git.GitCommandError, IndexError):"},{"line_number":78,"context_line":"        logger.error(\"Unable to get current branch and/or parent branch\")"},{"line_number":79,"context_line":"        sys.exit(2)"},{"line_number":80,"context_line":""}],"source_content_type":"text/x-python","patch_set":21,"id":"7a740942_e463da3f","line":77,"updated":"2015-12-10 21:56:00.000000000","message":"I think that will raise StopIteration, not IndexError on short repo.","commit_id":"a24e4c816f269c6007a2b9103fe4a1fde6bfa621"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"526617b8ad6eb469bc7179fdeb214464e2dd9991","unresolved":false,"context_lines":[{"line_number":74,"context_line":"        parent_commit \u003d commit.hexsha"},{"line_number":75,"context_line":"        logger.info(\u0027Got parent commit: [%s]\u0027, commit.name_rev)"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"    except (git.GitCommandError, IndexError):"},{"line_number":78,"context_line":"        logger.error(\"Unable to get current branch and/or parent branch\")"},{"line_number":79,"context_line":"        sys.exit(2)"},{"line_number":80,"context_line":""}],"source_content_type":"text/x-python","patch_set":21,"id":"7a740942_07f94580","line":77,"in_reply_to":"7a740942_e463da3f","updated":"2015-12-10 23:48:21.000000000","message":"yeah, good point - I forgot to update when we switched to next()","commit_id":"a24e4c816f269c6007a2b9103fe4a1fde6bfa621"},{"author":{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},"change_message_id":"9c3dec127d17ae1a511b1b9853e7e4b30fdc809e","unresolved":false,"context_lines":[{"line_number":102,"context_line":"            logger.info(step[\u0027message\u0027])"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"            bandit_command \u003d [\u0027bandit\u0027] + step[\u0027args\u0027]"},{"line_number":105,"context_line":"            return_code, output \u003d call_command(bandit_command)"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"            if return_code not in [0, 1]:"},{"line_number":108,"context_line":"                logger.error(\"Error running command: %s\\nOutput: %s\\n\","}],"source_content_type":"text/x-python","patch_set":21,"id":"7a740942_5f363be8","line":105,"updated":"2015-12-10 21:59:41.000000000","message":"You can probably execute the bandit code directly and avoid a command call.","commit_id":"a24e4c816f269c6007a2b9103fe4a1fde6bfa621"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"526617b8ad6eb469bc7179fdeb214464e2dd9991","unresolved":false,"context_lines":[{"line_number":102,"context_line":"            logger.info(step[\u0027message\u0027])"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"            bandit_command \u003d [\u0027bandit\u0027] + step[\u0027args\u0027]"},{"line_number":105,"context_line":"            return_code, output \u003d call_command(bandit_command)"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"            if return_code not in [0, 1]:"},{"line_number":108,"context_line":"                logger.error(\"Error running command: %s\\nOutput: %s\\n\","}],"source_content_type":"text/x-python","patch_set":21,"id":"7a740942_871215b3","line":105,"in_reply_to":"7a740942_5f363be8","updated":"2015-12-10 23:48:21.000000000","message":"Done","commit_id":"a24e4c816f269c6007a2b9103fe4a1fde6bfa621"},{"author":{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},"change_message_id":"9c3dec127d17ae1a511b1b9853e7e4b30fdc809e","unresolved":false,"context_lines":[{"line_number":140,"context_line":"    d \u003d tempfile.mkdtemp()"},{"line_number":141,"context_line":"    yield d"},{"line_number":142,"context_line":"    shutil.rmtree(d, True)"},{"line_number":143,"context_line":"    subprocess.call([\u0027rm\u0027, \u0027-rf\u0027, d])"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"    if repo:"},{"line_number":146,"context_line":"        repo.head.reset(commit\u003dcurrent_commit, working_tree\u003dTrue)"}],"source_content_type":"text/x-python","patch_set":21,"id":"7a740942_4478aec4","line":143,"updated":"2015-12-10 21:59:41.000000000","message":"Isn\u0027t this the same as the line above?","commit_id":"a24e4c816f269c6007a2b9103fe4a1fde6bfa621"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"22131f00d6b812fc2c741a00f3c35c4ee8cce5c8","unresolved":false,"context_lines":[{"line_number":140,"context_line":"    d \u003d tempfile.mkdtemp()"},{"line_number":141,"context_line":"    yield d"},{"line_number":142,"context_line":"    shutil.rmtree(d, True)"},{"line_number":143,"context_line":"    subprocess.call([\u0027rm\u0027, \u0027-rf\u0027, d])"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"    if repo:"},{"line_number":146,"context_line":"        repo.head.reset(commit\u003dcurrent_commit, working_tree\u003dTrue)"}],"source_content_type":"text/x-python","patch_set":21,"id":"7a740942_24e1e29a","line":143,"updated":"2015-12-10 21:56:00.000000000","message":"not needed after rmtree","commit_id":"a24e4c816f269c6007a2b9103fe4a1fde6bfa621"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"526617b8ad6eb469bc7179fdeb214464e2dd9991","unresolved":false,"context_lines":[{"line_number":140,"context_line":"    d \u003d tempfile.mkdtemp()"},{"line_number":141,"context_line":"    yield d"},{"line_number":142,"context_line":"    shutil.rmtree(d, True)"},{"line_number":143,"context_line":"    subprocess.call([\u0027rm\u0027, \u0027-rf\u0027, d])"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"    if repo:"},{"line_number":146,"context_line":"        repo.head.reset(commit\u003dcurrent_commit, working_tree\u003dTrue)"}],"source_content_type":"text/x-python","patch_set":21,"id":"7a740942_07270513","line":143,"in_reply_to":"7a740942_24e1e29a","updated":"2015-12-10 23:48:21.000000000","message":"Done","commit_id":"a24e4c816f269c6007a2b9103fe4a1fde6bfa621"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"526617b8ad6eb469bc7179fdeb214464e2dd9991","unresolved":false,"context_lines":[{"line_number":140,"context_line":"    d \u003d tempfile.mkdtemp()"},{"line_number":141,"context_line":"    yield d"},{"line_number":142,"context_line":"    shutil.rmtree(d, True)"},{"line_number":143,"context_line":"    subprocess.call([\u0027rm\u0027, \u0027-rf\u0027, d])"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"    if repo:"},{"line_number":146,"context_line":"        repo.head.reset(commit\u003dcurrent_commit, working_tree\u003dTrue)"}],"source_content_type":"text/x-python","patch_set":21,"id":"7a740942_c7201dfa","line":143,"in_reply_to":"7a740942_4478aec4","updated":"2015-12-10 23:48:21.000000000","message":"Done","commit_id":"a24e4c816f269c6007a2b9103fe4a1fde6bfa621"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"22131f00d6b812fc2c741a00f3c35c4ee8cce5c8","unresolved":false,"context_lines":[{"line_number":204,"context_line":"        logger.error(\"Git command not found\")"},{"line_number":205,"context_line":"        valid \u003d False"},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"    if repo.is_dirty():"},{"line_number":208,"context_line":"        logger.error(\"Current working directory is dirty and must be resolved\")"},{"line_number":209,"context_line":"        valid \u003d False"},{"line_number":210,"context_line":""}],"source_content_type":"text/x-python","patch_set":21,"id":"7a740942_645a8a52","line":207,"updated":"2015-12-10 21:56:00.000000000","message":"If there\u0027s an exception above, repo will be None. Maybe pull it into try:... else:?","commit_id":"a24e4c816f269c6007a2b9103fe4a1fde6bfa621"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"526617b8ad6eb469bc7179fdeb214464e2dd9991","unresolved":false,"context_lines":[{"line_number":204,"context_line":"        logger.error(\"Git command not found\")"},{"line_number":205,"context_line":"        valid \u003d False"},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"    if repo.is_dirty():"},{"line_number":208,"context_line":"        logger.error(\"Current working directory is dirty and must be resolved\")"},{"line_number":209,"context_line":"        valid \u003d False"},{"line_number":210,"context_line":""}],"source_content_type":"text/x-python","patch_set":21,"id":"7a740942_475aed84","line":207,"in_reply_to":"7a740942_645a8a52","updated":"2015-12-10 23:48:21.000000000","message":"Done","commit_id":"a24e4c816f269c6007a2b9103fe4a1fde6bfa621"}],"tests/unit/test_bandit_baseline.py":[{"author":{"_account_id":4190,"name":"lifeless","email":"robertc@robertcollins.net","username":"lifeless"},"change_message_id":"f2ece760fd1d61f1745587a2d6839b493f89bcea","unresolved":false,"context_lines":[{"line_number":35,"context_line":""},{"line_number":36,"context_line":"class BanditBaselineToolTests(testtools.TestCase):"},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"    def setUp(self):"},{"line_number":39,"context_line":"        super(BanditBaselineToolTests, self).setUp()"},{"line_number":40,"context_line":"        self.repo_directory \u003d tempfile.mkdtemp()"},{"line_number":41,"context_line":""}],"source_content_type":"text/x-python","patch_set":11,"id":"7a740942_c61f06b6","line":38,"updated":"2015-12-09 22:51:13.000000000","message":"Since you only have one test, using setUp (designed to share fixtures between tests) seems pointless // confusing. Certainly it makes it unclear that you *expect* connaisence of meaning and name between setUp and test_bandit_baseline. I\u0027d put them in the same function.","commit_id":"41da34917cf6eb1968e37c73f8fb9734768ec31e"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"fe2633fe1e015c01b9a3f5a8781e5f8d6d0f8693","unresolved":false,"context_lines":[{"line_number":35,"context_line":""},{"line_number":36,"context_line":"class BanditBaselineToolTests(testtools.TestCase):"},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"    def setUp(self):"},{"line_number":39,"context_line":"        super(BanditBaselineToolTests, self).setUp()"},{"line_number":40,"context_line":"        self.repo_directory \u003d tempfile.mkdtemp()"},{"line_number":41,"context_line":""}],"source_content_type":"text/x-python","patch_set":11,"id":"7a740942_2c934ba5","line":38,"in_reply_to":"7a740942_c61f06b6","updated":"2015-12-10 00:45:14.000000000","message":"Done","commit_id":"41da34917cf6eb1968e37c73f8fb9734768ec31e"},{"author":{"_account_id":4190,"name":"lifeless","email":"robertc@robertcollins.net","username":"lifeless"},"change_message_id":"f2ece760fd1d61f1745587a2d6839b493f89bcea","unresolved":false,"context_lines":[{"line_number":44,"context_line":"        file_c \u003d self.repo_directory + \u0027/file_c.py\u0027"},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"        # create file_a, file_b, file_c -- file_a and file_c are benign, file_b"},{"line_number":47,"context_line":"        # has Bandit findings"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"        with open(self.repo_directory + \u0027/file_a.py\u0027, \u0027w\u0027) as f:"},{"line_number":50,"context_line":"            f.write(benign_contents)"}],"source_content_type":"text/x-python","patch_set":11,"id":"7a740942_266a8a1b","line":47,"updated":"2015-12-09 22:51:13.000000000","message":"Since you\u0027ve got complete control here, perhaps use semantic names:\n\n benign_one.py\n benign_two.py\n findings_one.py","commit_id":"41da34917cf6eb1968e37c73f8fb9734768ec31e"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"fe2633fe1e015c01b9a3f5a8781e5f8d6d0f8693","unresolved":false,"context_lines":[{"line_number":44,"context_line":"        file_c \u003d self.repo_directory + \u0027/file_c.py\u0027"},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"        # create file_a, file_b, file_c -- file_a and file_c are benign, file_b"},{"line_number":47,"context_line":"        # has Bandit findings"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"        with open(self.repo_directory + \u0027/file_a.py\u0027, \u0027w\u0027) as f:"},{"line_number":50,"context_line":"            f.write(benign_contents)"}],"source_content_type":"text/x-python","patch_set":11,"id":"7a740942_0c968f94","line":47,"in_reply_to":"7a740942_266a8a1b","updated":"2015-12-10 00:45:14.000000000","message":"Done","commit_id":"41da34917cf6eb1968e37c73f8fb9734768ec31e"},{"author":{"_account_id":4190,"name":"lifeless","email":"robertc@robertcollins.net","username":"lifeless"},"change_message_id":"f2ece760fd1d61f1745587a2d6839b493f89bcea","unresolved":false,"context_lines":[{"line_number":46,"context_line":"        # create file_a, file_b, file_c -- file_a and file_c are benign, file_b"},{"line_number":47,"context_line":"        # has Bandit findings"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"        with open(self.repo_directory + \u0027/file_a.py\u0027, \u0027w\u0027) as f:"},{"line_number":50,"context_line":"            f.write(benign_contents)"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"        with open(self.repo_directory + \u0027/file_b.py\u0027, \u0027w\u0027) as f:"}],"source_content_type":"text/x-python","patch_set":11,"id":"7a740942_26512a63","line":49,"updated":"2015-12-09 22:51:13.000000000","message":"These should be \u0027wt\u0027, since you are writing text.\n\nI often find a little loop over a mini-dsl is nice:\n\n for nane, contents in shape:\n     with open(os.path.join(self.repo_directory, name), \u0027wt\u0027) as output:\n         output.write(contents)\n\nThen I can just assign shape like so:\nshape \u003d [(\u0027benign_one.py\u0027, benign), ...]\n\nIf you don\u0027t like that, thats fine, but at least use the variable names you calculated just above to make this more readable :)","commit_id":"41da34917cf6eb1968e37c73f8fb9734768ec31e"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"fe2633fe1e015c01b9a3f5a8781e5f8d6d0f8693","unresolved":false,"context_lines":[{"line_number":46,"context_line":"        # create file_a, file_b, file_c -- file_a and file_c are benign, file_b"},{"line_number":47,"context_line":"        # has Bandit findings"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"        with open(self.repo_directory + \u0027/file_a.py\u0027, \u0027w\u0027) as f:"},{"line_number":50,"context_line":"            f.write(benign_contents)"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"        with open(self.repo_directory + \u0027/file_b.py\u0027, \u0027w\u0027) as f:"}],"source_content_type":"text/x-python","patch_set":11,"id":"7a740942_6c807347","line":49,"in_reply_to":"7a740942_26512a63","updated":"2015-12-10 00:45:14.000000000","message":"Done","commit_id":"41da34917cf6eb1968e37c73f8fb9734768ec31e"},{"author":{"_account_id":4190,"name":"lifeless","email":"robertc@robertcollins.net","username":"lifeless"},"change_message_id":"f2ece760fd1d61f1745587a2d6839b493f89bcea","unresolved":false,"context_lines":[{"line_number":76,"context_line":"        # we expect this to return 1 because the malicious contents file was"},{"line_number":77,"context_line":"        # added, which means there will be baseline findings"},{"line_number":78,"context_line":"        self.git_repo.head.reset(commit\u003dself.commits[1], working_tree\u003dTrue)"},{"line_number":79,"context_line":"        self.assertEqual(subprocess.call([\u0027bandit-baseline\u0027, \u0027-r\u0027, \u0027.\u0027]), 1)"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"        # we expect this to return 0 because the benign contents file was added"},{"line_number":82,"context_line":"        # which means no baseline findings"}],"source_content_type":"text/x-python","patch_set":11,"id":"7a740942_66397241","line":79,"updated":"2015-12-09 22:51:13.000000000","message":"Since bandit-baseline is part of bandit, you would make this test narrow if you invoked its main function directly rather than invoking it as an external process. Its not *wrong* to do what you\u0027ve done, but it is slower, harder to debug when its failing, and generally more cumbersome.","commit_id":"41da34917cf6eb1968e37c73f8fb9734768ec31e"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"fe2633fe1e015c01b9a3f5a8781e5f8d6d0f8693","unresolved":false,"context_lines":[{"line_number":76,"context_line":"        # we expect this to return 1 because the malicious contents file was"},{"line_number":77,"context_line":"        # added, which means there will be baseline findings"},{"line_number":78,"context_line":"        self.git_repo.head.reset(commit\u003dself.commits[1], working_tree\u003dTrue)"},{"line_number":79,"context_line":"        self.assertEqual(subprocess.call([\u0027bandit-baseline\u0027, \u0027-r\u0027, \u0027.\u0027]), 1)"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"        # we expect this to return 0 because the benign contents file was added"},{"line_number":82,"context_line":"        # which means no baseline findings"}],"source_content_type":"text/x-python","patch_set":11,"id":"7a740942_39486c87","line":79,"in_reply_to":"7a740942_66397241","updated":"2015-12-10 00:45:14.000000000","message":"I agree, this is cleaner but I really struggled to make it work so I\u0027m going to skip it for now :)\n\nSpecifically I don\u0027t know how to make main work with args and correctly on the command line.  I found a few examples online but they didn\u0027t work.","commit_id":"41da34917cf6eb1968e37c73f8fb9734768ec31e"},{"author":{"_account_id":4190,"name":"lifeless","email":"robertc@robertcollins.net","username":"lifeless"},"change_message_id":"f2ece760fd1d61f1745587a2d6839b493f89bcea","unresolved":false,"context_lines":[{"line_number":85,"context_line":""},{"line_number":86,"context_line":"    def tearDown(self):"},{"line_number":87,"context_line":"        super(BanditBaselineToolTests, self).tearDown()"},{"line_number":88,"context_line":"        subprocess.call([\u0027rm\u0027, \u0027-rf\u0027, self.repo_directory])"}],"source_content_type":"text/x-python","patch_set":11,"id":"7a740942_c6daa617","line":88,"updated":"2015-12-09 22:51:13.000000000","message":"Don\u0027t ever use tearDown: its not guaranteed to run. Instead use addCleanup.\n\nSecondly, use shutil.rmtree(self.repo_directory, ignore_errors\u003dTrue) over subprocess with no error checking at all.\n\nThirdly, I think you\u0027d be better off using a TempDir fixture:\n\n self.repo_directory \u003d self.useFixture(TempDir()).path\n\nthis will take care of cleaning it up for you automatically. Thats found in fixtures.","commit_id":"41da34917cf6eb1968e37c73f8fb9734768ec31e"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"fe2633fe1e015c01b9a3f5a8781e5f8d6d0f8693","unresolved":false,"context_lines":[{"line_number":85,"context_line":""},{"line_number":86,"context_line":"    def tearDown(self):"},{"line_number":87,"context_line":"        super(BanditBaselineToolTests, self).tearDown()"},{"line_number":88,"context_line":"        subprocess.call([\u0027rm\u0027, \u0027-rf\u0027, self.repo_directory])"}],"source_content_type":"text/x-python","patch_set":11,"id":"7a740942_393f0cd8","line":88,"in_reply_to":"7a740942_c6daa617","updated":"2015-12-10 00:45:14.000000000","message":"Done","commit_id":"41da34917cf6eb1968e37c73f8fb9734768ec31e"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"d720a235f7f500d5721ddaf977a45aaeac022f68","unresolved":false,"context_lines":[{"line_number":75,"context_line":"        git_repo.head.reset(commit\u003dcommits[0], working_tree\u003dTrue)"},{"line_number":76,"context_line":"        self.assertEqual(subprocess.call([\u0027bandit-baseline\u0027, \u0027-r\u0027, \u0027.\u0027]), 0)"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"        subprocess.call([\u0027rm\u0027, \u0027-rf\u0027, repo_directory])"}],"source_content_type":"text/x-python","patch_set":12,"id":"7a740942_1cfd5e6e","line":78,"updated":"2015-12-10 01:02:52.000000000","message":"shutil.rmtree(repo_directory, True) ?","commit_id":"b1f84c611693048a6db40d979636573e73493495"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"38fa7f7eec8ab297efcbc76752ee857f9a91abbd","unresolved":false,"context_lines":[{"line_number":75,"context_line":"        git_repo.head.reset(commit\u003dcommits[0], working_tree\u003dTrue)"},{"line_number":76,"context_line":"        self.assertEqual(subprocess.call([\u0027bandit-baseline\u0027, \u0027-r\u0027, \u0027.\u0027]), 0)"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"        subprocess.call([\u0027rm\u0027, \u0027-rf\u0027, repo_directory])"}],"source_content_type":"text/x-python","patch_set":12,"id":"7a740942_3d44adb5","line":78,"in_reply_to":"7a740942_1cfd5e6e","updated":"2015-12-10 15:56:17.000000000","message":"Done","commit_id":"b1f84c611693048a6db40d979636573e73493495"},{"author":{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},"change_message_id":"9c3dec127d17ae1a511b1b9853e7e4b30fdc809e","unresolved":false,"context_lines":[{"line_number":45,"context_line":"something_benign()"},{"line_number":46,"context_line":"\"\"\""},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"malicious_contents \u003d \"\"\""},{"line_number":49,"context_line":"import os"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"os.system(\u0027do/something\u0027 + bad)"}],"source_content_type":"text/x-python","patch_set":21,"id":"7a740942_1f5e7312","line":48,"updated":"2015-12-10 21:59:41.000000000","message":"These would probably be better as actual files rather than inline code.  In fact we have an examples directory for these things","commit_id":"a24e4c816f269c6007a2b9103fe4a1fde6bfa621"},{"author":{"_account_id":11861,"name":"Travis McPeak","email":"tmcpeak@us.ibm.com","username":"travis-mcpeak"},"change_message_id":"526617b8ad6eb469bc7179fdeb214464e2dd9991","unresolved":false,"context_lines":[{"line_number":45,"context_line":"something_benign()"},{"line_number":46,"context_line":"\"\"\""},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"malicious_contents \u003d \"\"\""},{"line_number":49,"context_line":"import os"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"os.system(\u0027do/something\u0027 + bad)"}],"source_content_type":"text/x-python","patch_set":21,"id":"7a740942_476d0d03","line":48,"in_reply_to":"7a740942_1f5e7312","updated":"2015-12-10 23:48:21.000000000","message":"Done","commit_id":"a24e4c816f269c6007a2b9103fe4a1fde6bfa621"}],"tools/bandit_baseline.sh":[{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"cf8060d935cbc917b4b6c24850bde791e35cba68","unresolved":false,"context_lines":[{"line_number":10,"context_line":"ORIGINAL_BRANCH\u003d`git rev-parse --abbrev-ref HEAD`"},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"# find the commit ID of the parent commit"},{"line_number":13,"context_line":"PARENT_ID\u003d`git log -2 --first-parent --pretty\u003doneline | cut -d \" \" -f1 | sed -n 2p`"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"# checkout parent branch"},{"line_number":16,"context_line":"git checkout $PARENT_ID"}],"source_content_type":"text/x-sh","patch_set":1,"id":"7a740942_492ac691","line":13,"updated":"2015-12-08 01:52:08.000000000","message":"Is this different from \"PARENT_ID\u003d`git rev-parse \u0027HEAD^\u0027`\" ?","commit_id":"2f9f1383ab88b2a0755b5ff4afde9360c44536f1"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"cf8060d935cbc917b4b6c24850bde791e35cba68","unresolved":false,"context_lines":[{"line_number":13,"context_line":"PARENT_ID\u003d`git log -2 --first-parent --pretty\u003doneline | cut -d \" \" -f1 | sed -n 2p`"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"# checkout parent branch"},{"line_number":16,"context_line":"git checkout $PARENT_ID"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"# run Bandit baseline with whatever paremeters were passed"},{"line_number":19,"context_line":"bandit $@ -f json -o _bandit_baseline_run.json_"}],"source_content_type":"text/x-sh","patch_set":1,"id":"7a740942_49016605","line":16,"updated":"2015-12-08 01:52:08.000000000","message":"Should use some error checking, so that script aborts if there are uncommited changes and/or \"git checkout\" fails. (due to file conflicts)","commit_id":"2f9f1383ab88b2a0755b5ff4afde9360c44536f1"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"cf8060d935cbc917b4b6c24850bde791e35cba68","unresolved":false,"context_lines":[{"line_number":16,"context_line":"git checkout $PARENT_ID"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"# run Bandit baseline with whatever paremeters were passed"},{"line_number":19,"context_line":"bandit $@ -f json -o _bandit_baseline_run.json_"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"# run Bandit on original branch and generate baseline results"},{"line_number":22,"context_line":"git checkout $ORIGINAL_BRANCH"}],"source_content_type":"text/x-sh","patch_set":1,"id":"7a740942_a9b32a99","line":19,"updated":"2015-12-08 01:52:08.000000000","message":"\"$@\"","commit_id":"2f9f1383ab88b2a0755b5ff4afde9360c44536f1"},{"author":{"_account_id":12000,"name":"Ian Cordasco","email":"sigmavirus24@gmail.com","username":"sigmavirus24"},"change_message_id":"facb09a9beafaa06b515806d8aba98bc9646b48d","unresolved":false,"context_lines":[{"line_number":16,"context_line":"git checkout $PARENT_ID"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"# run Bandit baseline with whatever paremeters were passed"},{"line_number":19,"context_line":"bandit $@ -f json -o _bandit_baseline_run.json_"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"# run Bandit on original branch and generate baseline results"},{"line_number":22,"context_line":"git checkout $ORIGINAL_BRANCH"}],"source_content_type":"text/x-sh","patch_set":1,"id":"7a740942_780ba3d6","line":19,"in_reply_to":"7a740942_a9b32a99","updated":"2015-12-08 16:47:04.000000000","message":"I think we actually want it to expand here, we don\u0027t want them quoted. Regardless, this is moot since Travis seems like he\u0027ll be rewriting this.","commit_id":"2f9f1383ab88b2a0755b5ff4afde9360c44536f1"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"cf8060d935cbc917b4b6c24850bde791e35cba68","unresolved":false,"context_lines":[{"line_number":19,"context_line":"bandit $@ -f json -o _bandit_baseline_run.json_"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"# run Bandit on original branch and generate baseline results"},{"line_number":22,"context_line":"git checkout $ORIGINAL_BRANCH"},{"line_number":23,"context_line":"bandit $@ -b _bandit_baseline_run.json_ -f html -o bandit_baseline_results.html"},{"line_number":24,"context_line":""}],"source_content_type":"text/x-sh","patch_set":1,"id":"7a740942_099cbe0d","line":22,"updated":"2015-12-08 01:52:08.000000000","message":"variable quoting?","commit_id":"2f9f1383ab88b2a0755b5ff4afde9360c44536f1"},{"author":{"_account_id":1528,"name":"Stanislaw Pitucha","email":"viraptor@gmail.com","username":"stanislaw-pitucha"},"change_message_id":"cf8060d935cbc917b4b6c24850bde791e35cba68","unresolved":false,"context_lines":[{"line_number":20,"context_line":""},{"line_number":21,"context_line":"# run Bandit on original branch and generate baseline results"},{"line_number":22,"context_line":"git checkout $ORIGINAL_BRANCH"},{"line_number":23,"context_line":"bandit $@ -b _bandit_baseline_run.json_ -f html -o bandit_baseline_results.html"},{"line_number":24,"context_line":""}],"source_content_type":"text/x-sh","patch_set":1,"id":"7a740942_6c15503e","line":23,"updated":"2015-12-08 01:52:08.000000000","message":"\"$@\"","commit_id":"2f9f1383ab88b2a0755b5ff4afde9360c44536f1"}]}