)]}'
{"tox.ini":[{"author":{"_account_id":21798,"name":"Bernard Cafarelli","email":"bcafarel@redhat.com","username":"bcafarel"},"change_message_id":"59a33dadde15976f18893666c9c6733718d5f5dd","unresolved":false,"context_lines":[{"line_number":181,"context_line":"[testenv:bandit]"},{"line_number":182,"context_line":"basepython \u003d python3"},{"line_number":183,"context_line":"# B104: Possible binding to all interfaces"},{"line_number":184,"context_line":"# B303: blacklist calls: md5, sha1"},{"line_number":185,"context_line":"# B311: Standard pseudo-random generators are not suitable for security/cryptographic purpose"},{"line_number":186,"context_line":"# B604: any_other_function_with_shell_equals_true"},{"line_number":187,"context_line":"deps \u003d -r{toxinidir}/test-requirements.txt"}],"source_content_type":"text/x-properties","patch_set":2,"id":"3f79a3b5_fb54b123","line":184,"range":{"start_line":184,"start_character":2,"end_line":184,"end_character":6},"updated":"2018-08-17 08:48:09.000000000","message":"\u003e\u003e Issue: [B303:blacklist] Use of insecure MD2, MD4, MD5, or SHA1 hash function.\n   Severity: Medium   Confidence: High\n   Location: neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py:1788\n   More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b303-md5\n1786\t            else:\n1787\t                # Create 32-bit Base32 encoded hash\n1788\t                sha1 \u003d hashlib.sha1(ip_address.encode())\n1789\t                iphash \u003d base64.b32encode(sha1.digest())\n1790\t                return iphash[:hashlen].decode().lower()","commit_id":"82224347de66939714f878422be628536d784373"},{"author":{"_account_id":21798,"name":"Bernard Cafarelli","email":"bcafarel@redhat.com","username":"bcafarel"},"change_message_id":"59a33dadde15976f18893666c9c6733718d5f5dd","unresolved":false,"context_lines":[{"line_number":183,"context_line":"# B104: Possible binding to all interfaces"},{"line_number":184,"context_line":"# B303: blacklist calls: md5, sha1"},{"line_number":185,"context_line":"# B311: Standard pseudo-random generators are not suitable for security/cryptographic purpose"},{"line_number":186,"context_line":"# B604: any_other_function_with_shell_equals_true"},{"line_number":187,"context_line":"deps \u003d -r{toxinidir}/test-requirements.txt"},{"line_number":188,"context_line":"commands \u003d bandit -r neutron -x tests -n5 -s B104,B303,B311,B604"},{"line_number":189,"context_line":""}],"source_content_type":"text/x-properties","patch_set":2,"id":"3f79a3b5_9b2fbda6","line":186,"range":{"start_line":186,"start_character":2,"end_line":186,"end_character":6},"updated":"2018-08-17 08:48:09.000000000","message":"\u003e\u003e Issue: [B604:any_other_function_with_shell_equals_true] Function call with shell\u003dTrue parameter identified, possible security issue.\n   Severity: Medium   Confidence: Low\n   Location: neutron/common/utils.py:115\n   More Info: https://bandit.readthedocs.io/en/latest/plugins/b604_any_other_function_with_shell_equals_true.html\n113\t                     env\u003dNone, preexec_fn\u003d_subprocess_setup, close_fds\u003dTrue):\n114\t\n115\t    return subprocess.Popen(args, shell\u003dshell, stdin\u003dstdin, stdout\u003dstdout,\n116\t                            stderr\u003dstderr, preexec_fn\u003dpreexec_fn,\n117\t                            close_fds\u003dclose_fds, env\u003denv)","commit_id":"82224347de66939714f878422be628536d784373"}]}