)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":9236,"name":"Jon Bernard","email":"jobernar@redhat.com","username":"jbernard"},"change_message_id":"ff4503e63cb544e4e58ec52c4624a8ebffbc4548","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"719a93be_11c22717","updated":"2023-02-08 16:35:22.000000000","message":"Always nice to remove globals, looks good to me.\n","commit_id":"e43cdf6e1eaccc5c322660a57ce43303aa62b0a1"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ef6e8015ed64e36fd199ba6250c66427b6e2efbb","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"66cc487f_ad7a262b","updated":"2023-02-08 18:01:54.000000000","message":"I think this is OK, but see comment inline.","commit_id":"e43cdf6e1eaccc5c322660a57ce43303aa62b0a1"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"e47585824a6fc58781b86231f65aec1d13b286a4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"6cdebbd7_c8dad406","updated":"2023-02-09 16:55:25.000000000","message":"LGTM.","commit_id":"e43cdf6e1eaccc5c322660a57ce43303aa62b0a1"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"4d1f7049fcd35e7e6242a2863d90eec90622c803","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"0e1348ed_409f264f","updated":"2023-02-07 07:09:35.000000000","message":"The two rules ignored with the bandit version bump makes sense to me.","commit_id":"e43cdf6e1eaccc5c322660a57ce43303aa62b0a1"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"d20336bec9cc296db18d0b9b6194b05ef90d71d8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"55076220_84ae69d7","updated":"2023-02-09 18:56:34.000000000","message":"recheck tempest-full-py3 post_failure","commit_id":"e43cdf6e1eaccc5c322660a57ce43303aa62b0a1"}],"os_brick/initiator/linuxfc.py":[{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"4d1f7049fcd35e7e6242a2863d90eec90622c803","unresolved":false,"context_lines":[{"line_number":73,"context_line":"                                                                 \u0027path\u0027: path}"},{"line_number":74,"context_line":"            try:"},{"line_number":75,"context_line":"                # We need to run command in shell to expand the * glob"},{"line_number":76,"context_line":"                out, _err \u003d self._execute(cmd, shell\u003dTrue)  # nosec: B604"},{"line_number":77,"context_line":"                ctls +\u003d [line.split(\u0027/\u0027)[4].split(\u0027:\u0027)[1:] + [lun]"},{"line_number":78,"context_line":"                         for line in out.split(\u0027\\n\u0027) if line.startswith(path)]"},{"line_number":79,"context_line":"            except Exception as exc:"}],"source_content_type":"text/x-python","patch_set":1,"id":"e680af28_6a1b34a6","line":76,"range":{"start_line":76,"start_character":60,"end_line":76,"end_character":73},"updated":"2023-02-07 07:09:35.000000000","message":"we shouldn\u0027t have any security issue with shell\u003dTrue else it would\u0027ve been reported.\nlooks appropriate to ignore it\n\nhttps://bandit.readthedocs.io/en/latest/plugins/b604_any_other_function_with_shell_equals_true.html","commit_id":"e43cdf6e1eaccc5c322660a57ce43303aa62b0a1"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"e47585824a6fc58781b86231f65aec1d13b286a4","unresolved":false,"context_lines":[{"line_number":73,"context_line":"                                                                 \u0027path\u0027: path}"},{"line_number":74,"context_line":"            try:"},{"line_number":75,"context_line":"                # We need to run command in shell to expand the * glob"},{"line_number":76,"context_line":"                out, _err \u003d self._execute(cmd, shell\u003dTrue)  # nosec: B604"},{"line_number":77,"context_line":"                ctls +\u003d [line.split(\u0027/\u0027)[4].split(\u0027:\u0027)[1:] + [lun]"},{"line_number":78,"context_line":"                         for line in out.split(\u0027\\n\u0027) if line.startswith(path)]"},{"line_number":79,"context_line":"            except Exception as exc:"}],"source_content_type":"text/x-python","patch_set":1,"id":"5bf3ba93_b2d770ed","line":76,"range":{"start_line":76,"start_character":60,"end_line":76,"end_character":73},"in_reply_to":"ac12290d_367b4d49","updated":"2023-02-09 16:55:25.000000000","message":"I\u0027ve convinced myself, anyway, that we don\u0027t have to worry about this instance of B604.","commit_id":"e43cdf6e1eaccc5c322660a57ce43303aa62b0a1"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ef6e8015ed64e36fd199ba6250c66427b6e2efbb","unresolved":false,"context_lines":[{"line_number":73,"context_line":"                                                                 \u0027path\u0027: path}"},{"line_number":74,"context_line":"            try:"},{"line_number":75,"context_line":"                # We need to run command in shell to expand the * glob"},{"line_number":76,"context_line":"                out, _err \u003d self._execute(cmd, shell\u003dTrue)  # nosec: B604"},{"line_number":77,"context_line":"                ctls +\u003d [line.split(\u0027/\u0027)[4].split(\u0027:\u0027)[1:] + [lun]"},{"line_number":78,"context_line":"                         for line in out.split(\u0027\\n\u0027) if line.startswith(path)]"},{"line_number":79,"context_line":"            except Exception as exc:"}],"source_content_type":"text/x-python","patch_set":1,"id":"ac12290d_367b4d49","line":76,"range":{"start_line":76,"start_character":60,"end_line":76,"end_character":73},"in_reply_to":"e680af28_6a1b34a6","updated":"2023-02-08 18:01:54.000000000","message":"Well, the issue is whether we\u0027re making a shell command with unsanitized user input.  We\u0027re creating a command using strings from the connection_properties.  But i think the double quotes around \"%(wwpns)s\" plus the -l option to grep would make it hard to do something like get\n\n  password\" \"/etc/nova/nova.conf \u003e\n  \ninto the targets as a wwpn and have it work as a useful redirect.  Plus, we\u0027re creating the main part of the path ourselves at line 68, so even if someone were able to get some kind of crazy host_device field into the hba, it looks like it would be surrounded by enough other characters that you wouldn\u0027t be able to make the system do anything.  So I think this is pretty unlikely as an attack vector (but then I\u0027m not sufficiently devious to be a good hacker).  But by putting the nosec here we are saying that this is definitely not an attack vector.","commit_id":"e43cdf6e1eaccc5c322660a57ce43303aa62b0a1"}],"test-requirements.txt":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ef6e8015ed64e36fd199ba6250c66427b6e2efbb","unresolved":true,"context_lines":[{"line_number":16,"context_line":"pycodestyle\u003d\u003d2.6.0 # MIT"},{"line_number":17,"context_line":"doc8\u003e\u003d0.8.1 # Apache-2.0"},{"line_number":18,"context_line":"fixtures\u003e\u003d3.0.0 # Apache-2.0/BSD"},{"line_number":19,"context_line":"bandit\u003e\u003d1.7.0,\u003c1.8.0 # Apache-2.0"},{"line_number":20,"context_line":"mypy\u003e\u003d0.982 # MIT"},{"line_number":21,"context_line":"eventlet\u003e\u003d0.30.1,!\u003d0.32.0 # MIT"}],"source_content_type":"text/plain","patch_set":1,"id":"21650540_6dd06f33","line":19,"range":{"start_line":19,"start_character":6,"end_line":19,"end_character":8},"updated":"2023-02-08 18:01:54.000000000","message":"I guess \u003e\u003d is OK, on the theory that the current strictly less than is there to prevent using a new minor version, not because there was something particularly bad about 1.7.0.  The CI tests right now are using bandit-1.7.4","commit_id":"e43cdf6e1eaccc5c322660a57ce43303aa62b0a1"}],"tox.ini":[{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"4d1f7049fcd35e7e6242a2863d90eec90622c803","unresolved":false,"context_lines":[{"line_number":61,"context_line":"[testenv:bandit]"},{"line_number":62,"context_line":"deps \u003d -r{toxinidir}/test-requirements.txt"},{"line_number":63,"context_line":"# B101: skip assert used checks, they are validly used for mypy"},{"line_number":64,"context_line":"commands: bandit -r os_brick -x os_brick/tests -n5 -sB101"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"[testenv:pylint]"},{"line_number":67,"context_line":"deps \u003d"}],"source_content_type":"text/x-properties","patch_set":1,"id":"d7b68409_b3b9e8f6","line":64,"range":{"start_line":64,"start_character":51,"end_line":64,"end_character":57},"updated":"2023-02-07 07:09:35.000000000","message":"we do use assert quite a lot with mypy\n\nhttps://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html","commit_id":"e43cdf6e1eaccc5c322660a57ce43303aa62b0a1"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ef6e8015ed64e36fd199ba6250c66427b6e2efbb","unresolved":false,"context_lines":[{"line_number":61,"context_line":"[testenv:bandit]"},{"line_number":62,"context_line":"deps \u003d -r{toxinidir}/test-requirements.txt"},{"line_number":63,"context_line":"# B101: skip assert used checks, they are validly used for mypy"},{"line_number":64,"context_line":"commands: bandit -r os_brick -x os_brick/tests -n5 -sB101"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"[testenv:pylint]"},{"line_number":67,"context_line":"deps \u003d"}],"source_content_type":"text/x-properties","patch_set":1,"id":"956fd61c_01cc08b1","line":64,"range":{"start_line":64,"start_character":51,"end_line":64,"end_character":57},"in_reply_to":"d7b68409_b3b9e8f6","updated":"2023-02-08 18:01:54.000000000","message":"Might be a good idea to remind reviewers about \"bad\" uses of assert, though tbh, the only ones i\u0027ve seen in the code (other than for mypy) were on a patch removing the use of assert!","commit_id":"e43cdf6e1eaccc5c322660a57ce43303aa62b0a1"}]}