8972342d0b
Anywhere oslo.config is used to register an option for a password, Bandit needs to check whether its marked secret. https://github.com/hyakuhei/OSSG-Security-Practices/blob/master/sensitive_config_file_options.md Change-Id: I77ed0d50e004c41a685dac5c647b2129de8bc198
29 lines
756 B
Python
29 lines
756 B
Python
from oslo_config import cfg
|
|
|
|
|
|
# Correct
|
|
secret = True
|
|
opts = [
|
|
cfg.StrOpt('admin_user',
|
|
help="User's name"),
|
|
cfg.StrOpt('admin_password',
|
|
secret=True,
|
|
help="User's password"),
|
|
cfg.StrOpt('nova_password',
|
|
secret=secret,
|
|
help="Nova user password"),
|
|
]
|
|
|
|
# Incorrect: password not marked secret
|
|
ldap_opts = [
|
|
cfg.StrOpt('ldap_user',
|
|
help="LDAP ubind ser name"),
|
|
cfg.StrOpt('ldap_password',
|
|
help="LDAP bind user password"),
|
|
cfg.StrOpt('ldap_password_attribute',
|
|
help="LDAP password attribute (default userPassword"),
|
|
cfg.StrOpt('user_password',
|
|
secret=False,
|
|
help="User password"),
|
|
]
|