From 6659cb8d192d127f314dcf8e6036b2f59b3c3540 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mois=C3=A9s=20Guimar=C3=A3es=20de=20Medeiros?=
 <moguimar@redhat.com>
Date: Fri, 24 Jul 2020 17:34:30 +0200
Subject: [PATCH] Bump bandit version
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This patch bumps bandit allowed version to >=1.6.0,<1.7.0 in order to
avoid the errors detailed here https://github.com/PyCQA/bandit/pull/393

Change-Id: I9235560667f664643007b8ca0be1707eab4126ad
Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
---
 oslo_messaging/_drivers/impl_rabbit.py | 9 +++++++--
 test-requirements.txt                  | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/oslo_messaging/_drivers/impl_rabbit.py b/oslo_messaging/_drivers/impl_rabbit.py
index f6ddf8fc2..621469a0f 100644
--- a/oslo_messaging/_drivers/impl_rabbit.py
+++ b/oslo_messaging/_drivers/impl_rabbit.py
@@ -524,7 +524,10 @@ class Connection(object):
                 self._url += url.virtual_host
         elif not url.hosts:
             host = oslo_messaging.transport.TransportHost('')
-            self._url = self._transform_transport_url(
+            # NOTE(moguimar): default_password in this function's context is
+            #                 a fallback option, not a hardcoded password.
+            #                 username and password are read from host.
+            self._url = self._transform_transport_url(  # nosec
                 url, host, default_username='guest', default_password='guest',
                 default_hostname='localhost')
 
@@ -654,7 +657,9 @@ class Connection(object):
         except KeyError:
             raise RuntimeError("Invalid SSL version : %s" % version)
 
-    def _transform_transport_url(self, url, host, default_username='',
+    # NOTE(moguimar): default_password in this function's context is just
+    #                 a fallback option, not a hardcoded password.
+    def _transform_transport_url(self, url, host, default_username='',  # nosec
                                  default_password='', default_hostname=''):
         transport = url.transport.replace('kombu+', '')
         transport = transport.replace('rabbit', 'amqp')
diff --git a/test-requirements.txt b/test-requirements.txt
index d1cbfdeb8..42a086a08 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -25,7 +25,7 @@ coverage!=4.4,>=4.0 # Apache-2.0
 pyngus>=2.2.0 # Apache-2.0
 
 # Bandit security code scanner
-bandit>=1.1.0,<1.6.0 # Apache-2.0
+bandit>=1.6.0,<1.7.0 # Apache-2.0
 
 eventlet!=0.18.3,!=0.20.1,>=0.18.2 # MIT
 greenlet>=0.4.10 # MIT