Add exclusion for bandit check B303

Starting in bandit 1.5.0, sha-1 will trip [B303:blacklist] Use of insecure MD2, MD4, MD5, or SHA1 hash function. However, there are surely clusters out there that have users with sha-1-hashed passwords, so we can't simply rip it out. A deprecation period is probably in order, but in the mean time this unblocks the gate. Change-Id: I65ff882b1a1cb52ec522e41baa29e4420cd889bd
2019-05-10 11:03:05 -07:00 · 2019-05-10 11:03:05 -07:00 · e9e8c51a92
commit e9e8c51a92
parent 0c8eaf50a9
1 changed files with 4 additions and 2 deletions
--- a/tox.ini
+++ b/tox.ini
@ -29,10 +29,12 @@ setenv = VIRTUAL_ENV={envdir}
 commands =
    flake8 swauth test
    flake8 --filename=swauth* bin
-    bandit -r swauth -s B309
+    bandit -r swauth -s B303,B309

 [testenv:bandit]
-commands = bandit -r swauth -s B309
+# B303 Use of insecure hash function
+# B309 Use of HTTPSConnection
+commands = bandit -r swauth -s B303,B309

 [testenv:venv]
 commands = {posargs}