commit c3fa9880264d4486d13fee28519130aa5a162ad5f8ca630a70eaef2eba479ccc Author: Tomáš Chvátal Date: Mon Mar 4 09:09:00 2019 +0000 Accepting request 678408 from home:jayvdb:coala:python3-bears - Add remove-non-test-deps.patch to remove build dependencies not needed to build, including hacking which requires an unavailable version of flake8 - Activate tests - Use %license - Remove unnecessary devel build dependency - Update to v1.5.1 OBS-URL: https://build.opensuse.org/request/show/678408 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bandit?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/bandit-1.5.1.tar.gz b/bandit-1.5.1.tar.gz new file mode 100644 index 0000000..ccc3814 --- /dev/null +++ b/bandit-1.5.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9413facfe9de1e1bd291d525c784e1beb1a55c9916b51dae12979af63a69ba4c +size 480856 diff --git a/python-bandit.changes b/python-bandit.changes new file mode 100644 index 0000000..efce5cc --- /dev/null +++ b/python-bandit.changes @@ -0,0 +1,47 @@ +------------------------------------------------------------------- +Mon Feb 11 08:10:09 UTC 2019 - John Vandenberg + +- Add remove-non-test-deps.patch to remove build dependencies not needed + to build, including hacking which requires an unavailable version of flake8 +- Activate tests +- Use %license +- Remove unnecessary devel build dependency +- Update to v1.5.1 + * Fixed crash on dynamic import traversal + * New plugin to check for ignoring host keys + * Adding test case for traversal crash +- from 1.5.0 + * Add Python 3.7 support + * Add experimental Python 3.8-dev to test with + * Remove the unused integration tests (#285) @ericwb + * Show support for Python 3.6 (#288) @ericwb + * Remove integration test playbooks (#290) @ericwb + * Django sql injection (#292) @ehooo + * Add detection for Django XSS (#295) @ehooo + * Fast fix for yaml import (#303) @ehooo + * Add missing B413 import_pycrypto in README (#308) @ericwb + * Add PyCryptodome to import blacklists (#307) @warthog9 + * Django sql injection (#292) @ehooo + * Add detection for Django XSS (#295) @ehooo + * Add missing documentation link for B703 (#314) @ericwb + * Improve shell (#298) @ehooo + * Remove openstack specific utils.exec checks (#328) @ericwb + * add os.tempnam() / os.tmpnam() to blacklist (#330) @chair6 + * Add subprocess.run to B602 (#334) @ericwb + * Repair some broken see also links in the doc (#336) @ericwb + * Use html.escape() instead of cgi.escape() (#339) @ericwb + * Re-enable functional tests as part of CI (#348) @ericwb + * Add more_info URL to XML output (#354) @stannum-l + * Report dill usage (#347) @calve + * Add emojis to issue types (#358) @ericwb + * Add more_info URL to text output (#359) @stannum-l + * Add more_info URL to screen formatter (#360) @stannum-l + * Add support to run bandit as python -m bandit (#363) @rtfpessoa + * Add more_info URL to csv formatter (#361) @stannum-l + * Add external documentation references (#368) @evqna + * Change ver 1.4.1 references to 1.5.0 (#370) @ericwb + +------------------------------------------------------------------- +Thu Nov 16 17:44:23 UTC 2017 - toddrme2178@gmail.com + +- Initial version for v1.4.0 diff --git a/python-bandit.spec b/python-bandit.spec new file mode 100644 index 0000000..77ff9bf --- /dev/null +++ b/python-bandit.spec @@ -0,0 +1,109 @@ +# +# spec file for package python-bandit +# +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ + +%{?!python_module:%define python_module() python-%{**} python3-%{**}} +# Tests require python-hacking, which isn't compatible with pycodestyle +%bcond_without builddocs +Name: python-bandit +Version: 1.5.1 +Release: 0 +License: Apache-2.0 +Summary: Security oriented static analyser for Python code +Url: https://github.com/PyCQA/bandit +Group: Development/Languages/Python +Source: https://files.pythonhosted.org/packages/source/b/bandit/bandit-%{version}.tar.gz +Patch0: remove-non-test-deps.patch +BuildRequires: %{python_module pbr >= 1.8} +BuildRequires: %{python_module setuptools} +BuildRequires: python-rpm-macros +BuildRequires: fdupes +BuildRequires: %{python_module GitPython >= 1.0.1} +BuildRequires: %{python_module PyYAML >= 3.10.0} +BuildRequires: %{python_module beautifulsoup4} +BuildRequires: %{python_module fixtures >= 3.0.0} +BuildRequires: %{python_module mock >= 2.0} +BuildRequires: %{python_module python-subunit >= 0.0.18} +BuildRequires: %{python_module six >= 1.9.0} +BuildRequires: %{python_module stevedore >= 1.17.1} +BuildRequires: %{python_module testrepository >= 0.0.18} +BuildRequires: %{python_module testscenarios >= 0.4} +BuildRequires: %{python_module testtools >= 1.4.0} +# doc requirements +%if %{with builddocs} +BuildRequires: %{python_module reno >= 1.8.0} +BuildRequires: %{python_module Sphinx >= 1.2.1} +BuildRequires: %{python_module oslotest >= 1.10.0} +BuildRequires: %{python_module oslosphinx >= 4.7.0} +%endif +Requires: python-GitPython >= 1.0.1 +Requires: python-PyYAML >= 3.10.0 +Requires: python-six >= 1.9.0 +Requires: python-stevedore >= 1.17.1 +BuildArch: noarch +Requires(post): update-alternatives +Requires(postun): update-alternatives + +%python_subpackages + +%description +Bandit is a tool designed to find common security issues in Python code. To do +this Bandit processes each file, builds an AST from it, and runs appropriate +plugins against the AST nodes. Once Bandit has finished scanning all the files +it generates a report. + +%prep +%setup -q -n bandit-%{version} +%patch0 -p1 +sed -i '/^#!/d' bandit/__main__.py + +%build +%python_build + +%install +%python_install +%python_expand %fdupes %{buildroot}%{$python_sitelib} +%python_clone -a %{buildroot}%{_bindir}/bandit +%python_clone -a %{buildroot}%{_bindir}/bandit-config-generator +%python_clone -a %{buildroot}%{_bindir}/bandit-baseline +# Copy executables to py2/3 build areas, to be used for testing +%{python_expand mkdir build/bin +for filepath in %{buildroot}/%{_bindir}/bandit*-%{$python_bin_suffix}; do + filename=$(basename $filepath) + unsuffixed=${filename/-%{$python_bin_suffix}/} + cp $filepath build/bin/$unsuffixed +done +} + +%check +%{python_expand export PATH="$(pwd)/build/bin:$PATH" +$python setup.py test +} + +%post +%{python_install_alternative bandit bandit-config-generator bandit-baseline } + +%postun +%python_uninstall_alternative bandit + +%files %{python_files} +%license LICENSE +%doc AUTHORS ChangeLog README.rst +%python_alternative %{_bindir}/bandit +%python_alternative %{_bindir}/bandit-config-generator +%python_alternative %{_bindir}/bandit-baseline +%{python_sitelib}/* + +%changelog diff --git a/remove-non-test-deps.patch b/remove-non-test-deps.patch new file mode 100644 index 0000000..0acd246 --- /dev/null +++ b/remove-non-test-deps.patch @@ -0,0 +1,18 @@ +--- bandit-1.5.1.orig/test-requirements.txt 2018-05-03 03:31:37.000000000 +0700 ++++ bandit-1.5.1/test-requirements.txt 2019-02-11 13:59:52.547483165 +0700 +@@ -1,15 +1,10 @@ + # The order of packages is significant, because pip processes them in the order + # of appearance. Changing the order has an impact on the overall integration + # process, which may cause wedges in the gate later. +-coverage!=4.4,>=4.0 # Apache-2.0 + fixtures>=3.0.0 # Apache-2.0/BSD +-hacking>=1.0.0 # Apache-2.0 + mock>=2.0.0 # BSD + stestr>=1.0.0 # Apache-2.0 + testscenarios>=0.4 # Apache-2.0/BSD + testtools>=2.2.0 # MIT +-oslotest>=3.2.0 # Apache-2.0 + + beautifulsoup4>=4.6.0 # MIT +- +-pylint==1.4.5 # GPLv2