Accepting request 678408 from home:jayvdb:coala:python3-bears

- Add remove-non-test-deps.patch to remove build dependencies not needed
  to build, including hacking which requires an unavailable version of flake8
- Activate tests
- Use %license
- Remove unnecessary devel build dependency
- Update to v1.5.1

OBS-URL: https://build.opensuse.org/request/show/678408
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bandit?expand=0&rev=1

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

bandit-1.5.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9413facfe9de1e1bd291d525c784e1beb1a55c9916b51dae12979af63a69ba4c
+size 480856

python-bandit.changes

@@ -0,0 +1,47 @@
+-------------------------------------------------------------------
+Mon Feb 11 08:10:09 UTC 2019 - John Vandenberg <jayvdb@gmail.com>
+
+- Add remove-non-test-deps.patch to remove build dependencies not needed
+  to build, including hacking which requires an unavailable version of flake8
+- Activate tests
+- Use %license
+- Remove unnecessary devel build dependency
+- Update to v1.5.1
+  * Fixed crash on dynamic import traversal
+  * New plugin to check for ignoring host keys
+  * Adding test case for traversal crash
+- from 1.5.0
+  * Add Python 3.7 support
+  * Add experimental Python 3.8-dev to test with
+  * Remove the unused integration tests (#285) @ericwb
+  * Show support for Python 3.6 (#288) @ericwb
+  * Remove integration test playbooks (#290) @ericwb
+  * Django sql injection (#292) @ehooo
+  * Add detection for Django XSS (#295) @ehooo
+  * Fast fix for yaml import (#303) @ehooo
+  * Add missing B413 import_pycrypto in README (#308) @ericwb
+  * Add PyCryptodome to import blacklists (#307) @warthog9
+  * Django sql injection (#292) @ehooo
+  * Add detection for Django XSS (#295) @ehooo
+  * Add missing documentation link for B703 (#314) @ericwb
+  * Improve shell (#298) @ehooo
+  * Remove openstack specific utils.exec checks (#328) @ericwb
+  * add os.tempnam() / os.tmpnam() to blacklist (#330) @chair6
+  * Add subprocess.run to B602 (#334) @ericwb
+  * Repair some broken see also links in the doc (#336) @ericwb
+  * Use html.escape() instead of cgi.escape() (#339) @ericwb
+  * Re-enable functional tests as part of CI (#348) @ericwb
+  * Add more_info URL to XML output (#354) @stannum-l
+  * Report dill usage (#347) @calve
+  * Add emojis to issue types (#358) @ericwb
+  * Add more_info URL to text output (#359) @stannum-l
+  * Add more_info URL to screen formatter (#360) @stannum-l
+  * Add support to run bandit as python -m bandit (#363) @rtfpessoa
+  * Add more_info URL to csv formatter (#361) @stannum-l
+  * Add external documentation references (#368) @evqna
+  * Change ver 1.4.1 references to 1.5.0 (#370) @ericwb
+
+-------------------------------------------------------------------
+Thu Nov 16 17:44:23 UTC 2017 - toddrme2178@gmail.com
+
+- Initial version for v1.4.0

python-bandit.spec

@@ -0,0 +1,109 @@
+#
+# spec file for package python-bandit
+#
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+
+%{?!python_module:%define python_module() python-%{**} python3-%{**}}
+# Tests require python-hacking, which isn't compatible with pycodestyle
+%bcond_without  builddocs
+Name:           python-bandit
+Version:        1.5.1
+Release:        0
+License:        Apache-2.0
+Summary:        Security oriented static analyser for Python code
+Url:            https://github.com/PyCQA/bandit
+Group:          Development/Languages/Python
+Source:         https://files.pythonhosted.org/packages/source/b/bandit/bandit-%{version}.tar.gz
+Patch0:         remove-non-test-deps.patch
+BuildRequires:  %{python_module pbr >= 1.8}
+BuildRequires:  %{python_module setuptools}
+BuildRequires:  python-rpm-macros
+BuildRequires:  fdupes
+BuildRequires:  %{python_module GitPython >= 1.0.1}
+BuildRequires:  %{python_module PyYAML >= 3.10.0}
+BuildRequires:  %{python_module beautifulsoup4}
+BuildRequires:  %{python_module fixtures >= 3.0.0}
+BuildRequires:  %{python_module mock >= 2.0}
+BuildRequires:  %{python_module python-subunit >= 0.0.18}
+BuildRequires:  %{python_module six >= 1.9.0}
+BuildRequires:  %{python_module stevedore >= 1.17.1}
+BuildRequires:  %{python_module testrepository >= 0.0.18}
+BuildRequires:  %{python_module testscenarios >= 0.4}
+BuildRequires:  %{python_module testtools >= 1.4.0}
+# doc requirements
+%if %{with builddocs}
+BuildRequires:  %{python_module reno >= 1.8.0}
+BuildRequires:  %{python_module Sphinx >= 1.2.1}
+BuildRequires:  %{python_module oslotest >= 1.10.0}
+BuildRequires:  %{python_module oslosphinx >= 4.7.0}
+%endif
+Requires:       python-GitPython >= 1.0.1
+Requires:       python-PyYAML >= 3.10.0
+Requires:       python-six >= 1.9.0
+Requires:       python-stevedore >= 1.17.1
+BuildArch:      noarch
+Requires(post):   update-alternatives
+Requires(postun):  update-alternatives
+
+%python_subpackages
+
+%description
+Bandit is a tool designed to find common security issues in Python code. To do
+this Bandit processes each file, builds an AST from it, and runs appropriate
+plugins against the AST nodes. Once Bandit has finished scanning all the files
+it generates a report.
+
+%prep
+%setup -q -n bandit-%{version}
+%patch0 -p1
+sed -i '/^#!/d' bandit/__main__.py
+
+%build
+%python_build
+
+%install
+%python_install
+%python_expand %fdupes %{buildroot}%{$python_sitelib}
+%python_clone -a %{buildroot}%{_bindir}/bandit
+%python_clone -a %{buildroot}%{_bindir}/bandit-config-generator
+%python_clone -a %{buildroot}%{_bindir}/bandit-baseline
+# Copy executables to py2/3 build areas, to be used for testing
+%{python_expand mkdir build/bin
+for filepath in %{buildroot}/%{_bindir}/bandit*-%{$python_bin_suffix}; do
+  filename=$(basename $filepath)
+  unsuffixed=${filename/-%{$python_bin_suffix}/}
+  cp $filepath build/bin/$unsuffixed
+done
+}
+
+%check
+%{python_expand export PATH="$(pwd)/build/bin:$PATH"
+$python setup.py test
+}
+
+%post
+%{python_install_alternative bandit bandit-config-generator bandit-baseline }
+
+%postun
+%python_uninstall_alternative bandit
+
+%files %{python_files}
+%license LICENSE
+%doc AUTHORS ChangeLog README.rst
+%python_alternative %{_bindir}/bandit
+%python_alternative %{_bindir}/bandit-config-generator
+%python_alternative %{_bindir}/bandit-baseline
+%{python_sitelib}/*
+
+%changelog

remove-non-test-deps.patch

@@ -0,0 +1,18 @@
+--- bandit-1.5.1.orig/test-requirements.txt	2018-05-03 03:31:37.000000000 +0700
++++ bandit-1.5.1/test-requirements.txt	2019-02-11 13:59:52.547483165 +0700
+@@ -1,15 +1,10 @@
+ # The order of packages is significant, because pip processes them in the order
+ # of appearance. Changing the order has an impact on the overall integration
+ # process, which may cause wedges in the gate later.
+-coverage!=4.4,>=4.0 # Apache-2.0
+ fixtures>=3.0.0 # Apache-2.0/BSD
+-hacking>=1.0.0 # Apache-2.0
+ mock>=2.0.0 # BSD
+ stestr>=1.0.0 # Apache-2.0
+ testscenarios>=0.4 # Apache-2.0/BSD
+ testtools>=2.2.0 # MIT
+-oslotest>=3.2.0 # Apache-2.0
+ 
+ beautifulsoup4>=4.6.0 # MIT
+-
+-pylint==1.4.5 # GPLv2