Bandit release 1.0 stable ------------------------- This milestone release includes a number of major new features, as follow:
- Test IDs: bandit tests are now given unique IDs. These IDs can be used in all situations where a test name would have been used previously (include, exclude, etc). Additionally new CLI options "-t/-s" take a list of test IDs to include or exclude respectively. Terse test IDs are much more convenient then long winded names. Support for referring to tests by name is now deprecated and will be removed in a future version. - Configuration Overhaul: The bandit configuration file is now optional. All test plugins ship with good defaults that will be used if not overridden. The configuration file format has also been re-worked to be much simpler and make good use of the new test IDs. While the old config file format is still supported, it is deprecated and this support will be removed in a future version. Please see the documentation for info on the new format. - Configuration tool: A new style configuration file may be generated using the included configuration generator tool. This contains defaults for all discovered plugins. It provides a good base that can then be hand edited as needed. - Profiles Deprecated: Bandit's configuration files previously contained named lists of test to include and exclude, known as a "profile". This concept has been deprecated in 1.0 and will be removed in future versions when support for legacy configurations is dropped. In place of profiles we encourage adopters to use several separate config files and pick one using the -c command line option. This has the advantage of permitting test configuration defaults to be overridden as needed. Adopters may find that the new -t and -s CLI options completely remove the need for a "profile" or equivalent. - Blacklists: Blacklisted items (function calls, module imports) now have test IDs. Fine control of blacklisting is now possible using these IDs to include or exclude items. A new plugin interface has been created to allow third party adopters to extend blacklist items if desired. Suport for legacy blacklist data is part of the deprecated legacy configuration support. Please see the Configuration Overhaul item. The plugin API, CLI and configuration scheme should now be considered stable. No new version of bandit will break this contract without incrementing the major release number. This release also includes a number of important bug fixes, we encourage adopters to upgrade to bandit 1.0 as soon as they are able. What this means for adopters ---------------------------- In most cases you will simply need to delete your bandit.yaml file and adjust the invocation used in your tox.ini, adding -t or -s options as needed. In more advance scenarios, generating a minimal configuration file using the included config generation tool and tweaking as needed will be sufficient. Finally, new integration tests have been added bandit in an effort to maintain good compatibility with projects using bandit in the gate. The following projects are included: - barbican - glance - keystone - keystonemiddleware - magnum - oslo.config - oslo.log - oslo.service - oslo.utils - python-keystoneclient - python-magnumclient - sahara If your project would like to use bandit and be included in these tests, please contact the bandit team. — Thank you, The bandit dev team __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
