Le Fri, Jun 26, 2026 at 09:20:22PM +0200, Caspar Schutijser a écrit : > Hey, > > On Fri, Jun 26, 2026 at 03:45:13PM +0200, landry@openbsd.org wrote: > > here's a quick ('n'dirty?) port for > > https://bandit.readthedocs.io/en/latest/ and its dependency > > https://opendev.org/openstack/stevedore, i've used it on some python > > codebases and it nicely flags potential security issues in the code. > > > > oks/tests/improvements ? > > I tweaked devel/py-stevedore/pkg/DESCR a little bit (remove a stray '_', > add an empty line between the two paragraphs and run it through fmt). > The new file is attached, feel free to use it if you want. > > The indenting of RUN_DEPENDS and TEST_DEPENDS in the bandit Makefile > looks a bit funny, can you fix that? > > make test works fine for the stevedore port, even though there's the > "# missing stestr ?" comment in the Makefile. > https://pypi.org/project/stestr/ suggests that stestr is a tool that can > be used to execute the tests, but apparently the tests also run without? > In that case I guess the comment can be removed. > > In the case of bandit, 3 tests fail because of some missing Python > modules (git, bs4 and sarif_om). Installing py3-beautifulsoup4 solves > the middle one, I'm not sure how to fix the other two. > > Besides that it looks good to me and it works well. thanks for the feedback, i've added the two missing TDEPs we have in ports, now there's only 1 failing test left. I think i've also fixed the other nits, does this look good to import ? thoughts on importing it as security/bandit or security/py-bandit ? Landry
No comments:
Post a Comment