Removing bandit.yaml in favor of defaults

Removing old configuration options for build-in defaults of latest
bandit functionality. Also, marking flagged items with _# nosec_
with a descriptive comment on why the code is acceptable as is.

Co-Authored-By: Christopher J Schaefer <cjschaef@us.ibm.com>
Co-Authored-By: Tom Cocozzello <tjcocozz@us.ibm.com>

Change-Id: I138ebd46a8be195177361a9c3306bb70423b639d

1 files changed, 3 insertions, 2 deletions

diff --git a/keystoneclient/contrib/auth/v3/saml2.py b/keystoneclient/contrib/auth/v3/saml2.py
index c42d3b6..bc8f11e 100644
--- a/keystoneclient/contrib/auth/v3/saml2.py
+++ b/keystoneclient/contrib/auth/v3/saml2.py
@@ -13,7 +13,7 @@
 import datetime
 import uuid
 
-from lxml import etree
+from lxml import etree  # nosec(cjschaef): used to create xml, not parse it
 from oslo_config import cfg
 from six.moves import urllib
 
@@ -559,7 +559,8 @@ class ADFSUnscopedToken(_BaseSAMLPlugin):
         """
         try:
             return bool(session.cookies)
-        except AttributeError:
+        except AttributeError:  # nosec(cjschaef): fetch cookies from
+            # underylying requests.Session object, or fail trying
             pass
 
         return bool(session.session.cookies)