Run security linter bandit as part of pep8. Pep8 is the usual linter
target and thus let's use it there instead of starting another node for
this short-running job.
Move bandit requirement to test-requirements.
Disable temporarily some tests in bandit.yaml since they advocate using
defusedxml which is not in global-requirements.txt and thus cannot be
used inside bandit (bug#1550161).
Change-Id: Ie3c9f4ee6e061ea090fa882f4f029f2761706951
Fix all assert problems raised by Bandit. Asserts are potentially
problematic, since Python optimization sometimes removes them, so code
needs to remain safe and functional without the assert.
Two asserts are safe to skip, so they are deleted for improved error
messages. Three asserts are probably necessary, and are converted to
exceptions. Two asserts are probably necessary, and are instead made to
fail safely, and `# nosec` is added to the assert line.
This also enables the assert test in bandit's configuration.
Change-Id: Ic69a204ceb15cac234c6b6bca3d950256a98016d
Partial-bug: 1511862
Set up automated bandit checks using tox. These tests are intended to be
eventually suitable as automated gate tests.
Currently, several tests are disabled (and labeled with a TODO to enable
them). A future commit for each test will enable that test, fix all
associated false positives, and fix all associated real positives.
Change-Id: I290992be027eac180b3a0dfcf601465079c2915c
Partial-bug: 1511862
Erno Kuvaja