[WIP][BANDIT] Extended code analysis

Following commit enables bandit to analyse code quality of both API and tempests code Change-Id: I70e964b7f6afddb79b70416c8d99100bfcc8a379
2017-02-02 09:44:41 +01:00 · 2017-02-02 09:44:41 +01:00 · 228c24561b
parent 10c19b6f6f
commit 228c24561b
2 changed files with 9 additions and 0 deletions
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -2,6 +2,7 @@
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
 # Hacking already pins down pep8, pyflakes and flake8
+bandit>=1.1.0  # Apache-2.0
 hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
 Babel>=2.3.4 # BSD
 coverage>=4.0 # Apache-2.0
--- a/tox.ini
+++ b/tox.ini
@ -59,11 +59,19 @@ commands =
    flake8 monasca_api
    flake8 monasca_tempest_tests

+[testenv:bandit]
+commands =
+  # B101(assert_ussed) - API uses asserts because of performance reasons
+  bandit -r monasca_api -n5 -s B101 -x monasca_api/tests
+  # B101(assert_ussed) - asserts in test layers seems appropriate
+  bandit -r monasca_tempest_tests -n5 -s B101
+
 [testenv:pep8]
 deps =
  {[testenv]deps}
 commands =
  {[testenv:flake8]commands}
+  {[testenv:bandit]commands}

 [testenv:venv]
 commands = {posargs}