From e8005cf1f1b128b19760d0892c140d9d3e903cad Mon Sep 17 00:00:00 2001
From: Craig Bryant <craig.bryant@hpe.com>
Date: Thu, 9 Feb 2017 09:04:56 -0700
Subject: [PATCH] Turn on bandit check as part of pep8

Add bandit job as part of pep8 in tox.ini

Had to ignore assert check since those are use for performance in the
validation code. Also, skipped bandit checks of monasca_common/kafka_lib
since that is just a clone of kafka-python and will be deleted in the
future

Change-Id: Ie2e726a8e45ef463c4e863792eed663ee472ed07
---
 test-requirements.txt |  1 +
 tox.ini               | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/test-requirements.txt b/test-requirements.txt
index 5e90e4bf..dc18ef3e 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -2,6 +2,7 @@
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
 # Hacking already pins down pep8, pyflakes and flake8
+bandit>=1.1.0  # Apache-2.0
 hacking<0.12,>=0.11.0 # Apache-2.0
 Babel>=2.3.4 # BSD
 coverage>=4.0 # Apache-2.0
diff --git a/tox.ini b/tox.ini
index 8125f05f..0b6e85fb 100644
--- a/tox.ini
+++ b/tox.ini
@@ -22,11 +22,19 @@ commands =
   nosetests --with-coverage --cover-package=monasca_common/. --cover-erase
 
 [testenv:pep8]
-commands = flake8 monasca_common
+deps =
+  {[testenv]deps}
+commands =
+  {[testenv:flake8]commands}
+  {[bandit]commands}
 
 [testenv:venv]
 commands = {posargs}
 
+[testenv:flake8]
+commands =
+    flake8 monasca_common
+
 [flake8]
 max-complexity = 50
 max-line-length = 120
@@ -37,3 +45,9 @@ show-source = True
 # All of the below ignores are caused by the forked kafka-python library
 # so when monasca migrates to pykafka, the below line can be removed.
 ignore = E121,E126,E127,E128,E131,E221,E226,E241,E251,E261,E302,E303,E501,E701,F401,H101,H102,H301,H304,H306,H404,H405
+
+[bandit]
+commands =
+  # B101(assert_ussed) - Validation uses asserts because of performance reasons
+  # monasca_common/kafka_lib is a clone of kafka-python and will be deleted in the future
+  bandit -r monasca_common -n5 -s B101 -x monasca_common/tests -x monasca_common/kafka_lib