Enable checking with bandit

bandit is statically analyzing source code in order to identify potentially security sensitive constructs. Change-Id: Iea7057ccfd68cefea84e23fcd26ae498e6bc6533
2016-12-04 18:22:41 +01:00 · 2016-12-04 18:22:41 +01:00 · 09302e7a31
parent edef047506
commit 09302e7a31
2 changed files with 4 additions and 1 deletions
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -3,7 +3,8 @@
 # process, which may cause wedges in the gate later.

 # Install bounded pep8/pyflakes first, then let flake8 install
-hacking<0.11,>=0.10.2
+hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
+bandit>=1.1.0 # Apache-2.0

 fixtures>=3.0.0 # Apache-2.0/BSD
 coverage>=4.0 # Apache-2.0
--- a/tox.ini
+++ b/tox.ini
@ -25,6 +25,8 @@ commands =
    # Ignore too long lines error E006 from bashate and treat
    # E005, E042 as errors.
    bashate -v -iE006 -eE005,E042 devstack/plugin.sh
+    # FIXME(dmllr); B101 needs to be fixed first
+    bandit -r monasca_log_api -n5 -s B101 -x monasca_log_api/tests

 [testenv:cover]
 setenv =