Enable bandit in gate

Bandit is a tool designed to find common security issues in Python code. and pep8 is the usual linter target. So enable it in pep8 target. Change-Id: Ie5e4350cde906c206fd5041e88983678eb37999e
2016-02-29 12:26:43 +08:00 · 2016-02-29 12:26:43 +08:00 · f776ba2757
parent 54d58a7758
commit f776ba2757
3 changed files with 11 additions and 2 deletions
--- a/osprofiler/_utils.py
+++ b/osprofiler/_utils.py
@ -128,7 +128,7 @@ def signed_unpack(data, hmac_data, hmac_keys):
    for hmac_key in hmac_keys:
        try:
            user_hmac_data = generate_hmac(data, hmac_key)
-        except Exception:
+        except Exception:  # nosec
            pass
        else:
            if compare_digest(hmac_data, user_hmac_data):
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -9,3 +9,6 @@ testtools>=1.4.0

 oslosphinx>=2.5.0,!=3.4.0  # Apache-2.0
 sphinx>=1.1.2,!=1.2.0,!=1.3b1,<1.3
+
+# Bandit security code scanner
+bandit>=0.17.3 # Apache-2.0
--- a/tox.ini
+++ b/tox.ini
@ -17,7 +17,10 @@ commands = python setup.py testr --slowest --testr-args='{posargs}'
 distribute = false

 [testenv:pep8]
-commands = flake8
+commands =
+  flake8
+  # Run security linter
+  bandit -r osprofiler -n5
 distribute = false

 [testenv:venv]
@ -30,6 +33,9 @@ commands = python setup.py testr --coverage --testr-args='{posargs}'
 changedir = doc/source
 commands = make html

+[testenv:bandit]
+commands = bandit -r osprofiler -n5
+
 [flake8]
 show-source = true
 builtins = _