From 834ad176ea34d4d64d4f2a15ac5cc2c0e25c0343 Mon Sep 17 00:00:00 2001
From: jessegler <jess.egler@gmail.com>
Date: Wed, 13 Jun 2018 15:05:52 -0500
Subject: [PATCH] Add bandit to pep8 gate

Neutron uses bandit to detect security issues. This patch adds bandit
to the pep8 gate to automatically lint for security issues in
python-neutronclient.

Change-Id: Ifd8caf65cc89e7d6d6ebc8f58539741cfbab839b
---
 test-requirements.txt | 1 +
 tox.ini               | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/test-requirements.txt b/test-requirements.txt
index 58c378ae7..eb3bcf118 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -3,6 +3,7 @@
 # process, which may cause wedges in the gate later.
 hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
 
+bandit>=1.1.0 # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0
 fixtures>=3.0.0 # Apache-2.0/BSD
 flake8-import-order==0.12 # LGPLv3
diff --git a/tox.ini b/tox.ini
index 2d3cd408d..d534b0cb6 100644
--- a/tox.ini
+++ b/tox.ini
@@ -25,7 +25,9 @@ commands = sh -c "find . -type d -name '.?*' -prune -o \
 whitelist_externals = sh
 
 [testenv:pep8]
-commands = flake8
+commands =
+  flake8
+  {[testenv:bandit]commands}
 distribute = false
 
 [testenv:venv]
@@ -62,6 +64,10 @@ import-order-style = pep8
 # H904: Delay string interpolations at logging calls
 enable-extensions=H904
 
+[testenv:bandit]
+deps = -r{toxinidir}/test-requirements.txt
+commands = bandit -r neutronclient -x tests -n5
+
 [testenv:lower-constraints]
 basepython = python3
 deps =