Enable bandit

The bandit linter checks for common security-related issues. The setup here is the same as in keystone. Change-Id: Ide2bc772f541d9efbf5e43f42f0893bf7495b24f
2016-04-29 09:03:06 -05:00 · 2016-04-29 09:03:06 -05:00 · 48ec8bfc16
commit 48ec8bfc16
parent c5738b9055
2 changed files with 10 additions and 0 deletions
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -5,6 +5,7 @@
 hacking<0.11,>=0.10.0
 flake8-docstrings==0.2.1.post1 # MIT

+bandit>=1.0.1  # Apache-2.0
 coverage>=3.6 # Apache-2.0
 discover # BSD
 fixtures<2.0,>=1.3.1 # Apache-2.0/BSD
--- a/tox.ini
+++ b/tox.ini
@ -18,6 +18,15 @@ commands = ostestr {posargs}
 [testenv:pep8]
 commands =
  flake8
+  # Run security linter
+  # B110: except: pass
+  # B410: importing etree
+  bandit -r keystoneauth1 -x tests -s B110,B410
+
+[testenv:bandit]
+# NOTE(browne): This is required for the integration test job of the bandit
+# project. Please do not remove.
+commands = bandit -r keystoneauth1 -x tests -s B110,B410

 [testenv:venv]
 commands = {posargs}