Add bandit to pep8 job

Add the bandit security scanner to the pep8 job.
* skip B314,B405
* Don't use '/temp/file'

Change-Id: I5ae66767178d037d312eb2ab0374dd6f137ecc7b

oslo_reports/tests/test_guru_meditation_report.py

@@ -65,7 +65,7 @@ class GmrConfigFixture(fixture.Config):
 
         self.conf.set_override(
             'file_event_handler',
-            '/tmp/file',
+            '/specific/file',
             group='oslo_reports')
         self.conf.set_override(
             'file_event_handler_interval',
@@ -201,7 +201,7 @@ class TestGuruMeditationReport(base.BaseTestCase):
         version = FakeVersionObj()
         gmr.TextGuruMeditation.setup_autorun(version, conf=self.CONF)
         mock_setup_fh.assert_called_once_with(
-            '/tmp/file', 10, version, None, '/var/fake_log')
+            '/specific/file', 10, version, None, '/var/fake_log')
 
     @mock.patch('os.stat')
     @mock.patch('time.sleep')
@@ -215,7 +215,7 @@ class TestGuruMeditationReport(base.BaseTestCase):
             self.CONF.oslo_reports.file_event_handler_interval,
             version, None, self.CONF.oslo_reports.log_dir)
 
-        mock_stat.assert_called_once_with('/tmp/file')
+        mock_stat.assert_called_once_with('/specific/file')
         self.assertEqual(1, mock_thread.called)
 
     @mock.patch('oslo_utils.timeutils.utcnow',

test-requirements.txt

@@ -16,3 +16,6 @@ greenlet>=0.4.10 # MIT
 
 coverage!=4.4,>=4.0 # Apache-2.0
 reno>=2.5.0 # Apache-2.0
+
+# Bandit security code scanner
+bandit>=1.1.0 # Apache-2.0

tox.ini

@@ -11,7 +11,12 @@ install_command = pip install {opts} {packages}
 commands = python setup.py testr --slowest --testr-args='{posargs}'
 
 [testenv:pep8]
-commands = flake8
+deps =
+  -r{toxinidir}/test-requirements.txt
+commands =
+  flake8
+  # Run security linter
+  bandit -r oslo_reports tests -n5 --skip B314,B405
 
 [testenv:venv]
 commands = {posargs}